Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
KuponcuBaba.exe

Overview

General Information

Sample Name:KuponcuBaba.exe
Analysis ID:778230
MD5:d6c3bf64cc7cb131d467246ce5a4c455
SHA1:2ea0b0bda586aeaef818445f48eae6edca8b9901
SHA256:d91890315262e8a77c565b54baa5f82cbd32451bbe4293bcd8b1918a3d2e0aa1
Tags:exe
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Hides threads from debuggers
Contains functionality to infect the boot sector
Modifies the context of a thread in another process (thread injection)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
PE file contains more sections than normal
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • KuponcuBaba.exe (PID: 2820 cmdline: C:\Users\user\Desktop\KuponcuBaba.exe MD5: D6C3BF64CC7CB131D467246CE5A4C455)
    • conhost.exe (PID: 64 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • KuponcuBaba.exe (PID: 5192 cmdline: C:\Users\user\Desktop\KuponcuBaba.exe MD5: D6C3BF64CC7CB131D467246CE5A4C455)
      • cmd.exe (PID: 2772 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • cmd.exe (PID: 5416 cmdline: C:\Windows\system32\cmd.exe /c @echo off MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • cmd.exe (PID: 5540 cmdline: C:\Windows\system32\cmd.exe /c cls MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A380F0 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,
Source: KuponcuBaba.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\A\35\b\bin\amd64\python3.pdb source: KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556432245.0000027F02150000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: KuponcuBaba.exe, 00000007.00000002.573058618.00007FFA0ACAD000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: _openssl.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.569699537.00007FFA069F8000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ctypes.pdb source: KuponcuBaba.exe, 00000007.00000002.569805697.00007FFA06A20000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32clipboard.pdb source: KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573522589.00007FFA18E34000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: _openssl.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573757806.00007FFA18EA3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.5built on: Tue Jul 5 11:53:43 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: _openssl.pyd.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb** source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: KuponcuBaba.exe, 00000001.00000003.287563558.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572480939.00007FFA094C1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.567289329.00007FFA065DB000.00000002.00000001.01000000.00000012.sdmp, unicodedata.pyd.1.dr
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.569402590.00007FFA06970000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_uuid.pdb source: KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573650405.00007FFA18E92000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.574016045.00007FFA1B4D6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573851934.00007FFA18ED3000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573363921.00007FFA13D0D000.00000002.00000001.01000000.00000013.sdmp
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8456940 FindFirstFileExW,FindClose,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8470D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 4x nop then push rbp
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 4x nop then push rbp
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%s/status
Source: KuponcuBaba.exe, 00000007.00000002.564631005.0000027F05078000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444
Source: KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:4444/wd/hub
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.0.0.1:4444/wd/hub
Source: KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org/techtonik/python-pager
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org/techtonik/python-wget/
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: KuponcuBaba.exe, 00000007.00000002.564631005.0000027F05078000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://chromedriver.storage.googleapis.com/index.html
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: KuponcuBaba.exe, 00000007.00000002.560131047.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlll
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl_
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlr
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAss
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssj
Source: KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digiz
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://greenbytes.de/tech/tc2231/
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esPE
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290365312.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, _lzma.pyd.1.dr, _decimal.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr, libffi-7.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pypi.python.org/pypi/wget/
Source: KuponcuBaba.exe, 00000007.00000002.562926496.0000027F04BD2000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/(lK
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/Zl
Source: KuponcuBaba.exe, 00000007.00000002.565894975.0000027F051F4000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sunucu.troyagame.com/
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sunucu.troyagame.com/z
Source: KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: KuponcuBaba.exe, 00000001.00000003.298015876.000001A41CE2E000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.298020453.000001A41CE30000.00000004.00000020.00020000.00000000.sdmp, mutation-listener.js.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.dr, pyexpat.pyd.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563280811.0000027F04C6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: KuponcuBaba.exe, 00000007.00000003.334060970.0000027F044A6000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560131047.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333732076.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333894641.0000027F04507000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: _cffi_backend.cp310-win_amd64.pyd.1.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.chromium.org/home
Source: KuponcuBaba.exe, 00000007.00000002.565551982.0000027F051B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/
Source: KuponcuBaba.exe, 00000007.00000002.565293099.0000027F0515C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASEz
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromedriver.storage.googleapis.com/z
Source: KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://codecov.io/github/pyca/cryptography/coverage.svg?branch=main
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://codecov.io/github/pyca/cryptography?branch=main
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io
Source: METADATA.1.drString found in binary or memory: https://cryptography.io/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: KuponcuBaba.exe, 00000007.00000002.565293099.0000027F0515C000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/safari/download/.
Source: KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilities
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
Source: KuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol)
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: KuponcuBaba.exe, 00000001.00000003.295690492.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294934339.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572718758.00007FFA0AC62000.00000002.00000001.01000000.00000017.sdmp, KuponcuBaba.exe, 00000007.00000002.573581346.00007FFA18E38000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: KuponcuBaba.exe, 00000007.00000003.299968567.0000027F022F8000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.557606845.0000027F026E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: KuponcuBaba.exe, 00000007.00000002.564493371.0000027F05050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: KuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: KuponcuBaba.exe, 00000007.00000002.565894975.0000027F051F4000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sunucu.troyagame.com/
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webauthn/#credential-parameters
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-browser-version
Source: KuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-insecure-tls-certificates
Source: KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-platform-name
Source: KuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-strict-file-interactability
Source: KuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies
Source: KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webdriver/#timeouts
Source: KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drString found in binary or memory: https://www.apache.org/licenses/
Source: KuponcuBaba.exe, 00000001.00000003.296891487.000001A41CE39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296737570.000001A41CE38000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
Source: KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294179028.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292065746.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295102823.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.289912898.000001A41CE33000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.567784866.00007FFA0669A000.00000002.00000001.01000000.0000000F.sdmp, KuponcuBaba.exe, 00000007.00000002.569650058.00007FFA069E7000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: KuponcuBaba.exe, 00000001.00000003.295819833.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.1.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: KuponcuBaba.exe, 00000007.00000002.557187866.0000027F02660000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300707340.0000027F029DA000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.1.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.selenium.dev/downloads/
Source: KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.yemeksepeti.com/
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.yemeksepeti.com/rj
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/s
Source: unknownDNS traffic detected: queries for: sunucu.troyagame.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sunucu.troyagame.comUser-Agent: python-requests/2.28.1Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846B3DC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846FDC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8474DC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84558A0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846115C
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84731CC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84601C0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8478B08
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84603AC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846DC08
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845FC04
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8462418
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846744C
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8466444
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84614E8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846D588
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8460594
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8472D40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8470D64
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8464D60
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845FDEC
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8459030
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84757C0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845FFD8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8461FE4
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84627E4
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8469050
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8475044
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846FDC8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F846D0D8
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0E6F0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0A7B0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6FFB0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A36F00
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3A0A0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3D800
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3E860
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A77190
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A27110
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3B110
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A7D910
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A23940
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A5E140
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A43950
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6E150
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A35AF0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0F220
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A38270
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A36250
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A013E0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6C330
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3D310
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A22360
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A57370
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6BB70
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3EC80
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A34C20
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6CC15
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A24DA0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A265B0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A965E0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A7DDF0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A38DC0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6EDC0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A7E510
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A31570
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A22540
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A2BD40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A41D40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3B550
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A436D0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A07E20
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A31E30
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A6D630
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A29E70
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A18E40
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A56FE2
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A0F7C0
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A3CF20
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A40700
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A26F70
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A2D400 appears 325 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A96CA0 appears 192 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 70A96730 appears 31 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: String function: 00007FF6F8451C50 appears 53 times
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A22B90: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy,
Source: unicodedata.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.1.drStatic PE information: No import functions for PE file found
Source: KuponcuBaba.exe, 00000001.00000003.288223929.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.287563558.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295690492.000001A41CE37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32clipboard.pyd0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.290181500.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295259301.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32clipboard.pyd0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.294934339.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.293363796.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.293079165.000001A41CE29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000001.00000003.288477963.000001A41CE26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exeBinary or memory string: OriginalFilename vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.569840953.00007FFA06A2B000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.567325250.00007FFA065E1000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.569735716.00007FFA06A02000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572937829.00007FFA0AC94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.556432245.0000027F02150000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573697532.00007FFA18E94000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.567784866.00007FFA0669A000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572718758.00007FFA0AC62000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573790107.00007FFA18EA6000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573412480.00007FFA13D12000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.569650058.00007FFA069E7000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572377153.00007FFA06E77000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.574057697.00007FFA1B4DD000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573581346.00007FFA18E38000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamewin32clipboard.pyd0 vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.572521270.00007FFA094C7000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573247619.00007FFA0ACC5000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs KuponcuBaba.exe
Source: KuponcuBaba.exe, 00000007.00000002.573874254.00007FFA18ED6000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs KuponcuBaba.exe
Source: _pytransform.dll.1.drStatic PE information: Number of sections : 11 > 10
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Users\user\Desktop\KuponcuBaba.exeJump to behavior
Source: KuponcuBaba.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\KuponcuBaba.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exe
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exe
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c @echo off
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exe
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c @echo off
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202Jump to behavior
Source: classification engineClassification label: mal52.evad.winEXE@10/40@2/1
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84565D0 GetLastError,FormatMessageW,WideCharToMultiByte,
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:64:120:WilError_01
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile opened: C:\Users\user\Desktop\pyvenv.cfg
Source: KuponcuBaba.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: KuponcuBaba.exeStatic file information: File size 9945512 > 1048576
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: KuponcuBaba.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: KuponcuBaba.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\A\35\b\bin\amd64\python3.pdb source: KuponcuBaba.exe, 00000001.00000003.293779056.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556432245.0000027F02150000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: KuponcuBaba.exe, 00000007.00000002.573058618.00007FFA0ACAD000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: _openssl.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: KuponcuBaba.exe, 00000001.00000003.290031400.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.569699537.00007FFA069F8000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_ctypes.pdb source: KuponcuBaba.exe, 00000007.00000002.569805697.00007FFA06A20000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32clipboard.pdb source: KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573522589.00007FFA18E34000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: _openssl.pyd.1.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: KuponcuBaba.exe, 00000001.00000003.289893788.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573757806.00007FFA18EA3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.1.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.567632450.00007FFA06665000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.5built on: Tue Jul 5 11:53:43 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: _openssl.pyd.1.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: KuponcuBaba.exe, 00000007.00000002.569113530.00007FFA068EE000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb** source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: KuponcuBaba.exe, 00000001.00000003.287563558.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572480939.00007FFA094C1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: KuponcuBaba.exe, 00000001.00000003.295270844.000001A41CE31000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.567289329.00007FFA065DB000.00000002.00000001.01000000.00000012.sdmp, unicodedata.pyd.1.dr
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: KuponcuBaba.exe, 00000007.00000002.569402590.00007FFA06970000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_uuid.pdb source: KuponcuBaba.exe, 00000001.00000003.290354827.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573650405.00007FFA18E92000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: KuponcuBaba.exe, 00000001.00000003.289049492.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572836068.00007FFA0AC87000.00000002.00000001.01000000.00000014.sdmp, _lzma.pyd.1.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: KuponcuBaba.exe, 00000007.00000002.572638453.00007FFA0AC51000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: KuponcuBaba.exe, 00000001.00000003.288861139.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.574016045.00007FFA1B4D6000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: KuponcuBaba.exe, 00000001.00000003.295085740.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573851934.00007FFA18ED3000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.1.dr
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: KuponcuBaba.exe, 00000001.00000003.287690612.000001A41CE26000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.573363921.00007FFA13D0D000.00000002.00000001.01000000.00000013.sdmp
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: KuponcuBaba.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70B2B4B4 push rax; retf FA26h
Source: KuponcuBaba.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: python310.dll.1.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.1.drStatic PE information: section name: _RDATA
Source: _pytransform.dll.1.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,RtlWow64SetThreadContext,
Source: _rust.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x18f993
Source: win32clipboard.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0xe7ea
Source: _cffi_backend.cp310-win_amd64.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x38dc3
Source: pywintypes310.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x2c5f0
Source: _pytransform.dll.1.drStatic PE information: real checksum: 0x125b11 should be: 0x120054
Source: _openssl.pyd.1.drStatic PE information: real checksum: 0x0 should be: 0x3d5506

