Looking much better, would still advice caution as with any file downloaded from the internet.

Based on the latest wallet virustotal scans and behavior checks, no more commands are executed.
All the alerts reference either cryptowallets or cryptominers which for coin wallets is pretty normal.

Edit to add,
Only thing that really is a bit wierd is the file
C:\Sysmon\438274944D21C3590AB2F6C5A34D5933B808ACB6409037FFE5B95B31EF18E8BDCFC6B5E6A0049489ADC5CECAFC7F95524157170C3CDA66F72AD85350D09F0476432071D000000000000000000000000000000000
But I think this is a Sysinternals sandbox artifact as I did not see that in my own sandbox.
Also not entirely sure why it needs to query a list of all running processes but maybe that's due to some dependency.

Is it possible your build environment was compromised when building the previous wallets?