Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pered.exe

Overview

General Information

Sample name:pered.exe
Analysis ID:1639408
MD5:7f331205c427958d23177495978ab4a8
SHA1:33f517ef548b84bfa13368a09490db07a2fbe28b
SHA256:9995ddb370cd7482f77f0c4526a7bca10ef0f66d74aba01c2b5c455860397964
Tags:exeuser-aachum
Infos:

Detection

Score:68
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Contains functionality to infect the boot sector
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • pered.exe (PID: 3976 cmdline: "C:\Users\user\Desktop\pered.exe" MD5: 7F331205C427958D23177495978AB4A8)
    • pered.exe (PID: 4352 cmdline: "C:\Users\user\Desktop\pered.exe" MD5: 7F331205C427958D23177495978AB4A8)
      • cmd.exe (PID: 4484 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Communication To Uncommon Destination Ports
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 2.59.41.142, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\pered.exe, Initiated: true, ProcessId: 4352, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49695

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://2.59.41.142:8080/files.zipAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: pered.exeReversingLabs: Detection: 30%
Source: pered.exeVirustotal: Detection: 32%Perma Link
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.4% probability
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A37D40 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,3_2_70A37D40
Source: pered.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDabX9_62_CURVEfieldIDcurvebaseordercofactorECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.2built on: Tue Jun 4 16:20:25 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.1.dr
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-ndysxfi8\src\rust\target\release\deps\cryptography_rust.pdbo source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216308053.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216567317.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: D:\a\bcrypt\bcrypt\bcrypt-4.0.1\src\_bcrypt\target\x86_64-pc-windows-msvc\release\deps\bcrypt_rust.pdb source: _bcrypt.pyd.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: ucrtbase.pdb source: pered.exe, 00000003.00000002.2470098917.00007FF8EBA7A000.00000002.00000001.01000000.00000007.sdmp, ucrtbase.dll.1.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214768147.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: pered.exe, 00000001.00000003.1223892048.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465923894.000002F345CC0000.00000002.00000001.01000000.0000000A.sdmp, python3.dll.1.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216662639.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: pered.exe, 00000003.00000002.2469351050.00007FF8EB103000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470748524.00007FF8FD8CC000.00000002.00000001.01000000.00000017.sdmp, _lzma.pyd.1.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215439050.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470748524.00007FF8FD8CC000.00000002.00000001.01000000.00000017.sdmp, _lzma.pyd.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213524271.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: pered.exe, 00000001.00000003.1226631851.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471625978.00007FF900143000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: pered.exe, 00000001.00000003.1227534684.000001073215B000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2468303002.00007FF8EA99C000.00000002.00000001.01000000.0000001A.sdmp, unicodedata.pyd.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: pered.exe, 00000003.00000002.2470360734.00007FF8EBD65000.00000002.00000001.01000000.00000012.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215966925.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: pered.exe, 00000003.00000002.2471106958.00007FF8FD9CD000.00000002.00000001.01000000.00000010.sdmp, _ssl.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: pered.exe, 00000001.00000003.1210407658.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471747115.00007FF900201000.00000002.00000001.01000000.00000009.sdmp, VCRUNTIME140.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215187472.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: ucrtbase.pdbUGP source: pered.exe, 00000003.00000002.2470098917.00007FF8EBA7A000.00000002.00000001.01000000.00000007.sdmp, ucrtbase.dll.1.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216844290.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.1.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213982930.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: pered.exe, 00000003.00000002.2470360734.00007FF8EBD65000.00000002.00000001.01000000.00000012.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214934418.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: pered.exe, 00000003.00000002.2468937989.00007FF8EACCF000.00000002.00000001.01000000.00000011.sdmp, libcrypto-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213346820.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: pered.exe, 00000003.00000002.2471514525.00007FF8FF8B0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: pered.exe, 00000001.00000003.1212881473.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471239251.00007FF8FDA93000.00000002.00000001.01000000.00000015.sdmp, _queue.pyd.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: pered.exe, 00000001.00000003.1214429483.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216391129.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: pered.exe, 00000003.00000002.2468937989.00007FF8EACCF000.00000002.00000001.01000000.00000011.sdmp, libcrypto-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216928811.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215265173.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215707322.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215348102.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216479891.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471423588.00007FF8FDAB8000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.1.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: pered.exe, 00000001.00000003.1211541980.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470979132.00007FF8FD9AD000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: pered.exe, 00000001.00000003.1212225421.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471331088.00007FF8FDAA6000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.1.dr
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-ndysxfi8\src\rust\target\release\deps\cryptography_rust.pdb source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: pered.exe, 00000003.00000002.2468937989.00007FF8EAD51000.00000002.00000001.01000000.00000011.sdmp, libcrypto-1_1.dll.1.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216757502.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B9280 FindFirstFileExW,FindClose,1_2_00007FF6C16B9280
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6C16B83C0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6C16D1874
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B9280 FindFirstFileExW,FindClose,3_2_00007FF6C16B9280
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF6C16B83C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF6C16D1874