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\select.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI28202\libssl-1_1.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8454710 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\KuponcuBaba.exeAPI coverage: 4.1 %
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A97031 GetSystemInfo,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8456940 FindFirstFileExW,FindClose,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8470D64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F84665F8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,
Source: KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWopti%SystemRoot%\system32\mswsock.dllvailable on all platforms!

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread information set: HideFromDebugger
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A95C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,RtlWow64SetThreadContext,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8472930 GetProcessHeap,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A190 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A95C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845AB04 SetUnhandledExceptionFilter,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A344 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8469F80 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A95380 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_00007FF6F845A190 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread register set: target process: 64
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread register set: target process: 64
Source: C:\Users\user\Desktop\KuponcuBaba.exeThread register set: target process: 64
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Users\user\Desktop\KuponcuBaba.exe C:\Users\user\Desktop\KuponcuBaba.exe
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c @echo off
Source: C:\Users\user\Desktop\KuponcuBaba.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\certifi VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\common VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\common\devtools VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\select.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202 VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pyd VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeQueries volume information: C:\Users\user\Desktop\KuponcuBaba.exe VolumeInformation
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8478950 cpuid
Source: C:\Users\user\Desktop\KuponcuBaba.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F845A840 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 1_2_00007FF6F8474DC8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,
Source: C:\Users\user\Desktop\KuponcuBaba.exeCode function: 7_2_70A70CFC GetVersion,GetCurrentThread,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		1
Bootkit		111
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium22
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts111
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials25
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 778230 Sample: KuponcuBaba.exe Startdate: 05/01/2023 Architecture: WINDOWS Score: 52 6 KuponcuBaba.exe 63 2->6         started        file3 22 C:\Users\user\AppData\...\win32clipboard.pyd, PE32+ 6->22 dropped 24 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->24 dropped 26 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 6->26 dropped 28 21 other files (none is malicious) 6->28 dropped 32 Contains functionality to infect the boot sector 6->32 10 KuponcuBaba.exe 1 6->10         started        14 conhost.exe 6->14         started        signatures4 process5 dnsIp6 30 sunucu.troyagame.com 159.253.33.92, 443, 49703, 49704 NETINTERNETNetinternetBilisimTeknolojileriASTR Turkey 10->30 34 Modifies the context of a thread in another process (thread injection) 10->34 36 Hides threads from debuggers 10->36 16 cmd.exe 1 10->16         started        18 cmd.exe 1 10->18         started        20 cmd.exe 1 10->20         started        signatures7 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
KuponcuBaba.exe2%ReversingLabs
KuponcuBaba.exe6%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\pywintypes310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
sunucu.troyagame.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0%URL Reputationsafe
https://www.catcert.net/verarrel0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%URL Reputationsafe
http://www.accv.es000%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl0%URL Reputationsafe
http://127.0.0.1:4444/wd/hub1%VirustotalBrowse
https://sunucu.troyagame.com/0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
http://crl3.digi0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
http://127.0.0.1:4444/wd/hub0%Avira URL Cloudsafe
https://w3c.github.io/html/sec-forms.html#multipart-form-data0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl0%URL Reputationsafe
http://127.0.0.1:%s/status0%Avira URL Cloudsafe
http://ocsp.accv.esPE0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-insecure-tls-certificates0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crlr0%Avira URL Cloudsafe
https://www.selenium.dev/downloads/0%Avira URL Cloudsafe
http://crl3.digiz0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/s0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-browser-version0%Avira URL Cloudsafe
http://127.0.0.1:44440%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://chromedevtools.github.io/devtools-protocol/0%Avira URL Cloudsafe
http://sunucu.troyagame.com/z0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#timeouts0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-strict-file-interactability0%Avira URL Cloudsafe
http://sunucu.troyagame.com/0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-platform-name0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl_0%Avira URL Cloudsafe
https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sunucu.troyagame.com
159.253.33.92
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://sunucu.troyagame.com/false
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol)KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    https://cloud.google.com/appengine/docs/standard/runtimesKuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://crl3.digizKuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/mhammond/pywin32KuponcuBaba.exe, 00000001.00000003.295690492.000001A41CE37000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.295672850.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.294934339.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.572718758.00007FFA0AC62000.00000002.00000001.01000000.00000017.sdmp, KuponcuBaba.exe, 00000007.00000002.573581346.00007FFA18E38000.00000002.00000001.01000000.00000016.sdmpfalse
        		high
        http://pypi.python.org/pypi/wget/KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://python.org/dev/peps/pep-0263/KuponcuBaba.exe, 00000007.00000002.571582077.00007FFA06D5E000.00000002.00000001.01000000.00000005.sdmpfalse
            		high
            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://127.0.0.1:4444/wd/hubKuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://bitbucket.org/techtonik/python-pagerKuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/pyca/cryptography/actions?query=workflow%3ACIKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                  		high
                  https://tools.ietf.org/html/rfc2388#section-4.4KuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.apache.org/licenses/LICENSE-2.0KuponcuBaba.exe, 00000001.00000003.296891487.000001A41CE39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.296737570.000001A41CE38000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drfalse
                      		high
                      https://www.yemeksepeti.com/KuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://sunucu.troyagame.com/KuponcuBaba.exe, 00000007.00000002.565894975.0000027F051F4000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://repository.swisssign.com/(lKKuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.selenium.dev/downloads/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.dhimyotis.com/certignarootca.crlKuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://curl.haxx.se/rfc/cookie_spec.htmlKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            http://ocsp.accv.esKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://w3c.github.io/webdriver/#dfn-browser-versionKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://json.orgKuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688KuponcuBaba.exe, 00000007.00000003.299968567.0000027F022F8000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.557606845.0000027F026E8000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://httpbin.org/getKuponcuBaba.exe, 00000007.00000002.564493371.0000027F05050000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://w3c.github.io/webdriver/#dfn-insecure-tls-certificatesKuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://httpbin.org/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://wwww.certigna.fr/autorites/0mKuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerKuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://httpbin.org/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.334518018.0000027F045CD000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.apache.org/licenses/KuponcuBaba.exe, 00000001.00000003.296719687.000001A41CE2A000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.1.drfalse
                                            		high
                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                              		high
                                              https://wwww.certigna.fr/autorites/KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilitiesKuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://127.0.0.1:%s/statusKuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cryptography.io/en/latest/installation/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                    		high
                                                    https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syKuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300075577.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300234894.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299922007.0000027F022F9000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.299928153.0000027F022A7000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300170147.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.556629333.0000027F0225D000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crl.securetrust.com/STCA.crlrKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.catcert.net/verarrelKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://crl.securetrust.com/STCA.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://chromedriver.chromium.org/homeKuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://wwwsearch.sf.net/):KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.accv.es/legislacion_c.htmKuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tools.ietf.org/html/rfc6125#section-6.4.3KuponcuBaba.exe, 00000007.00000002.561699929.0000027F04930000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://cryptography.io/en/latest/security/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                  		high
                                                                  https://cffi.readthedocs.io/en/latest/using.html#callbacks_cffi_backend.cp310-win_amd64.pyd.1.drfalse
                                                                    		high
                                                                    http://crl.xrampsecurity.com/XGCA.crl0KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.cert.fnmt.es/dpcs/KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.yemeksepeti.com/rjKuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.accv.es00KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyKuponcuBaba.exe, 00000007.00000003.300206686.0000027F022A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://wwww.certigna.fr/autorites/sKuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/pyca/cryptography/issuesMETADATA.1.drfalse
                                                                            		high
                                                                            https://readthedocs.org/projects/cryptography/badge/?version=latestKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                              		high
                                                                              http://ocsp.accv.esPEKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://google.com/KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://mahler:8092/site-updates.pyKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                http://127.0.0.1:4444KuponcuBaba.exe, 00000007.00000002.564631005.0000027F05078000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crl.securetrust.com/SGCA.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocolKuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.562815618.0000027F04B94000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://.../back.jpegKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  https://github.com/pyca/cryptographyKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                    		high
                                                                                    https://www.python.org/download/releases/2.3/mro/.KuponcuBaba.exe, 00000007.00000002.557187866.0000027F02660000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.300707340.0000027F029DA000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.1.drfalse
                                                                                      		high
                                                                                      https://cryptography.io/METADATA.1.drfalse
                                                                                        		high
                                                                                        https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyKuponcuBaba.exe, 00000007.00000002.560571375.0000027F04630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://httpbin.org/postKuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://chromedevtools.github.io/devtools-protocol/KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://github.com/pyca/cryptography/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                              		high
                                                                                              https://github.com/Ousret/charset_normalizerKuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://github.com/urllib3/urllib3/issues/497KuponcuBaba.exe, 00000007.00000002.561089027.0000027F04830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.firmaprofesional.com/cps0KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563507590.0000027F04CC1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563280811.0000027F04C6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://bitbucket.org/techtonik/python-wget/KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.securetrust.com/SGCA.crl0KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://crl3.digiKuponcuBaba.exe, 00000001.00000003.292096227.000001A41CE34000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://crl.securetrust.com/STCA.crl0KuponcuBaba.exe, 00000007.00000002.562707463.0000027F04B59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://w3c.github.io/webdriver/#timeoutsKuponcuBaba.exe, 00000007.00000002.564750127.0000027F050A4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://codecov.io/github/pyca/cryptography/coverage.svg?branch=mainKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                        		high
                                                                                                        http://yahoo.com/KuponcuBaba.exe, 00000007.00000002.557006907.0000027F022D1000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560325416.0000027F045BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://w3c.github.io/webdriver/#dfn-platform-nameKuponcuBaba.exe, 00000007.00000002.564546201.0000027F05060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6KuponcuBaba.exe, 00000007.00000003.334060970.0000027F044A6000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.560131047.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333732076.0000027F04506000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333894641.0000027F04507000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0KuponcuBaba.exe, 00000001.00000003.292760666.000001A41CE29000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.1.drfalse
                                                                                                              		high
                                                                                                              https://w3c.github.io/html/sec-forms.html#multipart-form-dataKuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.quovadisglobal.com/cps0KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlKuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0KuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cryptography.io/en/latest/changelog/KuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                      		high
                                                                                                                      https://mail.python.org/mailman/listinfo/cryptography-devKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                        		high
                                                                                                                        https://codecov.io/github/pyca/cryptography?branch=mainKuponcuBaba.exe, 00000001.00000003.297191026.000001A41CE2D000.00000004.00000020.00020000.00000000.sdmp, METADATA.1.drfalse
                                                                                                                          		high
                                                                                                                          https://requests.readthedocs.ioKuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://repository.swisssign.com/KuponcuBaba.exe, 00000007.00000002.562926496.0000027F04BD2000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.563176497.0000027F04C39000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://w3c.github.io/webdriver/#dfn-strict-file-interactabilityKuponcuBaba.exe, 00000007.00000002.562123971.0000027F04A30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategiesKuponcuBaba.exe, 00000007.00000002.563722039.0000027F04F30000.00000004.00001000.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.564385194.0000027F05030000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://crl.xrampsecurity.com/XGCA.crlKuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.apache.org/licenses/LICENSE-2.0KuponcuBaba.exe, 00000001.00000003.298015876.000001A41CE2E000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000001.00000003.298020453.000001A41CE30000.00000004.00000020.00020000.00000000.sdmp, mutation-listener.js.1.drfalse
                                                                                                                                		high
                                                                                                                                http://sunucu.troyagame.com/zKuponcuBaba.exe, 00000007.00000002.559730683.0000027F04430000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.558650240.0000027F029A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://www.python.orgKuponcuBaba.exe, 00000007.00000003.333554896.0000027F02A48000.00000004.00000020.00020000.00000000.sdmp, KuponcuBaba.exe, 00000007.00000002.559160943.0000027F02A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.accv.es/legislacion_c.htm0UKuponcuBaba.exe, 00000007.00000002.563300269.0000027F04C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.securetrust.com/SGCA.crl_KuponcuBaba.exe, 00000007.00000002.560416129.0000027F045F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    159.253.33.92
                                                                                                                                    		sunucu.troyagame.comTurkey
                                                                                                                                    		51559NETINTERNETNetinternetBilisimTeknolojileriASTRfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                    Analysis ID:778230
                                                                                                                                    Start date and time:2023-01-05 08:54:13 +01:00
                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 8m 37s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:light
                                                                                                                                    Sample file name:KuponcuBaba.exe
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                    Number of analysed new started processes analysed:14
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • HDC enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal52.evad.winEXE@10/40@2/1
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HDC Information:Failed
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 99%
                                                                                                                                    • Number of executed functions: 0
                                                                                                                                    • Number of non-executed functions: 0
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    No simulations

