Windows Analysis Report
wsx.exe

Overview

General Information

Sample name: wsx.exe
Analysis ID: 1523266
MD5: bfbefe6213ea9b1d3d0f92c970998d80
SHA1: db7863df94867d3522c47ab417437e0e8c81b124
SHA256: c337e536bb2195ad30d214fee810360815797a4e3bd91a7d88949e4df6948791
Tags: exeuser-Porcupine
Infos:

Detection

Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Potentially malicious time measurement code found
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Uses schtasks.exe or at.exe to add and modify task schedules
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: wsx.exe Virustotal: Detection: 13% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.6% probability
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93001F0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp, 2_2_00007FF8A93001F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9313410 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once, 2_2_00007FF8A9313410
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F18CF CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F18CF
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F1357
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9356AC0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A9356AC0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930A970 CRYPTO_THREAD_run_once, 2_2_00007FF8A930A970
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2252 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free, 2_2_00007FF8A92F2252
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9314900 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 2_2_00007FF8A9314900
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A931C9D0 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 2_2_00007FF8A931C9D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9322C70 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 2_2_00007FF8A9322C70
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F17B7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 2_2_00007FF8A92F17B7
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1FB9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free, 2_2_00007FF8A92F1FB9
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F8B20 CRYPTO_free, 2_2_00007FF8A92F8B20
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930CB50 CRYPTO_get_ex_new_index, 2_2_00007FF8A930CB50
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9346B00 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free, 2_2_00007FF8A9346B00
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933ABF0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free, 2_2_00007FF8A933ABF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F6BE0 CRYPTO_zalloc,CRYPTO_free, 2_2_00007FF8A92F6BE0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64, 2_2_00007FF8A92F1230
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A931CB90 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error, 2_2_00007FF8A931CB90
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930CBB0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A930CBB0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F8E30 CRYPTO_malloc,ERR_put_error, 2_2_00007FF8A92F8E30
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9340E00 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 2_2_00007FF8A9340E00
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FEE90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp, 2_2_00007FF8A92FEE90
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930EE80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname, 2_2_00007FF8A930EE80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9326D50 CRYPTO_free, 2_2_00007FF8A9326D50
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9340D60 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A9340D60
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F22DE ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F22DE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2545 CRYPTO_malloc,ERR_put_error,BIO_snprintf, 2_2_00007FF8A92F2545
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9326DC0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free, 2_2_00007FF8A9326DC0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F172B CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A92F172B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1BF9 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes, 2_2_00007FF8A92F1BF9
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1B5E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 2_2_00007FF8A92F1B5E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933D040 CRYPTO_free,CRYPTO_free, 2_2_00007FF8A933D040
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F228E CRYPTO_free, 2_2_00007FF8A92F228E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2261 CRYPTO_zalloc,ERR_put_error, 2_2_00007FF8A92F2261
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9307093 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A9307093
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A932F080 CRYPTO_realloc, 2_2_00007FF8A932F080
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F23EC CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup, 2_2_00007FF8A92F23EC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9337090 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A9337090
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1DAC CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F1DAC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933AF60 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free, 2_2_00007FF8A933AF60
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1B4A CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock, 2_2_00007FF8A92F1B4A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9306F93 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error, 2_2_00007FF8A9306F93
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9328FF0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free, 2_2_00007FF8A9328FF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup, 2_2_00007FF8A92F109B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93062B0 CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A93062B0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93242D0 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 2_2_00007FF8A93242D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F17D5 CRYPTO_malloc,memcpy, 2_2_00007FF8A92F17D5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93482E0 CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A93482E0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F16B8 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free, 2_2_00007FF8A92F16B8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FE100 CRYPTO_free, 2_2_00007FF8A92FE100
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9324110 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 2_2_00007FF8A9324110
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FE1B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc, 2_2_00007FF8A92FE1B0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1D52 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free, 2_2_00007FF8A92F1D52
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9308180 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A9308180
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9316190 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free, 2_2_00007FF8A9316190
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F4437 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags, 2_2_00007FF8A92F4437
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9312450 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free, 2_2_00007FF8A9312450
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1514 CRYPTO_free, 2_2_00007FF8A92F1514
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F225C CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 2_2_00007FF8A92F225C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9308420 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free, 2_2_00007FF8A9308420
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1CE4 CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F1CE4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93044F0 CRYPTO_clear_free, 2_2_00007FF8A93044F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933848F CRYPTO_malloc, 2_2_00007FF8A933848F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9324490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset, 2_2_00007FF8A9324490
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A934A35C CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A934A35C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1E60 CRYPTO_clear_free, 2_2_00007FF8A92F1E60
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93283F0 CRYPTO_zalloc,CRYPTO_free, 2_2_00007FF8A93283F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FE3F0 CRYPTO_malloc, 2_2_00007FF8A92FE3F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93063EA CRYPTO_free, 2_2_00007FF8A93063EA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93303A0 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A93303A0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2310 CRYPTO_free, 2_2_00007FF8A92F2310
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1F9B CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy, 2_2_00007FF8A92F1F9B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F4660 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free, 2_2_00007FF8A92F4660
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2149 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 2_2_00007FF8A92F2149
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F8640 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow, 2_2_00007FF8A92F8640
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1500 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 2_2_00007FF8A92F1500
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933C6C0 CRYPTO_malloc, 2_2_00007FF8A933C6C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1F78 CRYPTO_strdup, 2_2_00007FF8A92F1F78
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1B18 memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp, 2_2_00007FF8A92F1B18
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F15CD EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free, 2_2_00007FF8A92F15CD
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FE510 CRYPTO_free,CRYPTO_malloc, 2_2_00007FF8A92FE510
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1EB5 CRYPTO_strdup,CRYPTO_free, 2_2_00007FF8A92F1EB5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933C510 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A933C510
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1B95 CRYPTO_free,CRYPTO_malloc, 2_2_00007FF8A92F1B95
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F1208
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F8590 CRYPTO_zalloc,ERR_put_error, 2_2_00007FF8A92F8590
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933A5E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free, 2_2_00007FF8A933A5E0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9330590 CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A9330590
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F19EC CRYPTO_malloc,ERR_put_error,CRYPTO_free, 2_2_00007FF8A92F19EC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1AB9 CRYPTO_free, 2_2_00007FF8A92F1AB9
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93485A0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final, 2_2_00007FF8A93485A0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F19BA CRYPTO_malloc, 2_2_00007FF8A92F19BA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9308870 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse, 2_2_00007FF8A9308870
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1C26 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc, 2_2_00007FF8A92F1C26
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A931C8E0 CRYPTO_free,CRYPTO_free, 2_2_00007FF8A931C8E0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F250E CRYPTO_free, 2_2_00007FF8A92F250E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A931C740 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 2_2_00007FF8A931C740
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1EAB CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A92F1EAB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy, 2_2_00007FF8A92F1249
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9342730 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy, 2_2_00007FF8A9342730
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93387CE CRYPTO_free,CRYPTO_free, 2_2_00007FF8A93387CE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9358780 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free, 2_2_00007FF8A9358780
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933A7B0 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free, 2_2_00007FF8A933A7B0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1D8E BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A92F1D8E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1870 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F1870
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2095 CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free, 2_2_00007FF8A92F2095
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1686 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F1686
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A932FAF0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A932FAF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A934FAF0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A934FAF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1C0D CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A92F1C0D
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F215D CRYPTO_free,CRYPTO_malloc,RAND_bytes, 2_2_00007FF8A92F215D
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F218F EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free, 2_2_00007FF8A92F218F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 2_2_00007FF8A92F125D
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F193A CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F193A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1663 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F1663
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933FC60 CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A933FC60
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F24D2 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free, 2_2_00007FF8A92F24D2
