Windows Analysis Report
$RLG2LCG.exe

Overview

General Information

Sample name:	$RLG2LCG.exe
Analysis ID:	1637283
MD5:	ee003ae0830d79c26807e2efa47876ca
SHA1:	cc9bfcc84baaef110bdcea2928df68a54d9b145b
SHA256:	f02104349d189050713f19392d05af1f3f964e272c3dfe09e7f9580738944365
Infos:

Detection

Score:	24
Range:	0 - 100
Confidence:	40%

Signatures

Found pyInstaller with non standard icon

Creates a process in suspended mode (likely to inject code)

Drops PE files

Found dropped PE file which has not been started or loaded

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Uses 32bit PE files

Source: $RLG2LCG.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSAS

Source: $RLG2LCG.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: services.arcgisonline.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

Uses 32bit PE files

Source: $RLG2LCG.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: sus24.winEXE@20/257@6/13

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File created: C:\Users\user\AppData\Local\DSAS

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File created: C:\Users\user\AppData\Local\Temp\nsr68D3.tmp

Source: $RLG2LCG.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File read: C:\Users\user\Desktop\$RLG2LCG.exe

Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: shfolder.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: twinapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: microsoftaccountwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwritecore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libffi-8.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: pdh.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libssl-3.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wevtapi.dll

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSAS

Source: $RLG2LCG.exe

Static file information: File size 64405939 > 1048576

Source: $RLG2LCG.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe

Process created: "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"

Drops PE files

Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_vode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_trlib\_trlib.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_dpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_fblas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\dfitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nbinom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\binom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_lu_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_shortest_path.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rgi_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_sparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_nd_image.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lbfgsb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_flow.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_odepack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_lapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_wrap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_comb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsq\givens_elimination.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_tools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_min_spanning_tree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_spropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_ansari_swilk_statistics.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ellip_harm_2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_sqrtm_triu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_fitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\transform\_rotation.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_biasedurn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets\speedups.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_ckdtree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsis_tauri_utils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_qmc_cy.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_mvn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_ni_label.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_qhull.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\hypergeom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\python312.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_bglu_dense.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_ccallback_c.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncx2_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_direct.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_cpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\fft\_pocketfft\pypocketfft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_matching.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\skewnorm_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_reordering.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flinalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_sobol.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_lsoda.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_constants.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_voronoi.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\cython_special.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_csparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_unuran\unuran_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_specfun.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_ppoly.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_moduleTNC.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\messagestream.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_update.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_slsqp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_fpumode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs_cxx.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_pava_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\beta_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_expm.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_zeros.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_quadpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_traversal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_group_columns.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_interpolative.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_uarray\_uarray.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_cobyla.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\interpnd.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_dop.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\DSAS\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_blas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_eigen\arpack\_arpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\invgauss_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_bspl.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_cythonized_array_utils.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_zpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_hausdorff.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncf_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy.libs\libopenblas_v0.3.20-571-g3dec11c6-gcc_10_3_0-c2315440d6b6cef5037bad648efc8c59.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rbfinterp_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nct_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_rcont\rcont.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_dsolve\_superlu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_levy_stable\levyst.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_solve_toeplitz.cp312-win_amd64.pyd	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSAS
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSAS\DSAS.lnk

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_trlib\_trlib.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_vode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_dpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_fblas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\dfitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nbinom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_shortest_path.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_lu_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\binom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rgi_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_sparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_nd_image.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_flow.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lbfgsb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_odepack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_lapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_wrap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_comb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_tools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsq\givens_elimination.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_min_spanning_tree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_spropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_ansari_swilk_statistics.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ellip_harm_2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_sqrtm_triu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_fitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\transform\_rotation.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets\speedups.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_biasedurn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_ckdtree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsis_tauri_utils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_qmc_cy.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_mvn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_ni_label.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_qhull.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\hypergeom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\python312.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_bglu_dense.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_ccallback_c.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncx2_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_direct.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_cpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\fft\_pocketfft\pypocketfft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_matching.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\skewnorm_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_reordering.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flinalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_lsoda.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_sobol.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_constants.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_voronoi.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\cython_special.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_csparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_unuran\unuran_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_specfun.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_ppoly.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_moduleTNC.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_update.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\messagestream.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_slsqp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_fpumode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs_cxx.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_pava_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\beta_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_expm.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_zeros.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_traversal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_quadpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_group_columns.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_interpolative.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_cobyla.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_uarray\_uarray.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\interpnd.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_dop.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DSAS\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_blas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_eigen\arpack\_arpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\invgauss_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_bspl.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_cythonized_array_utils.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_zpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_hausdorff.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncf_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rbfinterp_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy.libs\libopenblas_v0.3.20-571-g3dec11c6-gcc_10_3_0-c2315440d6b6cef5037bad648efc8c59.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_rcont\rcont.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_dsolve\_superlu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nct_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_levy_stable\levyst.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_solve_toeplitz.cp312-win_amd64.pyd	Jump to dropped file