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    No context

                                                                                                                                    Domains

                                                                                                                                    No context

                                                                                                                                    ASNs

                                                                                                                                    No context

                                                                                                                                    JA3 Fingerprints

                                                                                                                                    No context

                                                                                                                                    Dropped Files

                                                                                                                                    No context

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\VCRUNTIME140.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):97168
                                                                                                                                    Entropy (8bit):6.424686954579329
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                    MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                    SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                    SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                    SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_bz2.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):80784
                                                                                                                                    Entropy (8bit):6.45456109441925
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:hwz7h8B7BjhJCZePYgl/5S8Gh2Nv0DFIGtVQ7Sygj:hwz18BrJCJglhlGINv0RIGtVQej
                                                                                                                                    MD5:BCF0D58A4C415072DAE95DB0C5CC7DB3
                                                                                                                                    SHA1:8CE298B7729C3771391A0DECD82AB4AE8028C057
                                                                                                                                    SHA-256:D7FAF016EF85FDBB6636F74FC17AFC245530B1676EC56FC2CC756FE41CD7BF5A
                                                                                                                                    SHA-512:C54D76E50F49249C4E80FC6CE03A5FDEC0A79D2FF0880C2FC57D43227A1388869E8F7C3F133EF8760441964DA0BF3FC23EF8D3C3E72CE1659D40E8912CB3E9BC
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>E.mE.mE.mL.=mO.m...lG.m#.SmF.m...lI.m...lM.m...lA.m...lF.m...lG.mE.m..m...lM.m...lD.m..QmD.m...lD.mRichE.m........PE..d....y.a.........." .........^...............................................P......S7....`.........................................@...H............0....... ..,............@......`...T...............................8............................................text...U........................... ..`.rdata...>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):181248
                                                                                                                                    Entropy (8bit):6.191174351377468
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:fp5LZ3sgWSqjfy8dBbm/6WnUsHozssS7piSTLkKyS7TlSyQH:fptZ8gW9jrBbQnfIzLIiSTLLymlSy
                                                                                                                                    MD5:6F1B90884343F717C5DC14F94EF5ACEA
                                                                                                                                    SHA1:CCA1A4DCF7A32BF698E75D58C5F130FB3572E423
                                                                                                                                    SHA-256:2093E7E4F5359B38F0819BDEF8314FDA332A1427F22E09AFC416E1EDD5910FE1
                                                                                                                                    SHA-512:E2C673B75162D3432BAB497BAD3F5F15A9571910D25F1DFFB655755C74457AC78E5311BD5B38D29A91AEC4D3EF883AE5C062B9A3255B5800145EB997863A7D73
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.....C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C...B...C...B...C...C..C...B...C..HC...C...B...C.."C...C...B...CRich...C........PE..d...o.b.........." .........@...............................................0............`..........................................g..l...|g..................H............ .......M...............................M..8............................................text...H........................... ..`.rdata..............................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_ctypes.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):119696
                                                                                                                                    Entropy (8bit):5.97015025328591
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:RW66GKh4hqyIVQoavMSuthSfrS04ep9x31IGQPm5S:Y6QKtkSu3SfrSGFBS
                                                                                                                                    MD5:41A9708AF86AE3EBC358E182F67B0FB2
                                                                                                                                    SHA1:ACCAB901E2746F7DA03FAB8301F81A737B6CC180
                                                                                                                                    SHA-256:0BD4ED11F2FB097F235B62EB26A00C0CB16815BBF90AB29F191AF823A9FED8CF
                                                                                                                                    SHA-512:835F9AA33FDFBB096C31F8AC9A50DB9FAC35918FC78BCE03DAE55EA917F738A41F01AEE4234A5A91FFA5BDBBD8E529399205592EB0CAE3224552C35C098B7843
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........P...1c..1c..1c..I...1c..Db..1c..Df..1c..Dg..1c..D`..1c.vDb..1c..Cg..1c..Cb..1c.VXb..1c..1b.$1c.vDn..1c.vDc..1c.vD...1c.vDa..1c.Rich.1c.........................PE..d....y.a.........." ................ [...................................................`..........................................Q.......Q..........................................T........................... ...8...............@............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_decimal.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):250768
                                                                                                                                    Entropy (8bit):6.527857952800466
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:MJFPEV3nLF0eMMCtGzohEgCmUQjYK9qWMa3pLW1AtSrYB4BRWr8k:cPgXLF035tVZCRBQC06nWr8k
                                                                                                                                    MD5:D976C5F77A6370CF6F28A5714BF49AE3
                                                                                                                                    SHA1:79273EB123A68BA5CB91FF37EE0A82CEE880C2CC
                                                                                                                                    SHA-256:FE2BCCB2E204A736ED86A8D16EFFEAFE83B30B44F809349E172142665DE8458A
                                                                                                                                    SHA-512:57DF90F9FAF31F81F245A39A14C0784A3FACE4F76F00430DE8CFF2E86B55FA3269CD595119FD093E03709DEBF0888618917CAE5EA5E68F43A8E928861CAA01C5
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t!=.0@S.0@S.0@S.98..>@S.b5R.2@S.b5V.<@S.b5W.8@S.b5P.4@S..5R.3@S..2R.2@S.0@R..@S..5P.1@S..5^.?@S..5S.1@S..5..1@S..5Q.1@S.Rich0@S.................PE..d....y.a.........." .....|...:......l...............................................-.....`..........................................T..P....T...................'..............<... ...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_hashlib.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60304
                                                                                                                                    Entropy (8bit):6.093275200649072
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:JV/wp93dN0yIITgu/w521DxBjWO/Z1bbr1IG5ItYiSyvJhKy:GNdeyIaVww1TjWMr1IG5It7Syf
                                                                                                                                    MD5:F63DA7F9A4E64148255E9D3885E7A008
                                                                                                                                    SHA1:756DC192E7B2932DF147C48F05EC5E38E9AA06E6
                                                                                                                                    SHA-256:FA0BB4BF93A6739CE5ADE6A7A69272BBC1227D09C7AFC1C027D6CEA41141BCC6
                                                                                                                                    SHA-512:23D06DEF20C3668613392A02832777B27AD5353E1DC246316043B606890445D195A1066FCA65300A5D429319AA2AE2505F9FA3A5AB0F97ABA2717B64AAA07E8D
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bGq.&&..&&..&&../^.."&..tS..$&..tS..-&..tS...&..tS..%&..S..$&...T..$&...Q..%&..&&..&..S..'&..S..'&..S..'&..S..'&..Rich&&..........................PE..d....y.a.........." .....P...~.......<...................................................`.............................................P......................................T....k..T............................k..8............`...............................text....N.......P.................. ..`.rdata...O...`...P...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_lzma.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):154000
                                                                                                                                    Entropy (8bit):6.8078458773005055
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:GD6xBrqs+vs0H0q8bnpbVZbXsAIPznfo9mNoK5vSpxpRIGe1y2:GD63rcRLCV+7wYOK50P2
                                                                                                                                    MD5:BA3797D77B4B1F3B089A73C39277B343
                                                                                                                                    SHA1:364A052731CFE40994C6FEF4C51519F7546CD0B1
                                                                                                                                    SHA-256:F904B02720B6498634FC045E3CC2A21C04505C6BE81626FE99BDB7C12CC26DC6
                                                                                                                                    SHA-512:5688AE25405AE8C5491898C678402C7A62EC966A8EC77891D9FD397805A5CFCF02D7AE8E2AA27377D65E6CE05B34A7FFDEDF3942A091741AF0D5BCE41628BF7D
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l............................................Z......3.............Z......Z......Z......Z......Rich............PE..d....y.a.........." .....^...........2....................................................`.............................................L...,...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_pytransform.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1165824
                                                                                                                                    Entropy (8bit):7.056422721818035
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:LsZDXB6wmcZzdcZ7fUoPHUEXLznTrenIGHSQt:QZDXB6wmcUfTCHHt
                                                                                                                                    MD5:B07455B8C47BBBE0AE685314988C397E
                                                                                                                                    SHA1:5464EA83A88BC7BD1054A119C8BB38952C3DCB17