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F20F4 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock, 2_2_00007FF8A92F20F4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F12E4 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F12E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free, 2_2_00007FF8A92F101E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930FB30 CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 2_2_00007FF8A930FB30
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9311BD0 CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A9311BD0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9329B90 CRYPTO_memcmp, 2_2_00007FF8A9329B90
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1ABE CONF_parse_list,CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F1ABE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F7BD0 CRYPTO_free, 2_2_00007FF8A92F7BD0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F7E20 CRYPTO_zalloc,ERR_put_error, 2_2_00007FF8A92F7E20
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930DE70 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 2_2_00007FF8A930DE70
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1CD5 CRYPTO_malloc,COMP_expand_block, 2_2_00007FF8A92F1CD5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F150A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy, 2_2_00007FF8A92F150A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9329E30 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A9329E30
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9337EC7 CRYPTO_clear_free, 2_2_00007FF8A9337EC7
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9305E80 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 2_2_00007FF8A9305E80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1E6A CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free, 2_2_00007FF8A92F1E6A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9313D40 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A9313D40
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F7D20 CRYPTO_free, 2_2_00007FF8A92F7D20
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9347D00 CRYPTO_memcmp, 2_2_00007FF8A9347D00
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1104 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 2_2_00007FF8A92F1104
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F22CA ERR_put_error,CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A92F22CA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A932FDC0 CRYPTO_free,CRYPTO_free, 2_2_00007FF8A932FDC0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1F28 CRYPTO_free,CRYPTO_malloc,memcpy, 2_2_00007FF8A92F1F28
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F16E5 CRYPTO_zalloc, 2_2_00007FF8A92F16E5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930DD80 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 2_2_00007FF8A930DD80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930FDA0 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free, 2_2_00007FF8A930FDA0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A932A050 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 2_2_00007FF8A932A050
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9330070 CRYPTO_memcmp, 2_2_00007FF8A9330070
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F405B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init, 2_2_00007FF8A92F405B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93480C0 CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A93480C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FE0A0 CRYPTO_free, 2_2_00007FF8A92FE0A0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930E0B0 CRYPTO_THREAD_run_once, 2_2_00007FF8A930E0B0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1F01 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free, 2_2_00007FF8A92F1F01
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A935BF20 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free, 2_2_00007FF8A935BF20
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F7F80 CRYPTO_zalloc,ERR_put_error, 2_2_00007FF8A92F7F80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F9FF0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F9FF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FDFF0 CRYPTO_free, 2_2_00007FF8A92FDFF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9341F80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy, 2_2_00007FF8A9341F80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930BFB0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free, 2_2_00007FF8A930BFB0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9309FB0 CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A9309FB0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9327270 CRYPTO_free, 2_2_00007FF8A9327270
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A934D230 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A934D230
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A932F2C0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A932F2C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A934F2D0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse, 2_2_00007FF8A934F2D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A933B2E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup, 2_2_00007FF8A933B2E0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F23DD CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F23DD
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9325120 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup, 2_2_00007FF8A9325120
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F191F ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup, 2_2_00007FF8A92F191F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93231F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free, 2_2_00007FF8A93231F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F24D7 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 2_2_00007FF8A92F24D7
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F207C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 2_2_00007FF8A92F207C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9327460 CRYPTO_free, 2_2_00007FF8A9327460
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93274D0 CRYPTO_free, 2_2_00007FF8A93274D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9309480 ASN1_item_d2i,ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free, 2_2_00007FF8A9309480
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 2_2_00007FF8A92F141F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F18BB CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 2_2_00007FF8A92F18BB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F17A3 CRYPTO_free, 2_2_00007FF8A92F17A3
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset, 2_2_00007FF8A92F1005
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9327310 CRYPTO_free,CRYPTO_free, 2_2_00007FF8A9327310
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2144 EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy, 2_2_00007FF8A92F2144
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9337320 CRYPTO_free,CRYPTO_strndup, 2_2_00007FF8A9337320
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1253 CRYPTO_free, 2_2_00007FF8A92F1253
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A931D3C0 CRYPTO_malloc,CRYPTO_clear_free, 2_2_00007FF8A931D3C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93193D0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 2_2_00007FF8A93193D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93433D0 CRYPTO_malloc,memcpy, 2_2_00007FF8A93433D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free, 2_2_00007FF8A92F1028
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F231A CRYPTO_free,CRYPTO_memdup, 2_2_00007FF8A92F231A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1A0A EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc, 2_2_00007FF8A92F1A0A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2446 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 2_2_00007FF8A92F2446
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9357650 CRYPTO_free,CRYPTO_malloc,ERR_put_error, 2_2_00007FF8A9357650
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F24AF CRYPTO_free,CRYPTO_malloc,memcpy, 2_2_00007FF8A92F24AF
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1C44 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free, 2_2_00007FF8A92F1C44
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9319630 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data, 2_2_00007FF8A9319630
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F10A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup, 2_2_00007FF8A92F10A5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A901F0 EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp,strncmp,strncmp,strncmp,strncmp,strncmp, 10_2_00007FF8A7A901F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA3410 ERR_put_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once, 10_2_00007FF8A7AA3410
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8250E CRYPTO_free, 10_2_00007FF8A7A8250E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AAC8E0 CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7AAC8E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A98870 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse, 10_2_00007FF8A7A98870
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81C26 EVP_CIPHER_key_length,EVP_CIPHER_iv_length,CRYPTO_malloc, 10_2_00007FF8A7A81C26
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A819BA CRYPTO_malloc, 10_2_00007FF8A7A819BA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACA7B0 EVP_DigestUpdate,EVP_MD_CTX_free,EVP_PKEY_CTX_free,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free, 10_2_00007FF8A7ACA7B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AE8780 HMAC_CTX_new,EVP_CIPHER_CTX_new,EVP_sha256,HMAC_Init_ex,EVP_aes_256_cbc,HMAC_size,EVP_CIPHER_CTX_iv_length,HMAC_Update,HMAC_Final,CRYPTO_memcmp,EVP_CIPHER_CTX_iv_length,EVP_CIPHER_CTX_iv_length,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free, 10_2_00007FF8A7AE8780
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC87CE CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7AC87CE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD2730 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,memcpy,memcpy, 10_2_00007FF8A7AD2730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81249 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,memcpy, 10_2_00007FF8A7A81249
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81EAB CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7A81EAB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AAC740 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 10_2_00007FF8A7AAC740
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A815CD EVP_MD_CTX_new,EVP_PKEY_new,EVP_PKEY_assign,DH_free,EVP_PKEY_security_bits,EVP_PKEY_get0_DH,EVP_PKEY_free,DH_get0_key,EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,EVP_PKEY_size,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestSign,CRYPTO_free,EVP_MD_CTX_free, 10_2_00007FF8A7A815CD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81B18 memset,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,CRYPTO_memcmp, 10_2_00007FF8A7A81B18
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81F78 CRYPTO_strdup, 10_2_00007FF8A7A81F78
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACC6C0 CRYPTO_malloc, 10_2_00007FF8A7ACC6C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81500 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 10_2_00007FF8A7A81500
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82149 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 10_2_00007FF8A7A82149
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81F9B CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy, 10_2_00007FF8A7A81F9B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A84660 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free, 10_2_00007FF8A7A84660
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A88640 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow, 10_2_00007FF8A7A88640
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A819EC CRYPTO_malloc,ERR_put_error,CRYPTO_free, 10_2_00007FF8A7A819EC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81AB9 CRYPTO_free, 10_2_00007FF8A7A81AB9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD85A0 CRYPTO_malloc,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,CRYPTO_free,EVP_CIPHER_CTX_free,HMAC_CTX_free,RAND_bytes,EVP_sha256,EVP_EncryptUpdate,EVP_EncryptFinal,HMAC_Update,HMAC_Final, 10_2_00007FF8A7AD85A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A88590 CRYPTO_zalloc,ERR_put_error, 10_2_00007FF8A7A88590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC0590 CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7AC0590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACA5E0 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free, 10_2_00007FF8A7ACA5E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81208 CRYPTO_zalloc,memcpy,memcpy,memcpy,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A81208
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81B95 CRYPTO_free,CRYPTO_malloc, 10_2_00007FF8A7A81B95
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8E510 CRYPTO_free,CRYPTO_malloc, 10_2_00007FF8A7A8E510
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACC510 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7ACC510
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81EB5 CRYPTO_strdup,CRYPTO_free, 10_2_00007FF8A7A81EB5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB4490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset, 10_2_00007FF8A7AB4490
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC848F CRYPTO_malloc, 10_2_00007FF8A7AC848F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A944F0 CRYPTO_clear_free, 10_2_00007FF8A7A944F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81CE4 CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A81CE4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A84437 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags, 10_2_00007FF8A7A84437
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A98420 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free, 10_2_00007FF8A7A98420
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81514 CRYPTO_free, 10_2_00007FF8A7A81514
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8225C CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error, 10_2_00007FF8A7A8225C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA2450 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free, 10_2_00007FF8A7AA2450