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA83229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,3_2_00007FF8EAA83229
Source: C:\Users\user\Desktop\pered.exeCode function: 4x nop then push rbp3_2_70A2B990
Source: C:\Users\user\Desktop\pered.exeCode function: 4x nop then push rbp3_2_70A2B990
Source: global trafficTCP traffic: 192.168.2.6:49695 -> 2.59.41.142:8080
Source: unknownTCP traffic detected without corresponding DNS query: 2.59.41.142
Source: unknownTCP traffic detected without corresponding DNS query: 2.59.41.142
Source: unknownTCP traffic detected without corresponding DNS query: 2.59.41.142
Source: unknownTCP traffic detected without corresponding DNS query: 2.59.41.142
Source: unknownTCP traffic detected without corresponding DNS query: 2.59.41.142
Source: global trafficHTTP traffic detected: GET /files.zip HTTP/1.1Host: 2.59.41.142:8080User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: pered.exe, 00000003.00000002.2466845846.000002F346440000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: pered.exe, 00000003.00000002.2468551407.00007FF8EAA05000.00000002.00000001.01000000.00000013.sdmp, _brotli.cp310-win_amd64.pyd.1.drString found in binary or memory: http://.css
Source: pered.exe, 00000003.00000002.2468551407.00007FF8EAA05000.00000002.00000001.01000000.00000013.sdmp, _brotli.cp310-win_amd64.pyd.1.drString found in binary or memory: http://.jpg
Source: pered.exe, 00000003.00000002.2467838894.000002F346BA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://2.59.41.142:8080/files.zip
Source: pered.exe, 00000003.00000002.2466090446.000002F345DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://2.59.41.142:8080/files.zip39762
Source: pered.exe, 00000003.00000003.1245604860.000002F345C33000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466202036.000002F345EF0000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://2.59.41.142:8080/files.zipz
Source: pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: pered.exe, 00000001.00000003.1214429483.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215707322.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213346820.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216391129.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213346820.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: pered.exe, 00000001.00000003.1214429483.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216391129.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227534684.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: pered.exe, 00000001.00000003.1227094173.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227012209.0000010732159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.d
Source: pered.exe, 00000001.00000003.1227094173.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227012209.0000010732159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.dZ
Source: pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215265173.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216928811.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214768147.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216308053.0000010732151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.co
Source: pered.exe, 00000001.00000003.1214429483.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215707322.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213346820.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216391129.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssur
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213346820.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: api-ms-win-core-util-l1-1-0.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.dig
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: pered.exe, 00000001.00000003.1227094173.0000010732153000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: pered.exe, 00000003.00000002.2467474514.000002F346950000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466202036.000002F345FAC000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: pered.exe, 00000003.00000002.2468551407.00007FF8EAA05000.00000002.00000001.01000000.00000013.sdmp, _brotli.cp310-win_amd64.pyd.1.drString found in binary or memory: http://html4/loose.dtd
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: pered.exe, 00000003.00000002.2466954704.000002F346550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: pered.exe, 00000001.00000003.1214429483.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216391129.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227534684.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: pered.exe, 00000001.00000003.1215707322.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213346820.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216391129.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216567317.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213346820.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1224448198.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: pered.exe, 00000003.00000002.2466746308.000002F346310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216757502.000001073215E000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1227635417.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223911394.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: pered.exe, 00000003.00000002.2466202036.000002F345FAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: _cffi_backend.cp310-win_amd64.pyd.1.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: pered.exe, 00000003.00000002.2466746308.000002F346310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appuser/docs/standard/runtimes
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io
Source: METADATA.1.drString found in binary or memory: https://cryptography.io/
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: _rust.pyd.1.drString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345780000.00000004.00001000.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345780000.00000004.00001000.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345780000.00000004.00001000.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235795093.000002F343BCE000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: pered.exe, 00000003.00000002.2467062482.000002F34675D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466746308.000002F346310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: pered.exe, 00000003.00000002.2465737052.000002F345BC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/bl