                                                                                                                                    SHA-256:30EFA93EC5E967CA5BBBFEFC9970CEDB0806F89E7F10EC59B708A5F853E0DF32
                                                                                                                                    SHA-512:42D279952BA8359AD3F71E6696888C662E6F829F614444BE16C97D553C71E06BBA0A2F01BFF6C7FE3CC435C04DF8A4B1FEFFCDDA1E54B4167EE206FAEC59D75E
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....b..........0..........p.....................................[........ .........................................+........................'...........................................`..(...................d................................text...ha.......b..................`.P`.data................f..............@.`..rdata..p............h..............@.`@.pdata...'.......(...V..............@.0@.xdata..L,...........~..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_queue.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):27536
                                                                                                                                    Entropy (8bit):6.261734078833693
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:smfqkQfdUCUFYS9F6XP6rEhSSVYptTDbPdIG7UcIYiSy1pCQ7Rhp7:spdUC+y6rEhSSVYTPdIG7UNYiSyvdhp7
                                                                                                                                    MD5:E6BB918CC02CD270BAD449875577427C
                                                                                                                                    SHA1:5B22420AE4170858A6A2AA04A54ADC26B9A8051C
                                                                                                                                    SHA-256:2D8B41DAD8A8506870E6F2E2A5856C6C6C68A219F18BD88AD79C63CFA1366B1F
                                                                                                                                    SHA-512:B19353E0DF213525C466D5CB80F362AB1A22EAF9940F742B59DF1C2842E49594DB87A5119289DCA616FDFA3E808C7CEB26906E0FF8723AFC80AF768496FACA9C
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.a....................@.......@.......@.......@..........................Z...............................Rich....................PE..d....y.a.........." .........6......................................................D!....`.........................................@C..L....C..d....p.......`.......L...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_socket.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75152
                                                                                                                                    Entropy (8bit):6.147254943521508
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:z1XB7kEDATyhAZ9/s+S+pxyXc/+lf7PdIGQwP7Syr:ZXB4EDXhAZ9/sT+px8c/Sz1IGQwP9
                                                                                                                                    MD5:79C2FF05157EF4BA0A940D1C427C404E
                                                                                                                                    SHA1:17DA75D598DEAA480CDD43E282398E860763297B
                                                                                                                                    SHA-256:F3E0E2F3E70AB142E7CE1A4D551C5623A3317FB398D359E3BD8E26D21847F707
                                                                                                                                    SHA-512:F91FC9C65818E74DDC08BBE1CCEA49F5F60D6979BC27E1CDB2EF40C2C8A957BD3BE7AEA5036394ABAB52D51895290D245FD5C9F84CC3CC554597AE6F85C149E1
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w...............nk......c.......c.......c.......c......xc..........t....d......xc......xc......xc......xc......Rich....................PE..d....y.a.........." .....l.......... &.......................................P......v7....`.............................................P............0....... ..<............@..........T..............................8............................................text...Fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_ssl.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):156560
                                                                                                                                    Entropy (8bit):5.942876418107184
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:RYNRsSzeOfeC1uHv8MmouyETvb8VqH70NmHh4kwooSLteSdo9dRIGt7+ig:RYjPzeOfeYMvZuyvV0Dtho9dVg
                                                                                                                                    MD5:1ED0EF72A40268E300A611BA4AB20DFD
                                                                                                                                    SHA1:4D04D5911A6ED422308EA11D7B15821AF8F62585
                                                                                                                                    SHA-256:5860FE208122219A4071CC369D5001EDC3B08C13BD96156ABD1375E35401ACD0
                                                                                                                                    SHA-512:F72EA051ED50A09561414FC41D837C03CE44BE9D8E4C39F59133DD8A092C9F13FC942C58DC8517EDC149CAA3BF7D94FA6BDBE88CABC8CB3C6A02428676572F3E
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.D...*...*...*.......*.D.+...*.D./...*.D.....*.D.)...*..+...*...+...*...+..*...+...*..'...*..*...*......*..(...*.Rich..*.................PE..d....y.a.........." ................l*....................................................`.............................................d............`.......P.......D.......p..8.......T...............................8...............x............................text...T........................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\_uuid.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):21392
                                                                                                                                    Entropy (8bit):6.271052728197517
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:WvEaNKFDyeTxXK5DFIGewqcIYiSy1pCQIQhwv:WTNK4e9XK5DFIGewgYiSyvJhwv
                                                                                                                                    MD5:0162EDE31051183D9E23BADA8B7FD0AA
                                                                                                                                    SHA1:F4AD798660B81E9BFBBEC6E44BD5C4BFFCF5F3B2
                                                                                                                                    SHA-256:8F1C0151485055E65F174D779CFEFD2FAE601CA52F556EE3880E417EA6E43187
                                                                                                                                    SHA-512:17A5AF2CD7A9603F31BB3B796DAE13BA157886A4BC05665780FD54C1E30F1FAD76648D56E35C18E2B0C1379D1A83EC98CC97AB2DC4E968FE8D648DB3341C2201
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z4F.>U(.>U(.>U(.7-..<U(.l ).<U(.l -.5U(.l ,.6U(.l +.=U(.. ).<U(..').;U(.>U)..U(.. .?U(.. (.?U(.. ..?U(.. *.?U(.Rich>U(.........PE..d....y.a.........." .........&...... ........................................p............`......................................... )..L...l)..x....P.......@.......4.......`..<...."..T...........................`"..8............ ..0............................text...X........................... ..`.rdata..f.... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..<....`.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\base_library.zip

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):831571
                                                                                                                                    Entropy (8bit):5.700814153772732
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:gVghg9FMWyrVqF3IUQA4a2Y4dgVwOlfJEW4XSgMNn:gVghVVrDLa2oVwOlfJEW4fMNn
                                                                                                                                    MD5:0FFE117C16F44A32C0AED0080D4AE966
                                                                                                                                    SHA1:7F8317DE4FFA0ED54AA53AF202AED0F297ED1913
                                                                                                                                    SHA-256:28C1EFDFCF212AFFBD33649E3BAFA33D55F00AF5EC6BBF94692DF56FDC3D3B59
                                                                                                                                    SHA-512:4FD0C1C4C512DD0A7E35E2206619AFBFC9513BD96B160F9851CECBBA18ED2F128BB3817B30DA925D1515C3D484497C1B9C1139328BA4478023340693D4ECBE8C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PK..........!.Q..M............_collections_abc.pyco........6.-........................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\certifi\cacert.pem

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):285222
                                                                                                                                    Entropy (8bit):6.049584029751259
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:QW1H/M8f9R0mNpliXCRrwADwYCuMEigT/Q5MSRqNb7d8l:QWN/vRLNL4CRrBC5MWavd0
                                                                                                                                    MD5:B18E918767D99291F8771414B76A8E65
                                                                                                                                    SHA1:EA544791B23E4A8F47ACE99B9D08B3609D511293
                                                                                                                                    SHA-256:A59FDE883A0EF9D74AB9DAD009689E00173D28595B57416C98B2EE83280C6E4C
                                                                                                                                    SHA-512:78A4EAC65754FB8D37C1DA85534D6E1DD0EB2B3535EF59D75C34A91D716AFC94258599B1078C03A4B81E142945B13E671EC46B5F2FCB8C8C46150AE7506E0D8D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\INSTALLER

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4
                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Mn:M
                                                                                                                                    MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                    SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                    SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                    SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:pip.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):329
                                                                                                                                    Entropy (8bit):4.603126991268486
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:h9Co8FMjkDYc5tWreLBF/fIKY2mHxXaASvUSBT5+FLkYjivW:h9aWjM/mrGz3IKZvUSBT5+Jxi+
                                                                                                                                    MD5:8F65F43B29FEA29D36A0E6E551CCA681
                                                                                                                                    SHA1:DEF52585EE54F0B8841A097B871ABD5F5E94DB10
                                                                                                                                    SHA-256:970C6BC0FAB59117A0B65E9A6D5F787A991BEBE82AFF32A01C4E1A6E02F4E105
                                                                                                                                    SHA-512:A5DED62228355C40533E53592164CE9BF511D5F0B98478AD91558626DA02BD6D85185B8DA767338692C60ECB4AB6CBFB2E97EEE6530101A3AFF04CE8087687E8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:This software is made available under the terms of *either* of the licenses..found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made..under the terms of *both* these licenses.....The code used in the OS random engine is derived from CPython, and is licensed..under the terms of the PSF License Agreement...