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC03A0 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7AC03A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82310 CRYPTO_free, 10_2_00007FF8A7A82310
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8E3F0 CRYPTO_malloc, 10_2_00007FF8A7A8E3F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB83F0 CRYPTO_zalloc,CRYPTO_free, 10_2_00007FF8A7AB83F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A963EA CRYPTO_free, 10_2_00007FF8A7A963EA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81E60 CRYPTO_clear_free, 10_2_00007FF8A7A81E60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADA35C CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7ADA35C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A962B0 CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7A962B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A817D5 CRYPTO_malloc,memcpy, 10_2_00007FF8A7A817D5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD82E0 CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7AD82E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB42D0 OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 10_2_00007FF8A7AB42D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8109B CRYPTO_free,CRYPTO_memdup,CRYPTO_memdup, 10_2_00007FF8A7A8109B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8E1B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc, 10_2_00007FF8A7A8E1B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA6190 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free, 10_2_00007FF8A7AA6190
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A98180 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A98180
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81D52 BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free, 10_2_00007FF8A7A81D52
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB4110 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 10_2_00007FF8A7AB4110
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8E100 CRYPTO_free, 10_2_00007FF8A7A8E100
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A816B8 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,EVP_PKEY_missing_parameters,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free, 10_2_00007FF8A7A816B8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC7090 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7AC7090
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A97093 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7A97093
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ABF080 CRYPTO_realloc, 10_2_00007FF8A7ABF080
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A823EC CRYPTO_free,CRYPTO_malloc,memcmp,CRYPTO_memdup, 10_2_00007FF8A7A823EC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8228E CRYPTO_free, 10_2_00007FF8A7A8228E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82261 CRYPTO_zalloc,ERR_put_error, 10_2_00007FF8A7A82261
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81B5E EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 10_2_00007FF8A7A81B5E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACD040 CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7ACD040
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A96F93 CRYPTO_free,CRYPTO_strdup,ERR_put_error,ERR_put_error, 10_2_00007FF8A7A96F93
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB8FF0 EVP_MD_size,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,BIO_ctrl,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key,EVP_DigestSignInit,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free, 10_2_00007FF8A7AB8FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81B4A CRYPTO_THREAD_write_lock,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock, 10_2_00007FF8A7A81B4A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACAF60 X509_get0_pubkey,CRYPTO_malloc,RAND_bytes,EVP_PKEY_CTX_new,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_PKEY_CTX_free, 10_2_00007FF8A7ACAF60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81DAC CONF_parse_list,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A81DAC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8EE90 EVP_MD_CTX_md,EVP_MD_size,CRYPTO_memcmp,EVP_MD_CTX_md,EVP_MD_CTX_md,EVP_MD_size,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,EVP_CIPHER_CTX_cipher,EVP_CIPHER_flags,CRYPTO_memcmp, 10_2_00007FF8A7A8EE90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9EE80 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_flags,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname,EVP_get_cipherbyname, 10_2_00007FF8A7A9EE80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A88E30 CRYPTO_malloc,ERR_put_error, 10_2_00007FF8A7A88E30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD0E00 CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 10_2_00007FF8A7AD0E00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81BF9 ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,OPENSSL_LH_new,OPENSSL_sk_num,EVP_get_digestbyname,EVP_get_digestbyname,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,RAND_bytes,RAND_priv_bytes,RAND_priv_bytes,RAND_priv_bytes, 10_2_00007FF8A7A81BF9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8172B CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7A8172B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB6DC0 CRYPTO_free,CRYPTO_strdup,CRYPTO_free, 10_2_00007FF8A7AB6DC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82545 CRYPTO_malloc,ERR_put_error,BIO_snprintf, 10_2_00007FF8A7A82545
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A822DE ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A822DE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD0D60 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7AD0D60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB6D50 CRYPTO_free, 10_2_00007FF8A7AB6D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81FB9 BN_bin2bn,BN_is_zero,CRYPTO_free,CRYPTO_strdup,CRYPTO_clear_free, 10_2_00007FF8A7A81FB9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A817B7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 10_2_00007FF8A7A817B7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB2C70 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock, 10_2_00007FF8A7AB2C70
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9CBB0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A9CBB0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81230 memcpy,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,memcmp,_time64, 10_2_00007FF8A7A81230
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AACB90 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,ERR_put_error,EVP_PKEY_free,X509_get0_pubkey,X509_free,OPENSSL_sk_push,ERR_put_error,X509_free,ERR_put_error, 10_2_00007FF8A7AACB90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACABF0 memset,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free, 10_2_00007FF8A7ACABF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A86BE0 CRYPTO_zalloc,CRYPTO_free, 10_2_00007FF8A7A86BE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A88B20 CRYPTO_free, 10_2_00007FF8A7A88B20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD6B00 EVP_MD_CTX_new,X509_get0_pubkey,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_id,EVP_PKEY_size,EVP_DigestVerifyInit,EVP_PKEY_id,CRYPTO_malloc,BUF_reverse,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestVerify,BIO_free,EVP_MD_CTX_free,CRYPTO_free, 10_2_00007FF8A7AD6B00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9CB50 CRYPTO_get_ex_new_index, 10_2_00007FF8A7A9CB50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AE6AC0 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7AE6AC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81357 memcmp,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,memcmp,memcmp,memcpy,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A81357
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A818CF CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A818CF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AAC9D0 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error, 10_2_00007FF8A7AAC9D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA4900 X509_VERIFY_PARAM_free,CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 10_2_00007FF8A7AA4900
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9A970 CRYPTO_THREAD_run_once, 10_2_00007FF8A7A9A970
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82252 BIO_s_file,BIO_new,BIO_ctrl,strncmp,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free, 10_2_00007FF8A7A82252
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA58A7 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 10_2_00007FF8A7AA58A7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81695 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock, 10_2_00007FF8A7A81695
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9D820 CRYPTO_THREAD_run_once, 10_2_00007FF8A7A9D820
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81F6E CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A81F6E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81859 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,OPENSSL_cleanse,OPENSSL_cleanse,EVP_MD_size, 10_2_00007FF8A7A81859
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81847 CRYPTO_free, 10_2_00007FF8A7A81847
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82400 CRYPTO_malloc,ERR_put_error,CRYPTO_free, 10_2_00007FF8A7A82400
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AAF730 CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 10_2_00007FF8A7AAF730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB7770 CRYPTO_free, 10_2_00007FF8A7AB7770
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB36F0 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free, 10_2_00007FF8A7AB36F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A976D0 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free, 10_2_00007FF8A7A976D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A810A5 CRYPTO_zalloc,ERR_put_error,ERR_put_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_put_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup, 10_2_00007FF8A7A810A5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA9630 ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_put_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data, 10_2_00007FF8A7AA9630
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81C44 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free, 10_2_00007FF8A7A81C44
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A824AF CRYPTO_free,CRYPTO_malloc,memcpy, 10_2_00007FF8A7A824AF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AE7650 CRYPTO_free,CRYPTO_malloc,ERR_put_error, 10_2_00007FF8A7AE7650
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A818C5 ERR_put_error,CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7A818C5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81B04 CRYPTO_malloc,CRYPTO_mem_ctrl,OPENSSL_sk_find,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error,OPENSSL_sk_push,CRYPTO_mem_ctrl,CRYPTO_free,CRYPTO_mem_ctrl,ERR_put_error, 10_2_00007FF8A7A81B04
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADF5D0 EVP_PKEY_get0_RSA,RSA_size,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free, 10_2_00007FF8A7ADF5D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AEB5C0 memset,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 10_2_00007FF8A7AEB5C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADB530 CRYPTO_memcmp, 10_2_00007FF8A7ADB530
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD1520 CRYPTO_free, 10_2_00007FF8A7AD1520
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A89540 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 10_2_00007FF8A7A89540
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A818BB CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 10_2_00007FF8A7A818BB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A99480 ASN1_item_d2i,ERR_put_error,ASN1_item_free,memcpy,_time64,X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ASN1_item_free, 10_2_00007FF8A7A99480
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8141F EVP_PKEY_get1_tls_encodedpoint,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 10_2_00007FF8A7A8141F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB74D0 CRYPTO_free, 10_2_00007FF8A7AB74D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB7460 CRYPTO_free, 10_2_00007FF8A7AB7460
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82446 CRYPTO_free,CRYPTO_memdup,ERR_put_error, 10_2_00007FF8A7A82446
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8231A CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A8231A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA93D0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock, 10_2_00007FF8A7AA93D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD33D0 CRYPTO_malloc,memcpy, 10_2_00007FF8A7AD33D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81028 EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_new,RSA_pkey_ctx_ctrl,CRYPTO_free,EVP_MD_CTX_free,EVP_MD_CTX_free, 10_2_00007FF8A7A81028
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81A0A EVP_MD_size,EVP_CIPHER_iv_length,EVP_CIPHER_key_length,CRYPTO_clear_free,CRYPTO_malloc, 10_2_00007FF8A7A81A0A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AAD3C0 CRYPTO_malloc,CRYPTO_clear_free, 10_2_00007FF8A7AAD3C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC7320 CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7AC7320
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81253 CRYPTO_free, 10_2_00007FF8A7A81253
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB7310 CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7AB7310
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82144 EVP_MD_CTX_new,EVP_MD_CTX_copy_ex,CRYPTO_memcmp,memcpy,memcpy, 10_2_00007FF8A7A82144
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A817A3 CRYPTO_free, 10_2_00007FF8A7A817A3
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81005 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset, 10_2_00007FF8A7A81005
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A823DD CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A823DD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACB2E0 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7ACB2E0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADF2D0 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse, 10_2_00007FF8A7ADF2D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ABF2C0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7ABF2C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADD230 OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,CRYPTO_memcmp,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7ADD230