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1237074089.000002F343C00000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1237272690.000002F343C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.1.dr, _rust.pyd.1.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: _rust.pyd.1.drString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: _rust.pyd.1.drString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465302697.000002F345808000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: pered.exe, 00000003.00000003.1237272690.000002F343C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1237074089.000002F343C00000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1237272690.000002F343C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1237074089.000002F343C00000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235751964.000002F343C39000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1235735961.000002F345BC1000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000003.1237272690.000002F343C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: pered.exe, 00000003.00000002.2466617787.000002F346210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: pered.exe, 00000003.00000002.2466617787.000002F346210000.00000004.00001000.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466202036.000002F345EF0000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2467062482.000002F346706000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: pered.exe, 00000003.00000003.1245604860.000002F345C33000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: pered.exe, 00000003.00000002.2466954704.000002F346550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: pered.exe, 00000003.00000002.2469351050.00007FF8EB103000.00000002.00000001.01000000.00000008.sdmp, python310.dll.1.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: pered.exe, 00000001.00000003.1218631479.0000010732156000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: pered.exe, 00000003.00000003.1245604860.000002F345C33000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2467605171.000002F346A9C000.00000004.00001000.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: pered.exe, 00000003.00000002.2466202036.000002F345FAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466202036.000002F34607A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: pered.exe, 00000003.00000002.2466090446.000002F345DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: pered.exe, 00000003.00000002.2466090446.000002F345DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: pered.exe, 00000003.00000002.2466090446.000002F345DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings.
Source: pered.exe, 00000003.00000002.2466090446.000002F345DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: pered.exe, 00000003.00000002.2464747367.000002F343B86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: pered.exe, 00000001.00000003.1218477874.0000010732153000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drString found in binary or memory: https://www.apache.org/licenses/
Source: pered.exe, 00000001.00000003.1218445307.0000010732161000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1218477874.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1218532298.0000010732161000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: pered.exe, 00000001.00000003.1222648410.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732160000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222648410.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1222565945.000001073215D000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223645870.0000010732153000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223428900.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000001.00000003.1223455496.0000010732160000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470481268.00007FF8EBD9A000.00000002.00000001.01000000.00000012.sdmp, pered.exe, 00000003.00000002.2469128562.00007FF8EADC7000.00000002.00000001.01000000.00000011.sdmp, libssl-1_1.dll.1.dr, libcrypto-1_1.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: pered.exe, 00000003.00000003.1245604860.000002F345C33000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465737052.000002F345C22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: pered.exe, 00000003.00000002.2466954704.000002F346550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: pered.exe, 00000001.00000003.1217080999.0000010732151000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2466090446.000002F345DF0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.1.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: pered.exe, 00000003.00000002.2465302697.000002F345780000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.1.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,3_2_70A708E0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A22B90: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy,3_2_70A22B90
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D69641_2_00007FF6C16D6964
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B89E01_2_00007FF6C16B89E0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D5C001_2_00007FF6C16D5C00
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D08C81_2_00007FF6C16D08C8
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B10001_2_00007FF6C16B1000
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16CDA5C1_2_00007FF6C16CDA5C
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BA2DB1_2_00007FF6C16BA2DB
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C39A41_2_00007FF6C16C39A4
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C21641_2_00007FF6C16C2164
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C19441_2_00007FF6C16C1944
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BACAD1_2_00007FF6C16BACAD
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BA47B1_2_00007FF6C16BA47B
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C5D301_2_00007FF6C16C5D30
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C1B501_2_00007FF6C16C1B50
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D08C81_2_00007FF6C16D08C8
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D64181_2_00007FF6C16D6418
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C2C101_2_00007FF6C16C2C10
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D3C101_2_00007FF6C16D3C10
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C9EA01_2_00007FF6C16C9EA0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D5E7C1_2_00007FF6C16D5E7C
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D97281_2_00007FF6C16D9728
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16CDEF01_2_00007FF6C16CDEF0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C35A01_2_00007FF6C16C35A0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16CE5701_2_00007FF6C16CE570
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C1D541_2_00007FF6C16C1D54
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D40AC1_2_00007FF6C16D40AC
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D18741_2_00007FF6C16D1874
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C80E41_2_00007FF6C16C80E4
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C87941_2_00007FF6C16C8794
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C1F601_2_00007FF6C16C1F60
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16C17401_2_00007FF6C16C1740
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B98001_2_00007FF6C16B9800
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6FC003_2_70A6FC00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A0E6F03_2_70A0E6F0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A0A7B03_2_70A0A7B0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3E8D03_2_70A3E8D0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6C8653_2_70A6C865
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A348703_2_70A34870
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3B1A03_2_70A3B1A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A2B9903_2_70A2B990
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A419903_2_70A41990