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE.APACHE

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):11562
                                                                                                                                    Entropy (8bit):4.476412280491683
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:qf9fG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SgfH2:k1u9b01DY/rGBt+dc+aclkT8Sg+
                                                                                                                                    MD5:D3DC5ABBDBEF739DCFF4631C8026D71C
                                                                                                                                    SHA1:DABFE012BF7944B938C95845769414C1D5FA8BB9
                                                                                                                                    SHA-256:E8DE1A7393457E9C88768B78E6BA790622FBEFB040CE48194C2CB0F1B6D4E9FF
                                                                                                                                    SHA-512:C8245BD674A2EDB3CE191EC42E701E3E78AEFA3822846604EE0A8FBBB5D62B5372BE07EC8D4D1DD8F6E1DDFE65DAB1136FEE6917FF24445286EFEF99F908ECA2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.. Apache License.. Version 2.0, January 2004.. https://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, o

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE.BSD

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1559
                                                                                                                                    Entropy (8bit):5.097091815591564
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:NOWJbPrYJ0NCPiB432sVoY32s3EiP3tQHy:gWJbPrYJUNu3J3zVSS
                                                                                                                                    MD5:07BFF60D258208652DF09D36F7F94844
                                                                                                                                    SHA1:E37EC74CF1EC6B540A511EA75E04C3429DB39C57
                                                                                                                                    SHA-256:661D18932DD84BB263A8EE418AB7774ED94EEC33C83FD1DB5B533F78EB774CA4
                                                                                                                                    SHA-512:049659D6AC6681E209F30E1A6A12BA6118BEB96F032FD3E2583686EA562068E311C61CCD0785B0FC343ECBA094955C972ABCF9AE9B0A4503C56131F1A59A6F83
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Copyright (c) Individual contributors...All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are met:.... 1. Redistributions of source code must retain the above copyright notice,.. this list of conditions and the following disclaimer..... 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... 3. Neither the name of PyCA Cryptography nor the names of its contributors.. may be used to endorse or promote products derived from this software.. without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\LICENSE.PSF

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2456
                                                                                                                                    Entropy (8bit):5.053763055088611
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:xUXkp7vXkzpXFlYPXc/XFbwDt3XF2iDPGkvAuXF1f0T2sMtQVHiioTxmynXh2XFQ:KXwDXklHYPXaAt3ZSkYuyCQ4hTcynx26
                                                                                                                                    MD5:36F8D9BAB4000E435033D3CDB2E85E9B
                                                                                                                                    SHA1:003076B91D93233F389AB5DB052C04386620BB76
                                                                                                                                    SHA-256:C2ED0F2724ACA6CEC716CE169FD22C91B79A21FF625C3725D5C71BE1A7977430
                                                                                                                                    SHA-512:48396B8D7DD14A10C3941788DFED9FF0699C413328FA086CF1D7DCB5E4ED538AEC98541A758B169E271C3DD9BE6056E2EEA0853A6F6DA9C44D865718425DBF9E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and.. the Individual or Organization ("Licensee") accessing and otherwise using Python.. 2.7.12 software in source or binary form and its associated documentation.....2. Subject to the terms and conditions of this License Agreement, PSF hereby.. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,.. analyze, test, perform and/or display publicly, prepare derivative works,.. distribute, and otherwise use Python 2.7.12 alone or in any derivative.. version, provided, however, that PSF's License Agreement and PSF's notice of.. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights.. Reserved" are retained in Python 2.7.12 alone or in any derivative version.. prepared by Licensee.....3. In the event Licensee prepares a derivative work that is based on or.. incorporates Python 2.7.12 or any part thereof, and wants to make the.. derivative work

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\METADATA

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):5434
                                                                                                                                    Entropy (8bit):5.111366191178416
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:DDhVUvQIUQIhQIKQILbQIRIaMmPktjxsx5nv1AnivAEYaCjF0ErDmpklE2jQecwX:oYcPuPfsBvunivAEYaCjF0ErDmpklE2x
                                                                                                                                    MD5:103327F82BD07D33530E95181C94F9A5
                                                                                                                                    SHA1:852A8DCE3B0232BD6E5943CF61FB51778D53EB9B
                                                                                                                                    SHA-256:C5344000C01BDDC1EA5B57170A174AF535CE586DA0861CFEB1D7E6457BD7AEA5
                                                                                                                                    SHA-512:986EFCD2816F5A4A765CDA90BBBADD1E4F5D3553E2ECA49F6F277CBC7B33D5DDF38E472FC2CE1F13AFC1ABABC74C04020E0A9B48E0A22F8E2FF14A897B167FD3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Metadata-Version: 2.1.Name: cryptography.Version: 37.0.4.Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers..Home-page: https://github.com/pyca/cryptography.Author: The Python Cryptographic Authority and individual contributors.Author-email: cryptography-dev@python.org.License: BSD-3-Clause OR Apache-2.0.Project-URL: Documentation, https://cryptography.io/.Project-URL: Source, https://github.com/pyca/cryptography/.Project-URL: Issues, https://github.com/pyca/cryptography/issues.Project-URL: Changelog, https://cryptography.io/en/latest/changelog/.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Class

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\RECORD

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:CSV text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):15889
                                                                                                                                    Entropy (8bit):5.542903319592049
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:DXNhudIBxy0jX1sjzarQ4Oy3W1HepPNyZGBDLkae:Dvu6BjTLLC
                                                                                                                                    MD5:28DD4D29EDE55272C2BDCD4128D20BFF
                                                                                                                                    SHA1:715A6C1D5D8CD44CBFC4872BBE803AB5716F7B49
                                                                                                                                    SHA-256:DEF15B76024668207D2EAA70A78E867415E17B6C9651F3D17C49B54F1FC3D2B4
                                                                                                                                    SHA-512:B4E6216E4D80006A25916C61386D6A728394834A424164E7E067C1770200427FF3BF39810A92A3F69B14701813075661146FEB186949A135CA841B1C004C6E19
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:cryptography-37.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-37.0.4.dist-info/LICENSE,sha256=lwxrwPq1kRegtl6abV94epkb6-gq_zKgHE4abgL04QU,329..cryptography-37.0.4.dist-info/LICENSE.APACHE,sha256=6N4ac5NFfpyIdot45rp5BiL777BAzkgZTCyw8bbU6f8,11562..cryptography-37.0.4.dist-info/LICENSE.BSD,sha256=Zh0Yky3YS7JjqO5Bird3TtlO7DPIP9HbW1M_eOt3TKQ,1559..cryptography-37.0.4.dist-info/LICENSE.PSF,sha256=wu0PJySsps7HFs4Wn9IskbeaIf9iXDcl1ccb4aeXdDA,2456..cryptography-37.0.4.dist-info/METADATA,sha256=xTRAAMAb3cHqW1cXChdK9TXOWG2ghhz-sdfmRXvXrqU,5434..cryptography-37.0.4.dist-info/RECORD,,..cryptography-37.0.4.dist-info/WHEEL,sha256=nYCSW5p8tLyDU-wbqo3uRlCluAzwxLmyyRK2pVs4-Ag,100..cryptography-37.0.4.dist-info/top_level.txt,sha256=zYbdX67v4JFZPfsaNue7ZV4-mgoRqYCAhMsNgt22LqA,22..cryptography/__about__.py,sha256=faxkUiE2bBSzSgtjgJ-beVDEW-CO_1hPe1MuwUZbzc0,432..cryptography/__init__.py,sha256=nhedhGi0RRlu5-T65qB364Q-onagWl0wvDZym5NaL2w,777..cryptography/__pycach