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB7270 CRYPTO_free, 10_2_00007FF8A7AB7270
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB31F0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free, 10_2_00007FF8A7AB31F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A824D7 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A824D7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8207C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,memset, 10_2_00007FF8A7A8207C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8191F ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,OPENSSL_sk_value,CRYPTO_dup_ex_data,BIO_ctrl,BIO_ctrl,BIO_up_ref,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup, 10_2_00007FF8A7A8191F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB5120 CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,ERR_put_error,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup, 10_2_00007FF8A7AB5120
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9E0B0 CRYPTO_THREAD_run_once, 10_2_00007FF8A7A9E0B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8E0A0 CRYPTO_free, 10_2_00007FF8A7A8E0A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD80C0 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7AD80C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC0070 CRYPTO_memcmp, 10_2_00007FF8A7AC0070
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8405B BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init, 10_2_00007FF8A7A8405B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ABA050 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free, 10_2_00007FF8A7ABA050
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9BFB0 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free, 10_2_00007FF8A7A9BFB0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A99FB0 CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7A99FB0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD1F80 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy, 10_2_00007FF8A7AD1F80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A87F80 CRYPTO_zalloc,ERR_put_error, 10_2_00007FF8A7A87F80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A89FF0 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A89FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8DFF0 CRYPTO_free, 10_2_00007FF8A7A8DFF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AEBF20 SRP_Calc_u,BN_num_bits,CRYPTO_malloc,BN_bn2bin,BN_clear_free,BN_clear_free,CRYPTO_clear_free,BN_clear_free, 10_2_00007FF8A7AEBF20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81F01 CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_put_error,CRYPTO_clear_free, 10_2_00007FF8A7A81F01
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A95E80 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free, 10_2_00007FF8A7A95E80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81E6A CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,CRYPTO_free, 10_2_00007FF8A7A81E6A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC7EC7 CRYPTO_clear_free, 10_2_00007FF8A7AC7EC7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB9E30 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7AB9E30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8150A CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy, 10_2_00007FF8A7A8150A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A87E20 CRYPTO_zalloc,ERR_put_error, 10_2_00007FF8A7A87E20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9DE70 COMP_zlib,CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 10_2_00007FF8A7A9DE70
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81CD5 CRYPTO_malloc,COMP_expand_block, 10_2_00007FF8A7A81CD5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9FDA0 strncmp,strncmp,strncmp,strncmp,ERR_put_error,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,ERR_put_error,strncmp,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free, 10_2_00007FF8A7A9FDA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A816E5 CRYPTO_zalloc, 10_2_00007FF8A7A816E5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9DD80 CRYPTO_mem_ctrl,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,OPENSSL_sk_sort,CRYPTO_mem_ctrl, 10_2_00007FF8A7A9DD80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81F28 CRYPTO_free,CRYPTO_malloc,memcpy, 10_2_00007FF8A7A81F28
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ABFDC0 CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7ABFDC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81104 EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 10_2_00007FF8A7A81104
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A822CA ERR_put_error,CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7A822CA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A87D20 CRYPTO_free, 10_2_00007FF8A7A87D20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AD7D00 CRYPTO_memcmp, 10_2_00007FF8A7AD7D00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA3D40 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7AA3D40
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A812E4 EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A812E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A820F4 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock, 10_2_00007FF8A7A820F4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A824D2 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_memcmp,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free, 10_2_00007FF8A7A824D2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ACFC60 CRYPTO_free,CRYPTO_free,CRYPTO_strndup, 10_2_00007FF8A7ACFC60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB9B90 CRYPTO_memcmp, 10_2_00007FF8A7AB9B90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81ABE CONF_parse_list,CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A81ABE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AA1BD0 CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7AA1BD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A87BD0 CRYPTO_free, 10_2_00007FF8A7A87BD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9FB30 CRYPTO_zalloc,ERR_put_error,CRYPTO_free, 10_2_00007FF8A7A9FB30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8101E EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free, 10_2_00007FF8A7A8101E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81686 CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A81686
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ABFAF0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7ABFAF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADFAF0 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7ADFAF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81870 CRYPTO_free,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A81870
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82095 CRYPTO_free,_time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free, 10_2_00007FF8A7A82095
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81D8E BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7A81D8E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81663 CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free, 10_2_00007FF8A7A81663
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8125D BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free, 10_2_00007FF8A7A8125D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8218F EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free, 10_2_00007FF8A7A8218F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8215D CRYPTO_free,CRYPTO_malloc,RAND_bytes, 10_2_00007FF8A7A8215D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81C0D CRYPTO_free,CRYPTO_strdup, 10_2_00007FF8A7A81C0D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8193A CRYPTO_free,CRYPTO_memdup, 10_2_00007FF8A7A8193A
Source: wsx.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: C:\A\31\b\bin\amd64\python3.pdb source: wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726746703.00007FF8BA502000.00000002.00000001.01000000.00000007.sdmp, registry_65f93d51.exe, 00000009.00000003.2325177610.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725982927.00007FF8B8F72000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_bz2.pdb source: wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726166568.00007FF8BA24E000.00000002.00000001.01000000.0000000A.sdmp, registry_65f93d51.exe, 00000009.00000003.2311725038.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725034578.00007FF8B829E000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_multiprocessing.pdb source: wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312503652.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_hashlib.pdb source: wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725020792.00007FF8B9105000.00000002.00000001.01000000.00000011.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725343238.00007FF8B8795000.00000002.00000001.01000000.00000026.sdmp, _hashlib.pyd.9.dr
Source: Binary string: ~/.pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\unicodedata.pdb source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmp, registry_65f93d51.exe, 00000009.00000003.2327134026.000001BF40594000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722044735.00007FF8A73C5000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_asyncio.pdb source: wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724186040.00007FF8B8F87000.00000002.00000001.01000000.00000016.sdmp, registry_65f93d51.exe, 00000009.00000003.2311554458.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726060409.00007FF8B90B7000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdb source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_socket.pdb source: wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725967855.00007FF8B9F69000.00000002.00000001.01000000.0000000C.sdmp, registry_65f93d51.exe, 00000009.00000003.2312771106.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724412164.00007FF8B78B9000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python38.pdb source: wsx.exe, 00000002.00000002.4723333080.00007FF8A8E04000.00000002.00000001.01000000.00000005.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723375067.00007FF8A7E24000.00000002.00000001.01000000.0000001A.sdmp, python38.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdbMM source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ctypes.pdb source: wsx.exe, 00000002.00000002.4725807752.00007FF8B9192000.00000002.00000001.01000000.00000008.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725192076.00007FF8B82C2000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32wnet.pdb source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:40:20 2020 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_queue.pdb source: wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724747960.00007FF8B90F3000.00000002.00000001.01000000.00000012.sdmp, registry_65f93d51.exe, 00000009.00000003.2312703924.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724537307.00007FF8B8253000.00000002.00000001.01000000.00000027.sdmp, _queue.pyd.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: -c are executed after commands from .pdbrc files. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wsx.exe, 00000000.00000003.2263634927.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2311210717.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ssl.pdb source: wsx.exe, 00000002.00000002.4725193346.00007FF8B911D000.00000002.00000001.01000000.0000000E.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724117939.00007FF8B782D000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wsx.exe, 00000000.00000003.2263510921.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4727263141.00007FF8BFB30000.00000002.00000001.01000000.00000006.sdmp, registry_65f93d51.exe, 00000009.00000003.2310883925.000001BF40586000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725680215.00007FF8B8B00000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: placed in the .pdbrc file): source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_overlapped.pdb source: wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724454005.00007FF8B90D5000.00000002.00000001.01000000.00000017.sdmp, registry_65f93d51.exe, 00000009.00000003.2312593294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726281498.00007FF8BA525000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\select.pdb source: wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725412867.00007FF8B9143000.00000002.00000001.01000000.0000000D.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725502564.00007FF8B8833000.00000002.00000001.01000000.00000022.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE96B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB33000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D7790 FindFirstFileExW,FindClose, 0_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 2_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71D7790 FindFirstFileExW,FindClose, 2_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 2_2_00007FF8A8084471
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 9_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5C7790 FindFirstFileExW,FindClose, 9_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 10_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5C7790 FindFirstFileExW,FindClose, 10_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 10_2_00007FF8A73D4471
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /conta.php HTTP/1.1Host: pontoslivelobb.servicos.wsUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /conta.php HTTP/1.1Host: pontoslivelobb.servicos.wsUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: global traffic DNS traffic detected: DNS query: pontoslivelobb.servicos.ws
Source: global traffic DNS traffic detected: DNS query: estudosadulto.educacao.ws
Source: wsx.exe, 00000002.00000002.4721018755.000001D6CEB00000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720985405.000001DEEDDC0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.../back.jpeg
Source: registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://91.92.246.171:5000/replace
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crln
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlpd/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl~
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl__exit__c
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crll__.