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A249F03_2_70A249F0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A311C03_2_70A311C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A7E1603_2_70A7E160
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A31A803_2_70A31A80
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6D2803_2_70A6D280
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A29AC03_2_70A29AC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A0F2203_2_70A0F220
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A962303_2_70A96230
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A262003_2_70A26200
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A38A103_2_70A38A10
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6EA103_2_70A6EA10
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A7DA403_2_70A7DA40
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A013E03_2_70A013E0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A26BC03_2_70A26BC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A433203_2_70A43320
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A223603_2_70A22360
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3CB703_2_70A3CB70
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A36B503_2_70A36B50
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A403503_2_70A40350
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3E4B03_2_70A3E4B0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A39CF03_2_70A39CF0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A56C323_2_70A56C32
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3D4503_2_70A3D450
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A435A03_2_70A435A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6DDA03_2_70A6DDA0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A235903_2_70A23590
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A5DD903_2_70A5DD90
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A76DE03_2_70A76DE0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A26D603_2_70A26D60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3AD603_2_70A3AD60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A7D5603_2_70A7D560
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A225403_2_70A22540
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A35EA03_2_70A35EA0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A37EC03_2_70A37EC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A07E203_2_70A07E20
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A18E403_2_70A18E40
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6BF803_2_70A6BF80
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A0F7C03_2_70A0F7C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A56FC03_2_70A56FC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A6B7C03_2_70A6B7C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A3CF603_2_70A3CF60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A357403_2_70A35740
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D69643_2_00007FF6C16D6964
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D5C003_2_00007FF6C16D5C00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B10003_2_00007FF6C16B1000
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16CDA5C3_2_00007FF6C16CDA5C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16BA2DB3_2_00007FF6C16BA2DB
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C39A43_2_00007FF6C16C39A4
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C21643_2_00007FF6C16C2164
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C19443_2_00007FF6C16C1944
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B89E03_2_00007FF6C16B89E0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16BACAD3_2_00007FF6C16BACAD
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16BA47B3_2_00007FF6C16BA47B
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C5D303_2_00007FF6C16C5D30
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C1B503_2_00007FF6C16C1B50
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D08C83_2_00007FF6C16D08C8
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D64183_2_00007FF6C16D6418
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C2C103_2_00007FF6C16C2C10
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D3C103_2_00007FF6C16D3C10
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C9EA03_2_00007FF6C16C9EA0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D5E7C3_2_00007FF6C16D5E7C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D97283_2_00007FF6C16D9728
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16CDEF03_2_00007FF6C16CDEF0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C35A03_2_00007FF6C16C35A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16CE5703_2_00007FF6C16CE570
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C1D543_2_00007FF6C16C1D54
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D40AC3_2_00007FF6C16D40AC
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D18743_2_00007FF6C16D1874
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C80E43_2_00007FF6C16C80E4
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D08C83_2_00007FF6C16D08C8
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C87943_2_00007FF6C16C8794
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C1F603_2_00007FF6C16C1F60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16C17403_2_00007FF6C16C1740
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B98003_2_00007FF6C16B9800
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA8919303_2_00007FF8EA891930
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA8912F03_2_00007FF8EA8912F0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9B5BA03_2_00007FF8EA9B5BA0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9C69A03_2_00007FF8EA9C69A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA009A03_2_00007FF8EAA009A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9D9D903_2_00007FF8EA9D9D90
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DF9E03_2_00007FF8EA9DF9E0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E41E03_2_00007FF8EA9E41E0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F6FC03_2_00007FF8EA9F6FC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9C29D03_2_00007FF8EA9C29D0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DF5D03_2_00007FF8EA9DF5D0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9BDF203_2_00007FF8EA9BDF20
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9BB3003_2_00007FF8EA9BB300
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E27003_2_00007FF8EA9E2700
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9FB7103_2_00007FF8EA9FB710
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9B3D603_2_00007FF8EA9B3D60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9BA5603_2_00007FF8EA9BA560
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA01B603_2_00007FF8EAA01B60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9FDB703_2_00007FF8EA9FDB70
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9BC9403_2_00007FF8EA9BC940
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E6F403_2_00007FF8EA9E6F40
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9FC3403_2_00007FF8EA9FC340
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9C47503_2_00007FF8EA9C4750
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F7D503_2_00007FF8EA9F7D50