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\WHEEL

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):100
                                                                                                                                    Entropy (8bit):5.000336540814903
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:RtEeX7MWcSlViZHKRRP+tkKc5vKQLn:RtBMwlViojWK/SQLn
                                                                                                                                    MD5:FD7C45A29F7B2371E832F4D0A8B2DB64
                                                                                                                                    SHA1:D2227C6F4CD8A948E4A4CA6BF2592E9700383EB1
                                                                                                                                    SHA-256:9D80925B9A7CB4BC8353EC1BAA8DEE4650A5B80CF0C4B9B2C912B6A55B38F808
                                                                                                                                    SHA-512:AEF644A24B948DC30C2097D53CD5D412C85958E7846720F4E3693F42924597F6924BD24E1B083B2EC57E7BA08C54DBDCA3C1AE73AC2322CD1A575F06BB4D1D90
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography-37.0.4.dist-info\top_level.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22
                                                                                                                                    Entropy (8bit):3.7887549139935035
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:DA1JEOv:DUVv
                                                                                                                                    MD5:6DB3CE9E78C8F56F58CDF1B221C0884B
                                                                                                                                    SHA1:D8D1BA8EE6C2A5EED9CB39B170EE08012AB41E11
                                                                                                                                    SHA-256:CD86DD5FAEEFE091593DFB1A36E7BB655E3E9A0A11A9808084CB0D82DDB62EA0
                                                                                                                                    SHA-512:6F8AB5DA07A237C2BD6DA073A66125EB0CA754389CB84671D68D0DA4122AD6DDA58336900B1100D235814B16EFB970A2C3FBAF91B82366808DAA81A63EAE31AE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:_openssl.cryptography.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3962880
                                                                                                                                    Entropy (8bit):6.5600156596934625
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:LIU6ioeGtlqTVwASOICDs+JhX3wHqg+dhptXdqCHJYN1QwhIC4Fjz80nciTOzNqm:k+IkEs7JYNgFjz80cDh1YFZdZBT
                                                                                                                                    MD5:8A2C06F1015C438CB38FFE8B1CDAD831
                                                                                                                                    SHA1:A3FBED5033E9658043D18AF54543D7938037E08F
                                                                                                                                    SHA-256:811441D49208C88B7B6B7133A9FD8F2FB969659563D3F2C80584D2F12338E020
                                                                                                                                    SHA-512:7FD89967A4C8A041D6949AE37C0544E7694ADE9055AB828C25ADD4D0359E170BF6543BAFD2EC4B8116ABEFB176B26229C730F3D085983718E0100AAE659F3CE1
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P...(7..P...*...P...*...P...*...P...*...P.._$...P...(...P...P..MP...P...P...*...S...*...P...*...P...*[..P...*...P..Rich.P..........PE..d....<.b.........." ... .T+..L......pU+.......................................<...........`...........................................9.P...`.9.h.....<.......:.............. <.p...p.7.............................0.7.@............p+.p............................text....S+......T+................. ..`.rdata.......p+......X+.............@..@.data........09.......9.............@....pdata........:.......9.............@..@.rsrc.........<.......;.............@..@.reloc..p.... <.......;.............@..B................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1593344
                                                                                                                                    Entropy (8bit):6.148502058477941
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:j/bXNabjIX1FSCD2Ai8tExl6/RA11zz5Wp3BabkGon9wC3f+um4aFu:PQjIX1FSCD2Ai8tE2aYUz
                                                                                                                                    MD5:3C96F548076A8A0587517DB899FB09AE
                                                                                                                                    SHA1:36F252F529DD6DFB0E3A5FD0298EE817DCFED8BD
                                                                                                                                    SHA-256:8168767337ED93D3341C583F1D8B0CF8956C3CDF3BD6428AF7A3DDBAF206CC08
                                                                                                                                    SHA-512:3EB7665F7D0D70530F7BED28DD0606FAF97D7A2EA1277D302301EDC278AB0AB79DCAECC1F89591211F2B63478F6984395754029B91A127163CC2271D24ED51D9
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.G.8...8...8...@v..8...B...8...B...8...B...8...B...8...@...8..RL...8...8...8...8..08...B...8...B...8..Rich.8..........................PE..d...}<.b.........." ... .*...$............................................................`..........................................v..X...Hw..................X............p..P...`...T.......................(... ...@............@...............................text....).......*.................. ..`.rdata...H...@...J..................@..@.data................x..............@....pdata..X...........................@..@.reloc..P....p.......<..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\libcrypto-1_1.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3438840
                                                                                                                                    Entropy (8bit):6.094542623790425
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:DTKuk2HvIU6iwpOjPWBdwQN+5X2uyWsrV4+OGyu1BYGx6KCIrA9NPe0Cs5Z1CPwE:Pg+Hb5Wt+2BoBIcU0CsD1CPwDv3uFfJZ
                                                                                                                                    MD5:63C756D74C729D6D24DA2B8EF596A391
                                                                                                                                    SHA1:7610BB1CBF7A7FDB2246BE55D8601AF5F1E28A00
                                                                                                                                    SHA-256:17D0F4C13C213D261427EE186545B13EF0C67A99FE7AD12CD4D7C9EC83034AC8
                                                                                                                                    SHA-512:D9CF045BB1B6379DD44F49405CB34ACF8570AED88B684D0AB83AF571D43A0D8DF46D43460D3229098BD767DD6E0EF1D8D48BC90B9040A43B5469CEF7177416A2
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................0.........................3........^....^.....^....^.\...^....Rich............................PE..d....A.a.........." ......$...................................................5.......4...`..........................................h/..h...:4.@....p4.|....`2.h....\4.......4..O..,.,.8...........................p.,.8............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..8....`2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..c....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...x....4..z....3.............@..B................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\libffi-7.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32792
                                                                                                                                    Entropy (8bit):6.3566777719925565
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                    MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                    SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                    SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                    SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\libssl-1_1.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):698104
                                                                                                                                    Entropy (8bit):5.531132600342763
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:tgH+zxL52Y1Ag5EbSJyin89m8GXfbmednWAeO6GKaf525eWP8U2lvzI:DD1Ag5h/L5mO6GVf52se8U2lvzI
                                                                                                                                    MD5:86556DA811797C5E168135360ACAC6F2
                                                                                                                                    SHA1:42D868FC25C490DB60030EF77FBA768374E7FE03
                                                                                                                                    SHA-256:A594FC6FA4851B3095279F6DC668272EE975E7E03B850DA4945F49578ABE48CB
                                                                                                                                    SHA-512:4BA4D6BFFF563A3F9C139393DA05321DB160F5AE8340E17B82F46BCAF30CBCC828B2FC4A4F86080E4826F0048355118EF21A533DEF5E4C9D2496B98951344690
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!9._@W^_@W^_@W^V8.^S@W^.7V_]@W^.2V_]@W^.7R_T@W^.7S_W@W^.7T_[@W^.7V_\@W^_@V^.AW^.7S_s@W^.7W_^@W^.7.^^@W^.7U_^@W^Rich_@W^........PE..d....A.a.........." .....<...T......<...............................................)&....`.........................................00...N..HE..........s.......|M..............t...t...8...............................8............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..c............d..............@..@.rsrc...s............f..............@..@.reloc..]............n..............@..B................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\pyexpat.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):192400
                                                                                                                                    Entropy (8bit):6.331661708582381
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:7UV1H8t//ZpdhxqMO2lr9JuB9OSH4ZCXRfWiTayyTvfvaycv0XOgeEnnRPcsR+2U:yVG/Ddh5r9JuB0SDfV9yTvfvx+Zj
                                                                                                                                    MD5:F3630FA0CA9CB85BFC865D00EF71F0AA
                                                                                                                                    SHA1:F176FDB823417ABEB54DAED210CF0BA3B6E02769
                                                                                                                                    SHA-256:AC1DFB6CDEEADBC386DBD1AFDDA4D25BA5B9B43A47C97302830D95E2A7F2D056
                                                                                                                                    SHA-512:B8472A69000108D462940F4D2B5A611E00D630DF1F8D6041BE4F7B05A9FD9F8E8AA5DE5FE880323569AC1B6857A09B7B9D27B3268D2A83A81007D94A8B8DA0FF
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B.J.B.J.B.J.::J.B.J.7.K.B.J.7.K.B.J.7.K.B.J.7.K.B.J57.K.B.J\0.K.B.J.B.J.B.J57.K.B.J57.K.B.J57VJ.B.J57.K.B.JRich.B.J................PE..d....y.a.........." ................p................................................8....`.............................................P...P........................................4..T...........................P5..8............ ...............................text............................... ..`.rdata..|.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\python3.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):62352
                                                                                                                                    Entropy (8bit):5.969350602670095
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:4st8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJ1:Ttwewnvtjnsfw9PdIGQ0P7Sy1R
                                                                                                                                    MD5:C38E9571F33898EB9F3DA53DC29B512F
                                                                                                                                    SHA1:5BE348C829B6DFA008D0DD239414AD388E5D7ACE
                                                                                                                                    SHA-256:70596AEA8C5CA8F3BF88E46A0606522413B50208EC9FCC6B706F7A064CF83B79
                                                                                                                                    SHA-512:1704BE273E3485013282C269FC974558683204639FCCFB46E6EB640C64A0769A21572A07EE62FE1D5EB1EED4D1419F2293D6E4FD8193CAAFE128C6D66BD48F6E
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.K.l...d.K.d...d.K.....d.K.f...d.Rich..d.........PE..d....y.a.........." ......................................................................`.........................................`...`...............................................T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\python310.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4453776
                                                                                                                                    Entropy (8bit):6.4554098557218
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:wplyWz2QcN6iPdzYjz0AMs9Kt2KnX0OCpFLoFnAcECdNCsugztL0DD9fIysVHkDx:sximj29G5H+ywH+MWqlgdMW
                                                                                                                                    MD5:C6C37B848273E2509A7B25ABE8BF2410
                                                                                                                                    SHA1:B27CFBD31336DA1E9B1F90E8F649A27154411D03
                                                                                                                                    SHA-256:B7A7F3707BEAB109B66DE3E340E3022DD83C3A18F444FEB9E982C29CF23C29B8
                                                                                                                                    SHA-512:222AD791304963A4B8C1C6055E02C0C4C47FCE2BB404BD4F89C022FF9706E29CA6FA36C72350FBF296C8A0E3E48E3756F969C003DD1EB056CD026EFE0B7EBA40
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...A...4...[n..4...A...4...A...4...A...4...L...4..zF...4...4...5...A..i4...A...4...Al..4...A...4..Rich.4..................PE..d....y.a.........." .....j#..^!.....l.........................................E......ND...`...........................................<.....X.=.|....pD......PB.......C.......D..t....$.T...........................0.$.8.............#.(............................text...>h#......j#................. ..`.rdata...+....#..,...n#.............@..@.data.........=.......=.............@....pdata.......PB......DA.............@..@PyRuntim`....`D......RC.............@....rsrc........pD......VC.............@..@.reloc...t....D..v...`C.............@..B................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\pywintypes310.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):137216
                                                                                                                                    Entropy (8bit):6.005880156088182
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:bnfstBwsNJzuMZnYrrC0DdZLN+yeLEKoPUZlB+u:zGys7KoYrrC0LxeYK4UZlB
                                                                                                                                    MD5:A44F3026BAF0B288D7538C7277DDAF41
                                                                                                                                    SHA1:C23FBDD6A1B0DC69753A00108DCE99D7EC7F5EE3
                                                                                                                                    SHA-256:2984DF073A029ACF46BCAED4AA868C509C5129555ED70CAC0FE2235ABDBA6E6D
                                                                                                                                    SHA-512:9699A2629F9F8C74A7D078AE10C9FFE5F30B29C4A2C92D3FCD2096DC2EDCEB71C59FD84E9448BB0C2FB970E2F4ADE8B3C233EBF673C47D83AE40D12A2317CA98
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<.z.<.z.<.z.5..0.z.n.{.>.z..,..=.z.n...(.z.n.~.4.z.n.y.>.z.Y.~.=.z...{.>.z.Y.{.7.z.<.{..z...s.1.z...z.=.z...x.=.z.Rich<.z.................PE..d...&Dgc.........." .........".......).......................................`............`.............................................dB..D........@..l.... ...............P.. ...Pn..T............................n..................x............................text...\........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc.. ....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\select.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):26000
                                                                                                                                    Entropy (8bit):6.339693503329678
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:NUTqPjk/7e12hwheCPHqqYBsVRXPdIG7GxIYiSy1pCQFC67hEQ:iTgUC2hwh7HqbYVPdIG7GmYiSyvD7hF
                                                                                                                                    MD5:431464C4813ED60FBF15A8BF77B0E0CE
                                                                                                                                    SHA1:9825F6A8898E38C7A7DDC6F0D4B017449FB54794
                                                                                                                                    SHA-256:1F56DF23A36132F1E5BE4484582C73081516BEE67C25EF79BEEE01180C04C7F0
                                                                                                                                    SHA-512:53175384699A7BB3B93467065992753B73D8F3A09E95E301A1A0386C6A1224FA9ED8FA42C99C1FFBCFA6377B6129E3DB96E23750E7F23B4130AF77D14AC504A0
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N...O...N...K...N...J...N...M...N.t.O...N...O...N...O...N.t.C...N.t.N...N.t.....N.t.L...N.Rich..N.................PE..d....y.a.........." .........0............................................................`.........................................`@..L....@..x....p.......`.......F..........H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\common\mutation-listener.js