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAss
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: wsx.exe, 00000002.00000002.4720967947.000001D6CEAC0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720357983.000001DEED980000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.p
Source: wsx.exe, 00000002.00000002.4721431850.000001D6CEDB0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721388934.000001DEEE070000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: wsx.exe, 00000002.00000002.4721391137.000001D6CED70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721388934.000001DEEE070000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: wsx.exe, 00000002.00000002.4721352219.000001D6CED30000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721308581.000001DEEDFF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/unittest.html
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail/
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://httpbin.org/
Source: registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED4CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://json.org
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es0
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719580106.000001D6CE2D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721662924.000001DEEE210000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.php
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phprg
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/conta.phprg)
Source: wsx.exe, 00000002.00000002.4719580106.000001D6CE2D0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719712925.000001DEED590000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pontoslivelobb.servicos.ws/salva.php
Source: python38.dll.0.dr String found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB8C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE893000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/0R
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/Hd
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/t
Source: wsx.exe, 00000002.00000002.4719910052.000001D6CE4E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720018075.000001DEED7A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED4CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es00
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE0C0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333794430.000001DEED42A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED3B0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: registry_65f93d51.exe, 0000000A.00000003.2333601164.000001DEED401000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332400133.000001DEEB0C6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332488463.000001DEEB0C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/
Source: wsx.exe, 00000000.00000003.2279765483.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719280774.000001D6CDFF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327588294.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719310887.000001DEED2B0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: wsx.exe, 00000002.00000002.4718850807.000001D6CD760000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290828612.000001D6CDDB1000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718867536.000001DEECED0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cpsd
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEED9C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wwwsearch.sf.net/):
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED090000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://yahoo.com/
Source: wsx.exe, 00000002.00000002.4719763286.000001D6CE3D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719870837.000001DEED690000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://codecov.io/github/pyca/cryptography/coverage.svg?branch=master
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://codecov.io/github/pyca/cryptography?branch=master
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://cryptography.io
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://cryptography.io/
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://cryptography.io/en/latest/installation.html
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://cryptography.io/en/latest/security.html
Source: registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.microsof
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE777000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721473524.000001D6CEE00000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721062499.000001D6CEB40000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721429022.000001DEEE0C0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721021413.000001DEEDE00000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED390000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php0
Source: wsx.exe, 00000002.00000002.4721755051.000001D6CF710000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://estudosadulto.educacao.ws/contador/contador.php0wt
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE793000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277366073.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2326414155.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mhammond/pywin32
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=master
Source: wsx.exe, 00000002.00000002.4718686995.000001D6CD660000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718710013.000001DEECC90000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wsx.exe, 00000002.00000003.2289908865.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290464010.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290287018.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBDDE000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290158960.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2289611735.000001D6CBE5B000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000003.2290609085.000001D6CBE5A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEAFED000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2331071299.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329999010.000001DEEB03C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2329900306.000001DEEB041000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330062853.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330349702.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718119614.000001DEEB08B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2330602280.000001DEEB06C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wsx.exe, 00000002.00000002.4719391565.000001D6CE211000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: registry_65f93d51.exe, 0000000A.00000002.4719870837.000001DEED690000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/
Source: registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/get
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/post
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332400133.000001DEEB0C6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED569000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2332488463.000001DEEB0C8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mahler:8092/site-updates.py
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: wsx.exe, 00000002.00000002.4721204773.000001D6CEC30000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721156944.000001DEEDEF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://pypi.org/project/cryptography/
Source: wsx.exe, 00000000.00000003.2280855435.000001AA0235D000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328495473.000001BF4058E000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.dr String found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: wsx.exe, 00000002.00000002.4721204773.000001D6CEC30000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721156944.000001DEEDEF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://requests.readthedocs.io
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/18905702/python-ctypes-and-mutable-buffers
Source: wsx.exe, 00000002.00000002.4721239599.000001D6CEC70000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721200938.000001DEEDF30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-c
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: wsx.exe, 00000002.00000002.4719832400.000001D6CE450000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719943391.000001DEED710000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: registry_65f93d51.exe, 0000000A.00000002.4719943391.000001DEED710000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: wsx.exe, 00000002.00000002.4719727193.000001D6CE390000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719831009.000001DEED650000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsPv
Source: wsx.exe, 00000002.00000002.4719945013.000001D6CE530000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720060998.000001DEED7F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDDB0000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: wsx.exe, 00000000.00000003.2280497122.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/
Source: wsx.exe, 00000000.00000003.2280623300.000001AA02368000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2280497122.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2280468813.000001AA02368000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328328440.000001BF40599000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2328258629.000001BF40599000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2274110280.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275028844.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2265342153.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02361000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmp, wsx.exe, 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 00000009.00000003.2324775684.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722906514.00007FF8A770D000.00000002.00000001.01000000.00000025.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723140745.00007FF8A7B29000.00000002.00000001.01000000.00000024.sdmp String found in binary or memory: https://www.openssl.org/H
Source: wsx.exe, 00000002.00000002.4719019125.000001D6CDE98000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED165000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4719438072.000001DEED3B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org
Source: registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: wsx.exe, 00000002.00000002.4720209105.000001D6CE8C8000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Detected potential crypto function
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D6760 0_2_00007FF7E71D6760
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F4D50 0_2_00007FF7E71F4D50
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F5C9C 0_2_00007FF7E71F5C9C
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E08D0 0_2_00007FF7E71E08D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F30FC 0_2_00007FF7E71F30FC
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F08E4 0_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E10F0 0_2_00007FF7E71E10F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F5750 0_2_00007FF7E71F5750
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E2730 0_2_00007FF7E71E2730
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6644 0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F4FCC 0_2_00007FF7E71F4FCC
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71ECFC8 0_2_00007FF7E71ECFC8
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6644 0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71ED648 0_2_00007FF7E71ED648
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E4E80 0_2_00007FF7E71E4E80
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6EC8 0_2_00007FF7E71E6EC8
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E0EE4 0_2_00007FF7E71E0EE4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E1DA0 0_2_00007FF7E71E1DA0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6490 0_2_00007FF7E71E6490
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71EF938 0_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F2C60 0_2_00007FF7E71F2C60
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D9CC0 0_2_00007FF7E71D9CC0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E0CE0 0_2_00007FF7E71E0CE0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E2B34 0_2_00007FF7E71E2B34
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71ECB34 0_2_00007FF7E71ECB34
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D1B90 0_2_00007FF7E71D1B90
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E0AD4 0_2_00007FF7E71E0AD4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E8AD0 0_2_00007FF7E71E8AD0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F8A98 0_2_00007FF7E71F8A98
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E12F4 0_2_00007FF7E71E12F4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71EF938 0_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F4D50 2_2_00007FF7E71F4D50
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F5C9C 2_2_00007FF7E71F5C9C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E08D0 2_2_00007FF7E71E08D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F30FC 2_2_00007FF7E71F30FC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F08E4 2_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E10F0 2_2_00007FF7E71E10F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F5750 2_2_00007FF7E71F5750
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E2730 2_2_00007FF7E71E2730
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6644 2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71D6760 2_2_00007FF7E71D6760
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F4FCC 2_2_00007FF7E71F4FCC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71ECFC8 2_2_00007FF7E71ECFC8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6644 2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71ED648 2_2_00007FF7E71ED648
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E4E80 2_2_00007FF7E71E4E80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6EC8 2_2_00007FF7E71E6EC8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E0EE4 2_2_00007FF7E71E0EE4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E1DA0 2_2_00007FF7E71E1DA0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6490 2_2_00007FF7E71E6490
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71EF938 2_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F2C60 2_2_00007FF7E71F2C60
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71D9CC0 2_2_00007FF7E71D9CC0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E0CE0 2_2_00007FF7E71E0CE0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E2B34 2_2_00007FF7E71E2B34
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71ECB34 2_2_00007FF7E71ECB34
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71D1B90 2_2_00007FF7E71D1B90
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E0AD4 2_2_00007FF7E71E0AD4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E8AD0 2_2_00007FF7E71E8AD0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F8A98 2_2_00007FF7E71F8A98
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E12F4 2_2_00007FF7E71E12F4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71EF938 2_2_00007FF7E71EF938
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082117 2_2_00007FF8A8082117
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80865AA 2_2_00007FF8A80865AA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A816A9D0 2_2_00007FF8A816A9D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086A0F 2_2_00007FF8A8086A0F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081BCC 2_2_00007FF8A8081BCC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80812A8 2_2_00007FF8A80812A8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80851E6 2_2_00007FF8A80851E6
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083EAE 2_2_00007FF8A8083EAE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80834B3 2_2_00007FF8A80834B3
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083EBD 2_2_00007FF8A8083EBD
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81BED80 2_2_00007FF8A81BED80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80860F0 2_2_00007FF8A80860F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082A2C 2_2_00007FF8A8082A2C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81AEE10 2_2_00007FF8A81AEE10
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085236 2_2_00007FF8A8085236
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084B83 2_2_00007FF8A8084B83
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809EF00 2_2_00007FF8A809EF00
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082676 2_2_00007FF8A8082676
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809F060 2_2_00007FF8A809F060