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F7AA03_2_00007FF8EA9F7AA0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E0EB03_2_00007FF8EA9E0EB0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9FFEB03_2_00007FF8EA9FFEB0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F94B03_2_00007FF8EA9F94B0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E12903_2_00007FF8EA9E1290
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DE0903_2_00007FF8EA9DE090
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E46903_2_00007FF8EA9E4690
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E2AE03_2_00007FF8EA9E2AE0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DC8E03_2_00007FF8EA9DC8E0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9C58F03_2_00007FF8EA9C58F0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F08F03_2_00007FF8EA9F08F0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9B66C03_2_00007FF8EA9B66C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E68C03_2_00007FF8EA9E68C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DB6203_2_00007FF8EA9DB620
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA022303_2_00007FF8EAA02230
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9CBA003_2_00007FF8EA9CBA00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E5C003_2_00007FF8EA9E5C00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F06003_2_00007FF8EA9F0600
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9FF4003_2_00007FF8EA9FF400
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DA8103_2_00007FF8EA9DA810
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9F76603_2_00007FF8EA9F7660
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9FE8603_2_00007FF8EA9FE860
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9B20703_2_00007FF8EA9B2070
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9C7E703_2_00007FF8EA9C7E70
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9DB2703_2_00007FF8EA9DB270
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9B786B3_2_00007FF8EA9B786B
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA9E74503_2_00007FF8EA9E7450
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAC22C403_2_00007FF8EAC22C40
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA85DA33_2_00007FF8EAA85DA3
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA84E4E3_2_00007FF8EAA84E4E
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA860DC3_2_00007FF8EAA860DC
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA85E253_2_00007FF8EAA85E25
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA823F13_2_00007FF8EAA823F1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA846333_2_00007FF8EAA84633
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA872C53_2_00007FF8EAA872C5
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA81B223_2_00007FF8EAA81B22
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA9EF003_2_00007FF8EAA9EF00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8213F3_2_00007FF8EAA8213F
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA9F0603_2_00007FF8EAA9F060
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA85B0F3_2_00007FF8EAA85B0F
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAB62EB03_2_00007FF8EAB62EB0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA84D043_2_00007FF8EAA84D04
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA834863_2_00007FF8EAA83486
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EABB63103_2_00007FF8EABB6310
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA81B313_2_00007FF8EAA81B31
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA847463_2_00007FF8EAA84746
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA843593_2_00007FF8EAA84359
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8378D3_2_00007FF8EAA8378D
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA857D13_2_00007FF8EAA857D1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86FFF3_2_00007FF8EAA86FFF
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA81CC13_2_00007FF8EAA81CC1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EABB28503_2_00007FF8EABB2850
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAC0E8703_2_00007FF8EAC0E870
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8707C3_2_00007FF8EAA8707C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA836933_2_00007FF8EAA83693
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA85A603_2_00007FF8EAA85A60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA81A4B3_2_00007FF8EAA81A4B
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAC37BC03_2_00007FF8EAC37BC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAC23B803_2_00007FF8EAC23B80
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8655F3_2_00007FF8EAA8655F
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EABB7CD03_2_00007FF8EABB7CD0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA860A03_2_00007FF8EAA860A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA821B73_2_00007FF8EAA821B7
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86A873_2_00007FF8EAA86A87
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA83FDA3_2_00007FF8EAA83FDA
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA841653_2_00007FF8EAA84165
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAAEFA003_2_00007FF8EAAEFA00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA827663_2_00007FF8EAA82766
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA822893_2_00007FF8EAA82289
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA9BF203_2_00007FF8EAA9BF20
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA84C373_2_00007FF8EAA84C37
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA841013_2_00007FF8EAA84101
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EABB00103_2_00007FF8EABB0010
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA830C13_2_00007FF8EAA830C1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA9BD603_2_00007FF8EAA9BD60
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA832E73_2_00007FF8EAA832E7
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86EF13_2_00007FF8EAA86EF1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86CBC3_2_00007FF8EAA86CBC
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA851693_2_00007FF8EAA85169
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EABB74F03_2_00007FF8EABB74F0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA83B933_2_00007FF8EAA83B93
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAAAB4C03_2_00007FF8EAAAB4C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA85D8A3_2_00007FF8EAA85D8A
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8114F3_2_00007FF8EAA8114F
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA829CD3_2_00007FF8EAA829CD
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA9F2003_2_00007FF8EAA9F200
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EABBB2003_2_00007FF8EABBB200
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EACBF7D03_2_00007FF8EACBF7D0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA81EA13_2_00007FF8EAA81EA1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8704A3_2_00007FF8EAA8704A
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA822E83_2_00007FF8EAA822E8
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86F283_2_00007FF8EAA86F28
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAAAB8503_2_00007FF8EAAAB850