Queries keyboard layouts

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\blob_storage\a4bbb3f0-548b-44d4-8109-033347f52fe0 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe

Memory allocated: page read and write | page guard

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=mswebooui,mspdfooui,mssmartscreenprotection --enable-features=mojoipcz --lang=en-gb --mojo-named-platform-channel-pipe=5092.2744.13533932360267444463
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\com.dsas.dev\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\com.dsas.dev\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:1
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=mswebooui,mspdfooui,mssmartscreenprotection --enable-features=mojoipcz --lang=en-gb --mojo-named-platform-channel-pipe=5092.2744.13533932360267444463
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\com.dsas.dev\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\com.dsas.dev\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:1

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\$RLG2LCG.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects\settings.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects\settings.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\ucrtbase.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_socket.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\select.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_bz2.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_lzma.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_wmi.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\pyexpat.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_queue.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil\_psutil_windows.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_ssl.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_asyncio.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_overlapped.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_hashlib.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets\speedups.cp312-win_amd64.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_uuid.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\unicodedata.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects\default_project.json VolumeInformation

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.32.121.8	d3l356eihxfp3l.cloudfront.net	United States	16509	AMAZON-02US	false
13.107.42.16	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
d3l356eihxfp3l.cloudfront.net	13.32.121.8	true
services.arcgisonline.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://chrome.cloudflare-dns.com/dns-query	false		high

Uses 32bit PE files

Source: $RLG2LCG.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSAS

Source: $RLG2LCG.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: services.arcgisonline.com

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

Uses 32bit PE files

Source: $RLG2LCG.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: sus24.winEXE@20/257@6/13

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File created: C:\Users\user\AppData\Local\DSAS

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File created: C:\Users\user\AppData\Local\Temp\nsr68D3.tmp

Source: $RLG2LCG.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\user\Desktop\$RLG2LCG.exe

File read: C:\Users\user\Desktop\$RLG2LCG.exe

Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: shfolder.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Section loaded: twinapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: microsoftaccountwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: dwritecore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libffi-8.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: pdh.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libssl-3.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: libcrypto-3.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Section loaded: wevtapi.dll

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DSAS

Source: $RLG2LCG.exe

Static file information: File size 64405939 > 1048576

Source: $RLG2LCG.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe

Process created: "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"

Drops PE files

Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_vode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_trlib\_trlib.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_dpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_fblas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\dfitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nbinom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\binom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_lu_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_shortest_path.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rgi_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_sparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_nd_image.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lbfgsb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_flow.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_odepack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_lapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_wrap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_comb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsq\givens_elimination.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_tools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_min_spanning_tree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_spropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_ansari_swilk_statistics.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ellip_harm_2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_sqrtm_triu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_fitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\transform\_rotation.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_biasedurn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets\speedups.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_ckdtree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsis_tauri_utils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_qmc_cy.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_mvn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_ni_label.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_qhull.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\hypergeom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\python312.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_bglu_dense.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_ccallback_c.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncx2_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_direct.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_cpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\fft\_pocketfft\pypocketfft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_matching.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\skewnorm_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_reordering.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flinalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_sobol.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_lsoda.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_constants.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_voronoi.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\cython_special.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_csparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_unuran\unuran_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_specfun.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_ppoly.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_moduleTNC.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\messagestream.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_update.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_slsqp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_fpumode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs_cxx.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_pava_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\beta_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_expm.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_zeros.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_quadpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_traversal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_group_columns.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_interpolative.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_uarray\_uarray.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_cobyla.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\interpnd.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_dop.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Local\DSAS\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_blas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_eigen\arpack\_arpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\invgauss_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_bspl.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_cythonized_array_utils.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_zpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_hausdorff.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncf_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy.libs\libopenblas_v0.3.20-571-g3dec11c6-gcc_10_3_0-c2315440d6b6cef5037bad648efc8c59.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rbfinterp_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nct_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_rcont\rcont.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_dsolve\_superlu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_levy_stable\levyst.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_solve_toeplitz.cp312-win_amd64.pyd	Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSAS
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSAS\DSAS.lnk