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1944
                                                                                                                                    Entropy (8bit):4.675116854336413
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:G+SxKWxZZCg10kH11G4UQzNgxgWLlAziLhVGYTo:G+SQWbZC8hHnG4JRgxgWOJ
                                                                                                                                    MD5:81F59E36BDE07E051C3CB92A4986B327
                                                                                                                                    SHA1:676E0A28A5A1353E89469ACAAD1B08ADC62C795D
                                                                                                                                    SHA-256:2C2083C9A49F65C510D68D3620A57D4DFEDC8DC0FCC32524C1CCB11C6329EA07
                                                                                                                                    SHA-512:02562FC9AC369BC1994934B371DB8D550638430CBC7F7729DD7B3A95E90F4E53A205A62318803D021041DE362B0ED47752AD910CBDC742BEF6645A20AA96A1FA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:// Licensed to the Software Freedom Conservancy (SFC) under one.// or more contributor license agreements. See the NOTICE file.// distributed with this work for additional information.// regarding copyright ownership. The SFC licenses this file.// to you under the Apache License, Version 2.0 (the.// "License"); you may not use this file except in compliance.// with the License. You may obtain a copy of the License at.//.// http://www.apache.org/licenses/LICENSE-2.0.//.// Unless required by applicable law or agreed to in writing,.// software distributed under the License is distributed on an.// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY.// KIND, either express or implied. See the License for the.// specific language governing permissions and limitations.// under the License...(function () {. const observer = new MutationObserver((mutations) => {. for (const mutation of mutations) {. switch (mutation.type) {. case 'attributes':. // Don't report

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\firefox\webdriver_prefs.json

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:JSON data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2826
                                                                                                                                    Entropy (8bit):4.690644304617203
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:9SVI+Lhz3Oa0KUP8OZsUR4lckTgo6OxRLi//FPa+tLkglKgfgfOHSllrK/rTDzL+:/+trOa0KUP8OZ4ZUFPa+tAFEkOy7aTD+
                                                                                                                                    MD5:648D3DABABB0C714EE9A2D4A8FA4E39F
                                                                                                                                    SHA1:762AC0A8D883C8C05059F1815A35F6B55464B7C2
                                                                                                                                    SHA-256:946ADD298A5E2346E3D53D1CBE8AD7C33E4994130511F6D8B79268BE50B7A34C
                                                                                                                                    SHA-512:51B2ED36C8BB61EBA99406492B2F6928DB0DB413A8F60E30FDAB74D689247B8C83F0E790D8F6AEE370E0F2E27FD565F4A87608CDC547C752514F1476E6DC89AA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:{. "frozen": {. "app.update.auto": false,. "app.update.enabled": false,. "browser.displayedE10SNotice": 4,. "browser.download.manager.showWhenStarting": false,. "browser.EULA.override": true,. "browser.EULA.3.accepted": true,. "browser.link.open_external": 2,. "browser.link.open_newwindow": 2,. "browser.offline": false,. "browser.reader.detectedFirstArticle": true,. "browser.safebrowsing.enabled": false,. "browser.safebrowsing.malware.enabled": false,. "browser.search.update": false,. "browser.selfsupport.url" : "",. "browser.sessionstore.resume_from_crash": false,. "browser.shell.checkDefaultBrowser": false,. "browser.tabs.warnOnClose": false,. "browser.tabs.warnOnOpen": false,. "datareporting.healthreport.service.enabled": false,. "datareporting.healthreport.uploadEnabled": false,. "datareporting.healthreport.service.firstRun": false,. "datareporting.healthreport.logging.consoleEnabled": false,. "datareporting.poli

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote\findElements.js

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text, with very long lines (2269)
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):53824
                                                                                                                                    Entropy (8bit):5.477971537716615
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:AXJFPWr+DEqXMn9XM3UkGdEMT8TZZ/6B0clWuF2ZCtYuSn6B:ITU7dW62clW02s3
                                                                                                                                    MD5:9E69F9A88022723BC82E0591C5E157C4
                                                                                                                                    SHA1:C081C09A148FE317F740A3F0054DF6579BF60A96
                                                                                                                                    SHA-256:79C706A9230B156A30EE530803CFD87C0AC06BA5FECFED2243D1D60529C1113A
                                                                                                                                    SHA-512:2856971F9CB3BCA8887F9BB84E66610750366402B4B80892AC1269EB9D6078FD546AECFFB048CE0E5EA9027B276C51414594CC7052292076D74972414FD3C638
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:function(){return (function(){var aa=this||self;function ba(a){return"string"==typeof a}function ca(a,b){a=a.split(".");var c=aa;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function da(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function ea(a){return"function"==da(a)}function ha(a){var b=typeof a;return

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote\getAttribute.js

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text, with very long lines (1587)
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):43157
                                                                                                                                    Entropy (8bit):5.4711439829805295
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:V7p/8YXWW4BJinqX46z3wlU0koCF2TPO2bRmeJbNV9c:V7p/JWFBJinqXNm3nCwPgAc
                                                                                                                                    MD5:F05A5E91E83CD5CA39FBDED566E30E4C
                                                                                                                                    SHA1:A7273098A868272944881E6F87838E69CDF9DB44
                                                                                                                                    SHA-256:2186EA70072C63DDB4AD89F2315A7909A9B4A97F52A69957C74DA72641CDAE6A
                                                                                                                                    SHA-512:72819C5DDA934955C9F35ECD8724AF965634C1C50B530A81D48A4F167CC815A896180E414790BC0E33C8BC4176C8C777AAB01D3C47C7FFE2818C242EDE8160AA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:function(){return (function(){var h=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=h;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}funct

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\selenium\webdriver\remote\isDisplayed.js

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:ASCII text, with very long lines (1724)
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):43996
                                                                                                                                    Entropy (8bit):5.482916356843218
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:i5WDMeWWcwpdin/XLwXEWb1sHddFZ/R0o7BnF6LRkVZhYiJEKLuP:i50VWWppdin/Xk7buHdp/R0cF6+VZhzW
                                                                                                                                    MD5:B3122D6B9700A669111247D95460AC05
                                                                                                                                    SHA1:A14AF0130FC408719B1BA1AF81C03F54AC9D3F20
                                                                                                                                    SHA-256:EBDA4033FAA32130BFCA4B7A0B3DF41565A99301DF9331054B18F7932B34C388
                                                                                                                                    SHA-512:B74BACEBDE59767E18151F5A6E9E735C0243ADA4915BC1B9BBBFE276ADF4830D4B071C1A7AFE52E7A7558A8F9D3C464F329748CAB67864BAEBF05D5E398C7ED4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:function(){return (function(){var k=this||self;function aa(a){return"string"==typeof a}function ba(a,b){a=a.split(".");var c=k;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b}.function ca(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}function da(a,b,c){return a.call.apply(a.bind,arguments)}function ea(a,b,c){i

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\unicodedata.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1118608
                                                                                                                                    Entropy (8bit):5.375765997910847
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:ArlBMmuZ63NNQCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uOVg:mlBuqZV0m81MMREtV6Vo4uYOVg
                                                                                                                                    MD5:D1182BA27939104010B6313C466D49FF
                                                                                                                                    SHA1:7870134F41BA5333294C927DBD77D3F740AC87E7
                                                                                                                                    SHA-256:1AC171F51CC87F268617B4A635B2331D5991D987D32BB206DD4E38033449C052
                                                                                                                                    SHA-512:EF26A2C8B0094792E10CEABBF4D11724A9368D96F888240581A15D7A551754C1484F6B2ED1B963A73B686495C7952D9CB940021028D4F230B0B47D0794607D0F
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.$z8OJ)8OJ)8OJ)17.)>OJ)j:K(:OJ)j:O(4OJ)j:N(0OJ)j:I(;OJ).:K(;OJ).=K(:OJ)8OK)iOJ).:G(9OJ).:J(9OJ).:.)9OJ).:H(9OJ)Rich8OJ)........................PE..d....y.a.........." .....B..........`*.......................................@......5.....`.............................................X...(........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI28202\win32clipboard.pyd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):27648
                                                                                                                                    Entropy (8bit):5.45361083133999
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:A2hm1rbrcX2HtDD7qxukRVCsdRHSAHjB9SJcE4H0Kuyw:+1rbdleFRVCmRD3RGy
                                                                                                                                    MD5:C8C57F29DA0D5D46ECEB2FD58BA83865
                                                                                                                                    SHA1:217DFF02763F01A5F91615C27BA912453775A5DE
                                                                                                                                    SHA-256:E48C71D64001EA62C232EE43FEF7C27BA6268E217B2B81666705BE33D9E12EC9
                                                                                                                                    SHA-512:EECC4C57609E914B1C9E9E64C30B2257C9AD763C75E919AB50122D72D911723111A86638E3D288F61994EA7FAEAFA2CFDE1CF3D2407D622CB14F901FFF6C45B4
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.[.&j5.&j5.&j5./..."j5.t.4.$j5.t.0.-j5.t.1..j5.t.6.$j5..4.$j5..4.$j5.C.4./j5.&j4.Lj5..<.'j5..5.'j5..7.'j5.Rich&j5.................PE..d...B.ec.........." .........:......X.....................................................`.........................................@Y..\....Y..........t.......................x....M..T............................M...............@...............................text....-.......................... ..`.rdata...(...@...*...2..............@..@.data...H....p.......\..............@....pdata...............`..............@..@.rsrc...t............f..............@..@.reloc..x............j..............@..B........................................................................................................................................................................................................................................