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA82FCC3_2_00007FF8EAA82FCC
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAC34BC03_2_00007FF8EAC34BC0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA84C143_2_00007FF8EAA84C14
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA82D743_2_00007FF8EAA82D74
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86D5C3_2_00007FF8EAA86D5C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA84B563_2_00007FF8EAA84B56
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA811CC3_2_00007FF8EAA811CC
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8275C3_2_00007FF8EAA8275C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA822AC3_2_00007FF8EAA822AC
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8177B3_2_00007FF8EAA8177B
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA84A533_2_00007FF8EAA84A53
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA86EBF3_2_00007FF8EAA86EBF
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA865A03_2_00007FF8EAA865A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8362F3_2_00007FF8EAA8362F
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA844033_2_00007FF8EAA84403
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA810AA3_2_00007FF8EAA810AA
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA811403_2_00007FF8EAA81140
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA8144C3_2_00007FF8EAA8144C
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA82A04 appears 71 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 70A96380 appears 31 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF6C16B2710 appears 104 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA81EF1 appears 854 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA84057 appears 460 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF6C16B2910 appears 34 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA8483B appears 73 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 70A968F0 appears 192 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA824B9 appears 54 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA82734 appears 299 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 00007FF8EAA8300D appears 50 times
Source: C:\Users\user\Desktop\pered.exeCode function: String function: 70A2D050 appears 325 times
Source: unicodedata.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _pytransform.dll.1.drStatic PE information: Number of sections : 11 > 10
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: python3.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213111850.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1212044225.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1211841376.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1227534684.000001073215B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1226631851.0000010732159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1216567317.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1212881473.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216757502.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213346820.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215265173.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216844290.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1212225421.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1223892048.0000010732159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs pered.exe
Source: pered.exe, 00000001.00000003.1211541980.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs pered.exe
Source: pered.exe, 00000001.00000003.1214934418.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1223625175.0000010732159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs pered.exe
Source: pered.exe, 00000001.00000003.1216928811.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1210407658.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs pered.exe
Source: pered.exe, 00000001.00000003.1214768147.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213524271.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1214429483.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215439050.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215707322.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215187472.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215966925.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1213982930.0000010732150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216479891.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1227012209.0000010732159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs pered.exe
Source: pered.exe, 00000001.00000003.1215348102.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216391129.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216308053.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exe, 00000001.00000003.1216662639.0000010732151000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs pered.exe
Source: pered.exeBinary or memory string: OriginalFilename vs pered.exe
Source: pered.exe, 00000003.00000002.2471186626.00007FF8FD9E5000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2471034861.00007FF8FD9B2000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2471371089.00007FF8FDAAD000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2470825501.00007FF8FD8D5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2470481268.00007FF8EBD9A000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibsslH vs pered.exe
Source: pered.exe, 00000003.00000002.2471567383.00007FF8FF8BB000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2465923894.000002F345CC0000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs pered.exe
Source: pered.exe, 00000003.00000002.2469128562.00007FF8EADC7000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs pered.exe
Source: pered.exe, 00000003.00000002.2469913684.00007FF8EB220000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs pered.exe
Source: pered.exe, 00000003.00000002.2470194001.00007FF8EBAB5000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs pered.exe
Source: pered.exe, 00000003.00000002.2471794082.00007FF900207000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs pered.exe
Source: pered.exe, 00000003.00000002.2471664490.00007FF900146000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2468477128.00007FF8EA9A1000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2471459077.00007FF8FDAC2000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs pered.exe
Source: pered.exe, 00000003.00000002.2471274595.00007FF8FDA96000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs pered.exe
Source: classification engineClassification label: mal68.evad.winEXE@6/72@0/1
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A224D0 GetLastError,FormatMessageA,LocalFree,3_2_70A224D0
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Roaming\SuhJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:424:120:WilError_03
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762Jump to behavior
Source: pered.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\pered.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: pered.exeReversingLabs: Detection: 30%
Source: pered.exeVirustotal: Detection: 32%