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_trlib\_trlib.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_vode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_dpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_fblas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\dfitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nbinom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_shortest_path.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_lu_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\binom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rgi_cython.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_sparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_nd_image.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_flow.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lbfgsb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_odepack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_lapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_distance_wrap.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_comb.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_tools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_lsq\givens_elimination.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_min_spanning_tree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_spropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_ansari_swilk_statistics.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ellip_harm_2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_sqrtm_triu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_fitpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack2.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\transform\_rotation.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets\speedups.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_biasedurn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_ckdtree.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\nsis_tauri_utils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_qmc_cy.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_minpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_mvn.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr69BF.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage\_ni_label.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_qhull.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\hypergeom_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\python312.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_bglu_dense.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_ccallback_c.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncx2_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flapack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_direct.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_cpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\fft\_pocketfft\pypocketfft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\fft\_pocketfft_internal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_matching.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\skewnorm_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_reordering.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_flinalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_lsoda.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_sobol.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs\_highs_constants.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_voronoi.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\cython_special.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\_csparsetools.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_unuran\unuran_wrapper.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_specfun.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_ppoly.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_moduleTNC.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_decomp_update.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\messagestream.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_slsqp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_fpumode.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special\_ufuncs_cxx.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_pava_pybind.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\beta_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_matfuncs_expm.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_zeros.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\select.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph\_traversal.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_quadpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_group_columns.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_interpolative.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_cobyla.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib\_uarray\_uarray.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\interpnd.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate\_dop.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\DSAS\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\cython_blas.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_eigen\arpack\_arpack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\invgauss_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_bspl.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_cythonized_array_utils.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack\_zpropack.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial\_hausdorff.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\ncf_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_stats_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate\_rbfinterp_pythran.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy.libs\libopenblas_v0.3.20-571-g3dec11c6-gcc_10_3_0-c2315440d6b6cef5037bad648efc8c59.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_rcont\rcont.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_dsolve\_superlu.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost\nct_ufunc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_levy_stable\levyst.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg\_solve_toeplitz.cp312-win_amd64.pyd	Jump to dropped file

Queries keyboard layouts

Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File Volume queried: C:\Users\user\AppData\Local FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\blob_storage\a4bbb3f0-548b-44d4-8109-033347f52fe0 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	File Volume queried: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\$RLG2LCG.exe	File opened: C:\Users\user\AppData

Source: C:\Users\user\Desktop\$RLG2LCG.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe

Memory allocated: page read and write | page guard

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=mswebooui,mspdfooui,mssmartscreenprotection --enable-features=mojoipcz --lang=en-gb --mojo-named-platform-channel-pipe=5092.2744.13533932360267444463
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\com.dsas.dev\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\com.dsas.dev\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:1
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=mswebooui,mspdfooui,mssmartscreenprotection --enable-features=mojoipcz --lang=en-gb --mojo-named-platform-channel-pipe=5092.2744.13533932360267444463
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\com.dsas.dev\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\com.dsas.dev\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.dsas.dev\ebwebview" --webview-exe-name=dsas.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:1

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\$RLG2LCG.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects\settings.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects\settings.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Queries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\core VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\numpy\random VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\_lib VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\integrate VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\interpolate VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\linalg VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\ndimage VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize\_highs VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\optimize VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\csgraph VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\sparse\linalg\_propack VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\spatial VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\special VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy\stats\_boost VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\scipy VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets-12.0.dist-info VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\ucrtbase.dll VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_socket.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\select.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_bz2.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_lzma.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_wmi.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\pyexpat.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_queue.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\psutil\_psutil_windows.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_ssl.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_asyncio.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_overlapped.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_hashlib.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\websockets\speedups.cp312-win_amd64.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\_uuid.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\base_library.zip VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282 VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI68282\unicodedata.pyd VolumeInformation
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Queries volume information: C:\Users\user\Documents\DSASv6\Projects\default_project.json VolumeInformation

ID:	1637283
Product:	CloudBasic
Start time:	13:39:44
Start date:	13.03.2025
Sample:	$RLG2LCG.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ee003ae0830d79c26807e2efa47876ca
SHA1:	cc9bfcc84baaef110bdcea2928df68a54d9b145b
SHA256:	f02104349d189050713f19392d05af1f3f964e272c3dfe09e7f9580738944365
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
$RLG2LCG.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Source: unknown	Process created: C:\Users\user\Desktop\$RLG2LCG.exe "C:\Users\user\Desktop\$RLG2LCG.exe"
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process created: C:\Users\user\AppData\Local\DSAS\DSAS.exe "C:\Users\user\AppData\Local\DSAS\DSAS.exe"
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-GB --mojo-named-platform-channel-pipe=5092.2744.13533932360267444463
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\$RLG2LCG.exe	Process created: C:\Users\user\AppData\Local\DSAS\DSAS.exe "C:\Users\user\AppData\Local\DSAS\DSAS.exe"
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-GB --mojo-named-platform-channel-pipe=5092.2744.13533932360267444463
Source: C:\Users\user\AppData\Local\DSAS\DSAS.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.dsas.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7fffed878e88,0x7fffed878e98,0x7fffed878ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1764 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2408 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe	Process created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.dsas.dev\EBWebView" --webview-exe-name=DSAS.exe --webview-exe-version=6.0.170 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1741865589753995 --launch-time-ticks=4081372043 --mojo-platform-channel-handle=3296 --field-trial-handle=1768,i,11117290243945760741,12236703603346677188,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"
Source: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe	Process created: C:\Users\user\AppData\Local\DSAS\usgs_rates.exe "\\?\C:\Users\user\AppData\Local\DSAS\usgs_rates.exe"

Windows Analysis Report $RLG2LCG.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
$RLG2LCG.exe