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082B30 2_2_00007FF8A8082B30
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808655F 2_2_00007FF8A808655F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086014 2_2_00007FF8A8086014
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084DB3 2_2_00007FF8A8084DB3
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808692E 2_2_00007FF8A808692E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084138 2_2_00007FF8A8084138
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082590 2_2_00007FF8A8082590
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8162510 2_2_00007FF8A8162510
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A821E570 2_2_00007FF8A821E570
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084E8A 2_2_00007FF8A8084E8A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081AE6 2_2_00007FF8A8081AE6
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81B66A0 2_2_00007FF8A81B66A0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081EB5 2_2_00007FF8A8081EB5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085213 2_2_00007FF8A8085213
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80819DD 2_2_00007FF8A80819DD
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808105F 2_2_00007FF8A808105F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808672B 2_2_00007FF8A808672B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80860EB 2_2_00007FF8A80860EB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081F78 2_2_00007FF8A8081F78
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A82B7970 2_2_00007FF8A82B7970
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80EFA00 2_2_00007FF8A80EFA00
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083C24 2_2_00007FF8A8083C24
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082509 2_2_00007FF8A8082509
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A821BAD0 2_2_00007FF8A821BAD0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81BFB40 2_2_00007FF8A81BFB40
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8233BE0 2_2_00007FF8A8233BE0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081B9A 2_2_00007FF8A8081B9A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083869 2_2_00007FF8A8083869
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082013 2_2_00007FF8A8082013
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809BD60 2_2_00007FF8A809BD60
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082BF8 2_2_00007FF8A8082BF8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808135C 2_2_00007FF8A808135C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808514B 2_2_00007FF8A808514B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81ABF30 2_2_00007FF8A81ABF30
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80871A8 2_2_00007FF8A80871A8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809BF20 2_2_00007FF8A809BF20
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808380F 2_2_00007FF8A808380F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082C57 2_2_00007FF8A8082C57
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808628F 2_2_00007FF8A808628F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80848DB 2_2_00007FF8A80848DB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A821B150 2_2_00007FF8A821B150
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082518 2_2_00007FF8A8082518
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809F200 2_2_00007FF8A809F200
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084660 2_2_00007FF8A8084660
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808188E 2_2_00007FF8A808188E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082833 2_2_00007FF8A8082833
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081B77 2_2_00007FF8A8081B77
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085BA5 2_2_00007FF8A8085BA5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80AB4C0 2_2_00007FF8A80AB4C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81AB590 2_2_00007FF8A81AB590
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083DC8 2_2_00007FF8A8083DC8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082BCB 2_2_00007FF8A8082BCB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A821F6D0 2_2_00007FF8A821F6D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084B33 2_2_00007FF8A8084B33
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80812C1 2_2_00007FF8A80812C1
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80811DB 2_2_00007FF8A80811DB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80AB850 2_2_00007FF8A80AB850
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808402F 2_2_00007FF8A808402F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082937 2_2_00007FF8A8082937
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086429 2_2_00007FF8A8086429
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81B49D0 2_2_00007FF8A81B49D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808298C 2_2_00007FF8A808298C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086E92 2_2_00007FF8A8086E92
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808320B 2_2_00007FF8A808320B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086532 2_2_00007FF8A8086532
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081041 2_2_00007FF8A8081041
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808609B 2_2_00007FF8A808609B
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808452F 2_2_00007FF8A808452F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81B4CE0 2_2_00007FF8A81B4CE0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084016 2_2_00007FF8A8084016
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081AF0 2_2_00007FF8A8081AF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081E7E 2_2_00007FF8A8081E7E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086000 2_2_00007FF8A8086000
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085894 2_2_00007FF8A8085894
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083742 2_2_00007FF8A8083742
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083099 2_2_00007FF8A8083099
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80866D6 2_2_00007FF8A80866D6
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81C0140 2_2_00007FF8A81C0140
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80871C6 2_2_00007FF8A80871C6
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8130200 2_2_00007FF8A8130200
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808572C 2_2_00007FF8A808572C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082AC2 2_2_00007FF8A8082AC2
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808704A 2_2_00007FF8A808704A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083972 2_2_00007FF8A8083972
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808734C 2_2_00007FF8A808734C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082EB4 2_2_00007FF8A8082EB4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809C480 2_2_00007FF8A809C480
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808111D 2_2_00007FF8A808111D
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085024 2_2_00007FF8A8085024
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80812EE 2_2_00007FF8A80812EE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A82205F0 2_2_00007FF8A82205F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809C620 2_2_00007FF8A809C620
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083139 2_2_00007FF8A8083139
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083DD2 2_2_00007FF8A8083DD2
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085D08 2_2_00007FF8A8085D08
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80862EE 2_2_00007FF8A80862EE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80817E4 2_2_00007FF8A80817E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084DF9 2_2_00007FF8A8084DF9
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80835DF 2_2_00007FF8A80835DF
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086BBD 2_2_00007FF8A8086BBD
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80851E1 2_2_00007FF8A80851E1
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8235AA0 2_2_00007FF8A8235AA0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81B9A80 2_2_00007FF8A81B9A80
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80837F1 2_2_00007FF8A80837F1
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808242D 2_2_00007FF8A808242D
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084BAB 2_2_00007FF8A8084BAB
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808227F 2_2_00007FF8A808227F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808489A 2_2_00007FF8A808489A
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082A95 2_2_00007FF8A8082A95
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808592F 2_2_00007FF8A808592F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808309E 2_2_00007FF8A808309E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80836DE 2_2_00007FF8A80836DE
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81B5E90 2_2_00007FF8A81B5E90
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082347 2_2_00007FF8A8082347
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086244 2_2_00007FF8A8086244
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80824AF 2_2_00007FF8A80824AF
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082D65 2_2_00007FF8A8082D65
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084430 2_2_00007FF8A8084430
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081C26 2_2_00007FF8A8081C26
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80871D5 2_2_00007FF8A80871D5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083E27 2_2_00007FF8A8083E27
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80A5200 2_2_00007FF8A80A5200
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80845CA 2_2_00007FF8A80845CA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A809D260 2_2_00007FF8A809D260
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A81B12B0 2_2_00007FF8A81B12B0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A82352F0 2_2_00007FF8A82352F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80849A8 2_2_00007FF8A80849A8
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80824AA 2_2_00007FF8A80824AA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8081839 2_2_00007FF8A8081839
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80811CC 2_2_00007FF8A80811CC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085BD2 2_2_00007FF8A8085BD2
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083EEA 2_2_00007FF8A8083EEA
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083765 2_2_00007FF8A8083765
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082F31 2_2_00007FF8A8082F31
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083C01 2_2_00007FF8A8083C01
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082E37 2_2_00007FF8A8082E37
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082766 2_2_00007FF8A8082766
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A808732E 2_2_00007FF8A808732E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8082E0F 2_2_00007FF8A8082E0F
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8A012C0 2_2_00007FF8A8A012C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8A018F0 2_2_00007FF8A8A018F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A93001F0 2_2_00007FF8A93001F0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1357 2_2_00007FF8A92F1357
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F2491 2_2_00007FF8A92F2491
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9322C70 2_2_00007FF8A9322C70
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F6D30 2_2_00007FF8A92F6D30
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F12B2 2_2_00007FF8A92F12B2
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9302D50 2_2_00007FF8A9302D50
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1924 2_2_00007FF8A92F1924
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9328FF0 2_2_00007FF8A9328FF0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F15CD 2_2_00007FF8A92F15CD
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1E83 2_2_00007FF8A92F1E83
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9358780 2_2_00007FF8A9358780
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F23F6 2_2_00007FF8A92F23F6
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92FFAD5 2_2_00007FF8A92FFAD5
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1E7E 2_2_00007FF8A92F1E7E
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9305980 2_2_00007FF8A9305980
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F24D2 2_2_00007FF8A92F24D2
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F12E4 2_2_00007FF8A92F12E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1C03 2_2_00007FF8A92F1C03
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A930F400 2_2_00007FF8A930F400
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1BBD 2_2_00007FF8A92F1BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E4D50 9_2_00007FF6BD5E4D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5C6760 9_2_00007FF6BD5C6760
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E5C9C 9_2_00007FF6BD5E5C9C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D4E80 9_2_00007FF6BD5D4E80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6644 9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5DD648 9_2_00007FF6BD5DD648
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D2730 9_2_00007FF6BD5D2730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D0EE4 9_2_00007FF6BD5D0EE4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6EC8 9_2_00007FF6BD5D6EC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D1DA0 9_2_00007FF6BD5D1DA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E30FC 9_2_00007FF6BD5E30FC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E08E4 9_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D10F0 9_2_00007FF6BD5D10F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D08D0 9_2_00007FF6BD5D08D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6644 9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E5750 9_2_00007FF6BD5E5750
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E4FCC 9_2_00007FF6BD5E4FCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5DCFC8 9_2_00007FF6BD5DCFC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E8A98 9_2_00007FF6BD5E8A98
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D2B34 9_2_00007FF6BD5D2B34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5DCB34 9_2_00007FF6BD5DCB34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D12F4 9_2_00007FF6BD5D12F4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D0AD4 9_2_00007FF6BD5D0AD4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D8AD0 9_2_00007FF6BD5D8AD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5DF938 9_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6490 9_2_00007FF6BD5D6490
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5DF938 9_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E2C60 9_2_00007FF6BD5E2C60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D0CE0 9_2_00007FF6BD5D0CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5C9CC0 9_2_00007FF6BD5C9CC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5C1B90 9_2_00007FF6BD5C1B90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E4D50 10_2_00007FF6BD5E4D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E5C9C 10_2_00007FF6BD5E5C9C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D4E80 10_2_00007FF6BD5D4E80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6644 10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5DD648 10_2_00007FF6BD5DD648
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D2730 10_2_00007FF6BD5D2730
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D0EE4 10_2_00007FF6BD5D0EE4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6EC8 10_2_00007FF6BD5D6EC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D1DA0 10_2_00007FF6BD5D1DA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E30FC 10_2_00007FF6BD5E30FC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E08E4 10_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D10F0 10_2_00007FF6BD5D10F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D08D0 10_2_00007FF6BD5D08D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6644 10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5C6760 10_2_00007FF6BD5C6760
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E5750 10_2_00007FF6BD5E5750
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E4FCC 10_2_00007FF6BD5E4FCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5DCFC8 10_2_00007FF6BD5DCFC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E8A98 10_2_00007FF6BD5E8A98
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D2B34 10_2_00007FF6BD5D2B34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5DCB34 10_2_00007FF6BD5DCB34