Source: C:\Users\user\Desktop\pered.exeFile read: C:\Users\user\Desktop\pered.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\pered.exe "C:\Users\user\Desktop\pered.exe"
Source: C:\Users\user\Desktop\pered.exeProcess created: C:\Users\user\Desktop\pered.exe "C:\Users\user\Desktop\pered.exe"
Source: C:\Users\user\Desktop\pered.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\pered.exeProcess created: C:\Users\user\Desktop\pered.exe "C:\Users\user\Desktop\pered.exe"Jump to behavior
Source: C:\Users\user\Desktop\pered.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\pered.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: pered.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: pered.exeStatic file information: File size 11496594 > 1048576
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: pered.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: pered.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDabX9_62_CURVEfieldIDcurvebaseordercofactorECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeyossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.2.2built on: Tue Jun 4 16:20:25 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.1.dr
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-ndysxfi8\src\rust\target\release\deps\cryptography_rust.pdbo source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216308053.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216567317.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: D:\a\bcrypt\bcrypt\bcrypt-4.0.1\src\_bcrypt\target\x86_64-pc-windows-msvc\release\deps\bcrypt_rust.pdb source: _bcrypt.pyd.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: pered.exe, 00000001.00000003.1213690839.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: ucrtbase.pdb source: pered.exe, 00000003.00000002.2470098917.00007FF8EBA7A000.00000002.00000001.01000000.00000007.sdmp, ucrtbase.dll.1.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214768147.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213443495.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215617413.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216150244.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: pered.exe, 00000001.00000003.1223892048.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2465923894.000002F345CC0000.00000002.00000001.01000000.0000000A.sdmp, python3.dll.1.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216662639.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: pered.exe, 00000003.00000002.2469351050.00007FF8EB103000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214054863.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215800841.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470748524.00007FF8FD8CC000.00000002.00000001.01000000.00000017.sdmp, _lzma.pyd.1.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215439050.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216062879.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: pered.exe, 00000001.00000003.1212344231.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470748524.00007FF8FD8CC000.00000002.00000001.01000000.00000017.sdmp, _lzma.pyd.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213524271.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: pered.exe, 00000001.00000003.1226631851.0000010732159000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471625978.00007FF900143000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215013368.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: pered.exe, 00000001.00000003.1227534684.000001073215B000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2468303002.00007FF8EA99C000.00000002.00000001.01000000.0000001A.sdmp, unicodedata.pyd.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213253152.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213606131.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: pered.exe, 00000003.00000002.2470360734.00007FF8EBD65000.00000002.00000001.01000000.00000012.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215966925.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: pered.exe, 00000003.00000002.2471106958.00007FF8FD9CD000.00000002.00000001.01000000.00000010.sdmp, _ssl.pyd.1.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: pered.exe, 00000001.00000003.1210407658.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471747115.00007FF900201000.00000002.00000001.01000000.00000009.sdmp, VCRUNTIME140.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215187472.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.1.dr
Source: Binary string: ucrtbase.pdbUGP source: pered.exe, 00000003.00000002.2470098917.00007FF8EBA7A000.00000002.00000001.01000000.00000007.sdmp, ucrtbase.dll.1.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216844290.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.1.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213982930.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: pered.exe, 00000001.00000003.1215527867.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: pered.exe, 00000003.00000002.2470360734.00007FF8EBD65000.00000002.00000001.01000000.00000012.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214934418.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: pered.exe, 00000003.00000002.2468937989.00007FF8EACCF000.00000002.00000001.01000000.00000011.sdmp, libcrypto-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: pered.exe, 00000001.00000003.1213346820.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215881494.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: pered.exe, 00000003.00000002.2471514525.00007FF8FF8B0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: pered.exe, 00000001.00000003.1212881473.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471239251.00007FF8FDA93000.00000002.00000001.01000000.00000015.sdmp, _queue.pyd.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: pered.exe, 00000001.00000003.1214429483.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216391129.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: pered.exe, 00000001.00000003.1215109092.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: pered.exe, 00000003.00000002.2468937989.00007FF8EACCF000.00000002.00000001.01000000.00000011.sdmp, libcrypto-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214853720.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216928811.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215265173.0000010732151000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215707322.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: pered.exe, 00000001.00000003.1215348102.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: pered.exe, 00000001.00000003.1213899159.0000010732150000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216479891.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.1.dr
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214218772.0000010732150000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: pered.exe, 00000001.00000003.1212968384.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471423588.00007FF8FDAB8000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.1.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: pered.exe, 00000001.00000003.1214131875.0000010732150000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.1.dr