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                    Entropy (8bit):7.9935693044459875
                                                                                                                                    TrID:
                                                                                                                                    • Win64 Executable Console (202006/5) 77.37%
                                                                                                                                    • InstallShield setup (43055/19) 16.49%
                                                                                                                                    • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                    • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                    File name:KuponcuBaba.exe
                                                                                                                                    File size:9945512
                                                                                                                                    MD5:d6c3bf64cc7cb131d467246ce5a4c455
                                                                                                                                    SHA1:2ea0b0bda586aeaef818445f48eae6edca8b9901
                                                                                                                                    SHA256:d91890315262e8a77c565b54baa5f82cbd32451bbe4293bcd8b1918a3d2e0aa1
                                                                                                                                    SHA512:7048d585c96d7a0c96154e5dd29d47379713f31e68404f04b582d5798c5bfe2980ea8220e78de7962b0b4e2fe8dbf2884298d9f8c25b258a05574da7b310ea7e
                                                                                                                                    SSDEEP:196608:F4FR1/wbITLwOjUqamvdsCncq4njQthsiHz5n7kMJgyZetlaFPhavejj:iR1obI/hvaCncvnKhsAn7LJ0tMXIej
                                                                                                                                    TLSH:ACA63344B7A048F8F877517C8027CA1ADAB2B8922722C15B077A83775F433E25E7B759
                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............@I..@I..@Ir.CH..@Ir.EH..@Ir.DH..@I...I..@I..EH..@I..DH..@I..CH..@Ir.AH..@I..AI..@I..DH..@I..BH..@IRich..@I...............

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:f0c6a08292d6c6d4

                                                                                                                                    Static PE Info

                                                                                                                                    General

                                                                                                                                    Entrypoint:0x14000a330
                                                                                                                                    Entrypoint Section:.text
                                                                                                                                    Digitally signed:false
                                                                                                                                    Imagebase:0x140000000
                                                                                                                                    Subsystem:windows cui
                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                    Time Stamp:0x63A3C1AB [Thu Dec 22 02:32:11 2022 UTC]
                                                                                                                                    TLS Callbacks:
                                                                                                                                    CLR (.Net) Version:
                                                                                                                                    OS Version Major:5
                                                                                                                                    OS Version Minor:2
                                                                                                                                    File Version Major:5
                                                                                                                                    File Version Minor:2
                                                                                                                                    Subsystem Version Major:5
                                                                                                                                    Subsystem Version Minor:2
                                                                                                                                    Import Hash:0bbecc8e9f9f17b0ea9cc3899b15e5cf

                                                                                                                                    Entrypoint Preview

                                                                                                                                    Instruction
                                                                                                                                    dec eax
                                                                                                                                    sub esp, 28h
                                                                                                                                    call 00007F91D8E4326Ch
                                                                                                                                    dec eax
                                                                                                                                    add esp, 28h
                                                                                                                                    jmp 00007F91D8E42BCFh
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    inc eax
                                                                                                                                    push ebx
                                                                                                                                    dec eax
                                                                                                                                    sub esp, 20h
                                                                                                                                    dec eax
                                                                                                                                    mov ebx, ecx
                                                                                                                                    xor ecx, ecx
                                                                                                                                    call dword ptr [0001FDC3h]
                                                                                                                                    dec eax
                                                                                                                                    mov ecx, ebx
                                                                                                                                    call dword ptr [0001FDB2h]
                                                                                                                                    call dword ptr [0001FD3Ch]
                                                                                                                                    dec eax
                                                                                                                                    mov ecx, eax
                                                                                                                                    mov edx, C0000409h
                                                                                                                                    dec eax
                                                                                                                                    add esp, 20h
                                                                                                                                    pop ebx
                                                                                                                                    dec eax
                                                                                                                                    jmp dword ptr [0001FDA8h]
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    int3
                                                                                                                                    dec eax
                                                                                                                                    mov dword ptr [esp+08h], ecx
                                                                                                                                    dec eax
                                                                                                                                    sub esp, 38h
                                                                                                                                    mov ecx, 00000017h
                                                                                                                                    call dword ptr [0001FD94h]
                                                                                                                                    test eax, eax
                                                                                                                                    je 00007F91D8E42D69h
                                                                                                                                    mov ecx, 00000002h
                                                                                                                                    int 29h
                                                                                                                                    dec eax
                                                                                                                                    lea ecx, dword ptr [00041CEAh]
                                                                                                                                    call 00007F91D8E42F2Eh
                                                                                                                                    dec eax
                                                                                                                                    mov eax, dword ptr [esp+38h]
                                                                                                                                    dec eax
                                                                                                                                    mov dword ptr [00041DD1h], eax
                                                                                                                                    dec eax
                                                                                                                                    lea eax, dword ptr [esp+38h]
                                                                                                                                    dec eax
                                                                                                                                    add eax, 08h
                                                                                                                                    dec eax
                                                                                                                                    mov dword ptr [00041D61h], eax
                                                                                                                                    dec eax
                                                                                                                                    mov eax, dword ptr [00041DBAh]
                                                                                                                                    dec eax
                                                                                                                                    mov dword ptr [00041C2Bh], eax
                                                                                                                                    dec eax
                                                                                                                                    mov eax, dword ptr [esp+40h]
                                                                                                                                    dec eax
                                                                                                                                    mov dword ptr [00041D2Fh], eax
                                                                                                                                    mov dword ptr [00041C05h], C0000409h
                                                                                                                                    mov dword ptr [00041BFFh], 00000001h
                                                                                                                                    mov dword ptr [00000009h], 00000000h

                                                                                                                                    Data Directories

                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3b8e40x3c.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1cb8.rsrc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x540000x754.reloc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x392c00x1c.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x391800x140.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                    Sections

                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                    .text0x10000x287b00x28800False0.5567551601080247zlib compressed data6.497436024881472IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                    .rdata0x2a0000x1246a0x12600False0.5137117346938775data5.832751054611758IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .data0x3d0000x103e80xe00False0.130859375data1.806338290884056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                    .pdata0x4e0000x20c40x2200False0.4762178308823529data5.314207607074194IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    _RDATA0x510000x15c0x200False0.39453125data2.8411284312485376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .rsrc0x520000x1cb80x1e00False0.334375data5.206372071267865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .reloc0x540000x7540x800False0.54345703125data5.23056010770353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                    Resources

                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                    RT_ICON0x520e80x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4608
                                                                                                                                    RT_GROUP_ICON0x537100x14data
                                                                                                                                    RT_MANIFEST0x537240x591XML 1.0 document, ASCII text, with CRLF line terminators

                                                                                                                                    Imports

                                                                                                                                    DLLImport
                                                                                                                                    KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, FreeLibrary, LoadLibraryExW, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, GetStartupInfoW, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW
                                                                                                                                    ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                    Network Behavior

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Jan 5, 2023 08:55:27.388087988 CET4970380192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.447922945 CET8049703159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.448067904 CET4970380192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.453983068 CET4970380192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.513797045 CET8049703159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.513875961 CET8049703159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.547445059 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.547523022 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.547619104 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.570631981 CET4970380192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.602269888 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.602312088 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.744771957 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.746862888 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.746901989 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.748678923 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.748784065 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.750565052 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.750575066 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.750881910 CET44349704159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.750904083 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.750943899 CET49704443192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.751301050 CET4970380192.168.2.5159.253.33.92
                                                                                                                                    Jan 5, 2023 08:55:27.810822964 CET8049703159.253.33.92192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.810923100 CET4970380192.168.2.5159.253.33.92

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Jan 5, 2023 08:55:27.285583019 CET5144153192.168.2.58.8.8.8
                                                                                                                                    Jan 5, 2023 08:55:27.376822948 CET53514418.8.8.8192.168.2.5
                                                                                                                                    Jan 5, 2023 08:55:27.527105093 CET4917753192.168.2.58.8.8.8
                                                                                                                                    Jan 5, 2023 08:55:27.544616938 CET53491778.8.8.8192.168.2.5

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                    Jan 5, 2023 08:55:27.285583019 CET192.168.2.58.8.8.80xff23Standard query (0)sunucu.troyagame.comA (IP address)IN (0x0001)false
                                                                                                                                    Jan 5, 2023 08:55:27.527105093 CET192.168.2.58.8.8.80xdf93Standard query (0)sunucu.troyagame.comA (IP address)IN (0x0001)false

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Jan 5, 2023 08:55:27.376822948 CET8.8.8.8192.168.2.50xff23No error (0)sunucu.troyagame.com159.253.33.92A (IP address)IN (0x0001)false
                                                                                                                                    Jan 5, 2023 08:55:27.544616938 CET8.8.8.8192.168.2.50xdf93No error (0)sunucu.troyagame.com159.253.33.92A (IP address)IN (0x0001)false

                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                    • sunucu.troyagame.com

                                                                                                                                    Statistics

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:1
                                                                                                                                    Start time:08:55:02
                                                                                                                                    Start date:05/01/2023
                                                                                                                                    Path:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    Imagebase:0x7ff6f8450000
                                                                                                                                    File size:9945512 bytes
                                                                                                                                    MD5 hash:D6C3BF64CC7CB131D467246CE5A4C455
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low

                                                                                                                                    General

                                                                                                                                    Target ID:3
                                                                                                                                    Start time:08:55:02
                                                                                                                                    Start date:05/01/2023
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff7fcd70000
                                                                                                                                    File size:625664 bytes
                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    General

                                                                                                                                    Target ID:7
                                                                                                                                    Start time:08:55:08
                                                                                                                                    Start date:05/01/2023
                                                                                                                                    Path:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\Desktop\KuponcuBaba.exe
                                                                                                                                    Imagebase:0x7ff6f8450000
                                                                                                                                    File size:9945512 bytes
                                                                                                                                    MD5 hash:D6C3BF64CC7CB131D467246CE5A4C455
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low

                                                                                                                                    General

                                                                                                                                    Target ID:8
                                                                                                                                    Start time:08:55:09
                                                                                                                                    Start date:05/01/2023
                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                    Imagebase:0x7ff627730000
                                                                                                                                    File size:273920 bytes
                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    General

                                                                                                                                    Target ID:9
                                                                                                                                    Start time:08:55:25
                                                                                                                                    Start date:05/01/2023
                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c @echo off
                                                                                                                                    Imagebase:0x7ff627730000
                                                                                                                                    File size:273920 bytes
                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    General

                                                                                                                                    Target ID:10
                                                                                                                                    Start time:08:55:26
                                                                                                                                    Start date:05/01/2023
                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c cls
                                                                                                                                    Imagebase:0x7ff627730000
                                                                                                                                    File size:273920 bytes
                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Disassembly

                                                                                                                                    No disassembly