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D12F4 10_2_00007FF6BD5D12F4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D0AD4 10_2_00007FF6BD5D0AD4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D8AD0 10_2_00007FF6BD5D8AD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5DF938 10_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6490 10_2_00007FF6BD5D6490
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5DF938 10_2_00007FF6BD5DF938
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E2C60 10_2_00007FF6BD5E2C60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D0CE0 10_2_00007FF6BD5D0CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5C9CC0 10_2_00007FF6BD5C9CC0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5C1B90 10_2_00007FF6BD5C1B90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A72C18F0 10_2_00007FF8A72C18F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A72C12C0 10_2_00007FF8A72C12C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D672B 10_2_00007FF8A73D672B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1F78 10_2_00007FF8A73D1F78
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D60EB 10_2_00007FF8A73D60EB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D19DD 10_2_00007FF8A73D19DD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D105F 10_2_00007FF8A73D105F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1AE6 10_2_00007FF8A73D1AE6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5213 10_2_00007FF8A73D5213
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1EB5 10_2_00007FF8A73D1EB5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A75066A0 10_2_00007FF8A75066A0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A756E570 10_2_00007FF8A756E570
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A74B2510 10_2_00007FF8A74B2510
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4E8A 10_2_00007FF8A73D4E8A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D692E 10_2_00007FF8A73D692E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2590 10_2_00007FF8A73D2590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4138 10_2_00007FF8A73D4138
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D655F 10_2_00007FF8A73D655F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6014 10_2_00007FF8A73D6014
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4DB3 10_2_00007FF8A73D4DB3
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2B30 10_2_00007FF8A73D2B30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EF060 10_2_00007FF8A73EF060
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2676 10_2_00007FF8A73D2676
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EEF00 10_2_00007FF8A73EEF00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A74FEE10 10_2_00007FF8A74FEE10
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2A2C 10_2_00007FF8A73D2A2C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D60F0 10_2_00007FF8A73D60F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4B83 10_2_00007FF8A73D4B83
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5236 10_2_00007FF8A73D5236
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3EBD 10_2_00007FF8A73D3EBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A750ED80 10_2_00007FF8A750ED80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D34B3 10_2_00007FF8A73D34B3
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3EAE 10_2_00007FF8A73D3EAE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D51E6 10_2_00007FF8A73D51E6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D12A8 10_2_00007FF8A73D12A8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1BCC 10_2_00007FF8A73D1BCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6A0F 10_2_00007FF8A73D6A0F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2117 10_2_00007FF8A73D2117
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A74BA9D0 10_2_00007FF8A74BA9D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D65AA 10_2_00007FF8A73D65AA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73FB850 10_2_00007FF8A73FB850
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D402F 10_2_00007FF8A73D402F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D11DB 10_2_00007FF8A73D11DB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D12C1 10_2_00007FF8A73D12C1
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2BCB 10_2_00007FF8A73D2BCB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4B33 10_2_00007FF8A73D4B33
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A756F6D0 10_2_00007FF8A756F6D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3DC8 10_2_00007FF8A73D3DC8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A74FB590 10_2_00007FF8A74FB590
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1B77 10_2_00007FF8A73D1B77
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2833 10_2_00007FF8A73D2833
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D188E 10_2_00007FF8A73D188E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73FB4C0 10_2_00007FF8A73FB4C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5BA5 10_2_00007FF8A73D5BA5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4660 10_2_00007FF8A73D4660
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EF200 10_2_00007FF8A73EF200
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D48DB 10_2_00007FF8A73D48DB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A756B150 10_2_00007FF8A756B150
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2518 10_2_00007FF8A73D2518
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2C57 10_2_00007FF8A73D2C57
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D380F 10_2_00007FF8A73D380F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D628F 10_2_00007FF8A73D628F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D71A8 10_2_00007FF8A73D71A8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EBF20 10_2_00007FF8A73EBF20
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A74FBF30 10_2_00007FF8A74FBF30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2BF8 10_2_00007FF8A73D2BF8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D514B 10_2_00007FF8A73D514B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D135C 10_2_00007FF8A73D135C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EBD60 10_2_00007FF8A73EBD60
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2013 10_2_00007FF8A73D2013
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3869 10_2_00007FF8A73D3869
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1B9A 10_2_00007FF8A73D1B9A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A750FB40 10_2_00007FF8A750FB40
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7583BE0 10_2_00007FF8A7583BE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2509 10_2_00007FF8A73D2509
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A743FA00 10_2_00007FF8A743FA00
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3C24 10_2_00007FF8A73D3C24
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A756BAD0 10_2_00007FF8A756BAD0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7607970 10_2_00007FF8A7607970
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4DF9 10_2_00007FF8A73D4DF9
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D62EE 10_2_00007FF8A73D62EE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D17E4 10_2_00007FF8A73D17E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3139 10_2_00007FF8A73D3139
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3DD2 10_2_00007FF8A73D3DD2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EC620 10_2_00007FF8A73EC620
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5D08 10_2_00007FF8A73D5D08
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5024 10_2_00007FF8A73D5024
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A75705F0 10_2_00007FF8A75705F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D12EE 10_2_00007FF8A73D12EE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D111D 10_2_00007FF8A73D111D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73EC480 10_2_00007FF8A73EC480
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2EB4 10_2_00007FF8A73D2EB4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D734C 10_2_00007FF8A73D734C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2AC2 10_2_00007FF8A73D2AC2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D572C 10_2_00007FF8A73D572C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7480200 10_2_00007FF8A7480200
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3972 10_2_00007FF8A73D3972
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D704A 10_2_00007FF8A73D704A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7510140 10_2_00007FF8A7510140
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D66D6 10_2_00007FF8A73D66D6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D71C6 10_2_00007FF8A73D71C6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3742 10_2_00007FF8A73D3742
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5894 10_2_00007FF8A73D5894
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3099 10_2_00007FF8A73D3099
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6000 10_2_00007FF8A73D6000
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1E7E 10_2_00007FF8A73D1E7E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4016 10_2_00007FF8A73D4016
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1AF0 10_2_00007FF8A73D1AF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D452F 10_2_00007FF8A73D452F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D609B 10_2_00007FF8A73D609B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7504CE0 10_2_00007FF8A7504CE0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6532 10_2_00007FF8A73D6532
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1041 10_2_00007FF8A73D1041
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D320B 10_2_00007FF8A73D320B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6E92 10_2_00007FF8A73D6E92
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D298C 10_2_00007FF8A73D298C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6429 10_2_00007FF8A73D6429
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2937 10_2_00007FF8A73D2937
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A75049D0 10_2_00007FF8A75049D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2E0F 10_2_00007FF8A73D2E0F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2E37 10_2_00007FF8A73D2E37
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2766 10_2_00007FF8A73D2766
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3C01 10_2_00007FF8A73D3C01
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D732E 10_2_00007FF8A73D732E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3765 10_2_00007FF8A73D3765
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2F31 10_2_00007FF8A73D2F31
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1839 10_2_00007FF8A73D1839
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3EEA 10_2_00007FF8A73D3EEA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5BD2 10_2_00007FF8A73D5BD2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D11CC 10_2_00007FF8A73D11CC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D49A8 10_2_00007FF8A73D49A8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D24AA 10_2_00007FF8A73D24AA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73ED260 10_2_00007FF8A73ED260
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D45CA 10_2_00007FF8A73D45CA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73F5200 10_2_00007FF8A73F5200
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A75852F0 10_2_00007FF8A75852F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A75012B0 10_2_00007FF8A75012B0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D71D5 10_2_00007FF8A73D71D5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D1C26 10_2_00007FF8A73D1C26
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D3E27 10_2_00007FF8A73D3E27
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2D65 10_2_00007FF8A73D2D65
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D24AF 10_2_00007FF8A73D24AF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4430 10_2_00007FF8A73D4430
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6244 10_2_00007FF8A73D6244
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2347 10_2_00007FF8A73D2347
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D36DE 10_2_00007FF8A73D36DE
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7505E90 10_2_00007FF8A7505E90
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D592F 10_2_00007FF8A73D592F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D309E 10_2_00007FF8A73D309E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D227F 10_2_00007FF8A73D227F
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4BAB 10_2_00007FF8A73D4BAB
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D2A95 10_2_00007FF8A73D2A95
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D489A 10_2_00007FF8A73D489A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D37F1 10_2_00007FF8A73D37F1
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D242D 10_2_00007FF8A73D242D
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D51E1 10_2_00007FF8A73D51E1
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6BBD 10_2_00007FF8A73D6BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7585AA0 10_2_00007FF8A7585AA0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7509A80 10_2_00007FF8A7509A80
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D35DF 10_2_00007FF8A73D35DF
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A901F0 10_2_00007FF8A7A901F0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AE8780 10_2_00007FF8A7AE8780
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A815CD 10_2_00007FF8A7A815CD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81E83 10_2_00007FF8A7A81E83
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81924 10_2_00007FF8A7A81924
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB8FF0 10_2_00007FF8A7AB8FF0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A86D30 10_2_00007FF8A7A86D30
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A812B2 10_2_00007FF8A7A812B2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A92D50 10_2_00007FF8A7A92D50
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AB2C70 10_2_00007FF8A7AB2C70
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A82491 10_2_00007FF8A7A82491
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81357 10_2_00007FF8A7A81357
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7ADF5D0 10_2_00007FF8A7ADF5D0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8B520 10_2_00007FF8A7A8B520
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A9F400 10_2_00007FF8A7A9F400
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81BBD 10_2_00007FF8A7A81BBD
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81C03 10_2_00007FF8A7A81C03
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A812E4 10_2_00007FF8A7A812E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A824D2 10_2_00007FF8A7A824D2
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A823F6 10_2_00007FF8A7A823F6
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A8FAD5 10_2_00007FF8A7A8FAD5
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A95980 10_2_00007FF8A7A95980
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81E7E 10_2_00007FF8A7A81E7E
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F6C920 10_2_00007FF8A7F6C920
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F6F990 10_2_00007FF8A7F6F990
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F649C4 10_2_00007FF8A7F649C4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F909CC 10_2_00007FF8A7F909CC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F74B18 10_2_00007FF8A7F74B18
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A8016BCC 10_2_00007FF8A8016BCC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F80BCA 10_2_00007FF8A7F80BCA
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F87BDC 10_2_00007FF8A7F87BDC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F77C40 10_2_00007FF8A7F77C40
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F65E2A 10_2_00007FF8A7F65E2A
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7FD3064 10_2_00007FF8A7FD3064
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F74070 10_2_00007FF8A7F74070
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D5DEE appears 738 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D4106 appears 385 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D1FC8 appears 55 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D4697 appears 138 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D1055 appears 1559 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D4205 appears 47 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A7A81023 appears 575 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D2004 appears 31 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A7AEC50F appears 194 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A7AEC5A5 appears 103 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF6BD5C2770 appears 82 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D1C0D appears 119 times