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: pered.exe, 00000001.00000003.1211541980.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2470979132.00007FF8FD9AD000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: pered.exe, 00000001.00000003.1212225421.0000010732150000.00000004.00000020.00020000.00000000.sdmp, pered.exe, 00000003.00000002.2471331088.00007FF8FDAA6000.00000002.00000001.01000000.00000014.sdmp, _hashlib.pyd.1.dr
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-ndysxfi8\src\rust\target\release\deps\cryptography_rust.pdb source: _rust.pyd.1.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216232744.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: pered.exe, 00000003.00000002.2468937989.00007FF8EAD51000.00000002.00000001.01000000.00000011.sdmp, libcrypto-1_1.dll.1.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: pered.exe, 00000001.00000003.1216757502.0000010732151000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.1.dr
Source: pered.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: pered.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: pered.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: pered.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: pered.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.1.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,3_2_70A708E0
Source: _rust.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x6e7e4e
Source: md.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x12854
Source: _brotli.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xd0a91
Source: _cffi_backend.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x38dc3
Source: md__mypyc.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x2bdb3
Source: _pytransform.dll.1.drStatic PE information: real checksum: 0x11edfe should be: 0x126c05
Source: _bcrypt.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x5196e
Source: VCRUNTIME140.dll.1.drStatic PE information: section name: _RDATA
Source: _pytransform.dll.1.drStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: python310.dll.1.drStatic PE information: section name: PyRuntim

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\pered.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d3_2_70A22B90
Source: C:\Users\user\Desktop\pered.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d3_2_70A227E0
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\select.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\pered.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d3_2_70A22B90
Source: C:\Users\user\Desktop\pered.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d3_2_70A227E0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B76C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,1_2_00007FF6C16B76C0
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\select.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\pered.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\pered.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-17580
Source: C:\Users\user\Desktop\pered.exeAPI coverage: 3.3 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B9280 FindFirstFileExW,FindClose,1_2_00007FF6C16B9280
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16B83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6C16B83C0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6C16D1874
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B9280 FindFirstFileExW,FindClose,3_2_00007FF6C16B9280
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16B83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF6C16B83C0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16D1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF6C16D1874
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA83229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,3_2_00007FF8EAA83229
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A06A70 GetSystemInfo,VirtualAlloc,VirtualAlloc,3_2_70A06A70
Source: pered.exeBinary or memory string: jqEMu
Source: pered.exe, 00000003.00000002.2466202036.000002F345EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\pered.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16CA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6C16CA614
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,3_2_70A708E0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D3480 GetProcessHeap,1_2_00007FF6C16D3480
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BD30C SetUnhandledExceptionFilter,1_2_00007FF6C16BD30C
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16CA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6C16CA614
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6C16BC8A0
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6C16BD12C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A94FD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,3_2_70A94FD0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16BD30C SetUnhandledExceptionFilter,3_2_00007FF6C16BD30C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16CA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6C16CA614
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16BC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF6C16BC8A0
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF6C16BD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF6C16BD12C
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA892B20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8EA892B20
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EA8930E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8EA8930E8
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA04050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8EAA04050
Source: C:\Users\user\Desktop\pered.exeProcess created: C:\Users\user\Desktop\pered.exe "C:\Users\user\Desktop\pered.exe"Jump to behavior
Source: C:\Users\user\Desktop\pered.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D9570 cpuid 1_2_00007FF6C16D9570
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography-42.0.8.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l2-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-handle-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-core-profile-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\api-ms-win-crt-math-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\cryptography VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_brotli.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI39762\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeQueries volume information: C:\Users\user\Desktop\pered.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16BD010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00007FF6C16BD010
Source: C:\Users\user\Desktop\pered.exeCode function: 1_2_00007FF6C16D5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,1_2_00007FF6C16D5C00
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_70A7094C GetVersion,GetCurrentThread,3_2_70A7094C
Source: C:\Users\user\Desktop\pered.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\pered.exeCode function: 3_2_00007FF8EAA82B5D bind,WSAGetLastError,3_2_00007FF8EAA82B5D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Bootkit		11
Process Injection		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets25
System Information Discovery		SSHKeylogging1
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Bootkit		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.