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: String function: 00007FF8A73D2072 appears 82 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8084106 appears 385 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8081FC8 appears 55 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF7E71D2770 appears 82 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8085DEE appears 738 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8082072 appears 82 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8081C0D appears 119 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A935C50F appears 168 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A935C5A5 appears 94 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8082004 appears 31 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8081055 appears 1559 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8084205 appears 47 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A8084697 appears 138 times
Source: C:\Users\user\Desktop\wsx.exe Code function: String function: 00007FF8A92F1023 appears 499 times
PE file does not import any functions
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: python3.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: python3.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.9.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265229722.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ssl.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264080444.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ctypes.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2275950894.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepyexpat.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_lzma.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_queue.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewin32wnet.pyd0 vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264228352.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_decimal.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2276567966.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepython38.dll. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2279137450.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameunicodedata.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277933525.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_overlapped.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277366073.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepywintypes38.dll0 vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepython3.dll. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263634927.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs wsx.exe
Source: wsx.exe, 00000000.00000003.2275609971.000001AA02359000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibsslH vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_multiprocessing.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_hashlib.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_asyncio.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2277501724.000001AA02366000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264770739.000001AA02361000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_queue.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_socket.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_bz2.pyd. vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameapisetstubj% vs wsx.exe
Source: wsx.exe, 00000000.00000003.2263510921.000001AA02354000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dllT vs wsx.exe
Source: wsx.exe Binary or memory string: OriginalFilename vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725467852.00007FF8B9146000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4723863739.00007FF8A9399000.00000002.00000001.01000000.00000010.sdmp Binary or memory string: OriginalFilenamelibsslH vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724237780.00007FF8B8F8F000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: OriginalFilename_asyncio.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725873934.00007FF8B919D000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: OriginalFilename_ctypes.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4726267406.00007FF8BA254000.00000002.00000001.01000000.0000000A.sdmp Binary or memory string: OriginalFilename_bz2.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724900014.00007FF8B90F6000.00000002.00000001.01000000.00000012.sdmp Binary or memory string: OriginalFilename_queue.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4726029014.00007FF8B9F73000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: OriginalFilename_socket.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4726746703.00007FF8BA502000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamepython3.dll. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4722788037.00007FF8A83BD000.00000002.00000001.01000000.0000000F.sdmp Binary or memory string: OriginalFilenamelibcryptoH vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724505913.00007FF8B90DA000.00000002.00000001.01000000.00000017.sdmp Binary or memory string: OriginalFilename_overlapped.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725101733.00007FF8B910A000.00000002.00000001.01000000.00000011.sdmp Binary or memory string: OriginalFilename_hashlib.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4724106871.00007FF8B83E2000.00000002.00000001.01000000.00000004.sdmp Binary or memory string: OriginalFilenameucrtbase.dllj% vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725681636.00007FF8B9176000.00000002.00000001.01000000.0000000B.sdmp Binary or memory string: OriginalFilename_lzma.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4725322126.00007FF8B9134000.00000002.00000001.01000000.0000000E.sdmp Binary or memory string: OriginalFilename_ssl.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4723139253.00007FF8A8B0B000.00000002.00000001.01000000.00000015.sdmp Binary or memory string: OriginalFilenameunicodedata.pyd. vs wsx.exe
Source: wsx.exe, 00000002.00000002.4727543324.00007FF8BFB37000.00000002.00000001.01000000.00000006.sdmp Binary or memory string: OriginalFilenamevcruntime140.dllT vs wsx.exe
Source: wsx.exe, 00000002.00000002.4723675434.00007FF8A8F17000.00000002.00000001.01000000.00000005.sdmp Binary or memory string: OriginalFilenamepython38.dll. vs wsx.exe
Source: classification engine Classification label: mal68.evad.winEXE@21/160@2/2
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D7420 GetLastError,FormatMessageW,WideCharToMultiByte, 0_2_00007FF7E71D7420
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Roaming\Software Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6004:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_03
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562 Jump to behavior
Source: wsx.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\wsx.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: wsx.exe Virustotal: Detection: 13%
Source: C:\Users\user\Desktop\wsx.exe File read: C:\Users\user\Desktop\wsx.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe"
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe"
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f
Source: unknown Process created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Process created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe" Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe"" Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Process created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe" Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: libffi-7.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: libffi-7.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe File opened: C:\Users\user\Desktop\pyvenv.cfg Jump to behavior
Source: wsx.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: wsx.exe Static file information: File size 10090064 > 1048576
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: wsx.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: wsx.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: C:\A\31\b\bin\amd64\python3.pdb source: wsx.exe, 00000000.00000003.2276083050.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726746703.00007FF8BA502000.00000002.00000001.01000000.00000007.sdmp, registry_65f93d51.exe, 00000009.00000003.2325177610.000001BF4058A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725982927.00007FF8B8F72000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_bz2.pdb source: wsx.exe, 00000000.00000003.2263839273.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4726166568.00007FF8BA24E000.00000002.00000001.01000000.0000000A.sdmp, registry_65f93d51.exe, 00000009.00000003.2311725038.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725034578.00007FF8B829E000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_multiprocessing.pdb source: wsx.exe, 00000000.00000003.2264596873.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2312503652.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_hashlib.pdb source: wsx.exe, 00000000.00000003.2264365268.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725020792.00007FF8B9105000.00000002.00000001.01000000.00000011.sdmp, registry_65f93d51.exe, 00000009.00000003.2312259416.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725343238.00007FF8B8795000.00000002.00000001.01000000.00000026.sdmp, _hashlib.pyd.9.dr
Source: Binary string: ~/.pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\unicodedata.pdb source: wsx.exe, 00000000.00000003.2279137450.000001AA02362000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4722907835.00007FF8A8B05000.00000002.00000001.01000000.00000015.sdmp, registry_65f93d51.exe, 00000009.00000003.2327134026.000001BF40594000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722044735.00007FF8A73C5000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268117839.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321320022.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_asyncio.pdb source: wsx.exe, 00000000.00000003.2263747195.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724186040.00007FF8B8F87000.00000002.00000001.01000000.00000016.sdmp, registry_65f93d51.exe, 00000009.00000003.2311554458.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726060409.00007FF8B90B7000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdb source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_socket.pdb source: wsx.exe, 00000000.00000003.2264864812.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725967855.00007FF8B9F69000.00000002.00000001.01000000.0000000C.sdmp, registry_65f93d51.exe, 00000009.00000003.2312771106.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724412164.00007FF8B78B9000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268040879.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321242799.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269224887.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322097320.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\python38.pdb source: wsx.exe, 00000002.00000002.4723333080.00007FF8A8E04000.00000002.00000001.01000000.00000005.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723375067.00007FF8A7E24000.00000002.00000001.01000000.0000001A.sdmp, python38.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267638883.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320853844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: C:\A\31\b\bin\amd64\_lzma.pdbMM source: wsx.exe, 00000000.00000003.2264467594.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725576617.00007FF8B916D000.00000002.00000001.01000000.0000000B.sdmp, registry_65f93d51.exe, 00000009.00000003.2312377234.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724695449.00007FF8B827D000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ctypes.pdb source: wsx.exe, 00000002.00000002.4725807752.00007FF8B9192000.00000002.00000001.01000000.00000008.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725192076.00007FF8B82C2000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.8\Release\win32wnet.pdb source: wsx.exe, 00000000.00000003.2279561845.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327436277.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266842790.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320042183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.9.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1g 21 Apr 2020built on: Fri Jun 12 19:40:20 2020 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_queue.pdb source: wsx.exe, 00000000.00000003.2264770739.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724747960.00007FF8B90F3000.00000002.00000001.01000000.00000012.sdmp, registry_65f93d51.exe, 00000009.00000003.2312703924.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724537307.00007FF8B8253000.00000002.00000001.01000000.00000027.sdmp, _queue.pyd.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: -c are executed after commands from .pdbrc files. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265532853.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314930930.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266500836.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319729844.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wsx.exe, 00000000.00000003.2263634927.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2311210717.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: wsx.exe, 00000002.00000002.4720209105.000001D6CE6DF000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDAE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_ssl.pdb source: wsx.exe, 00000002.00000002.4725193346.00007FF8B911D000.00000002.00000001.01000000.0000000E.sdmp, registry_65f93d51.exe, 0000000A.00000002.4724117939.00007FF8B782D000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265342153.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2313965731.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267289640.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320513643.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268227688.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321398734.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269119940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322013187.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wsx.exe, 00000000.00000003.2263510921.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4727263141.00007FF8BFB30000.00000002.00000001.01000000.00000006.sdmp, registry_65f93d51.exe, 00000009.00000003.2310883925.000001BF40586000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725680215.00007FF8B8B00000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266580337.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319802950.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: placed in the .pdbrc file): source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\_overlapped.pdb source: wsx.exe, 00000000.00000003.2264691239.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4724454005.00007FF8B90D5000.00000002.00000001.01000000.00000017.sdmp, registry_65f93d51.exe, 00000009.00000003.2312593294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4726281498.00007FF8BA525000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wsx.exe, 00000002.00000002.4720673524.000001D6CE9B5000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720778267.000001DEEDC94000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267432361.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320693436.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266210989.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319475363.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266112696.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319389209.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266929158.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320119867.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265818210.000001AA02354000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316009389.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265721119.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315920437.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267504733.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320775294.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268796940.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321766183.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267798188.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321008115.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr, api-ms-win-core-util-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265628346.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2315422600.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: wsx.exe, 00000002.00000002.4724039412.00007FF8B83A4000.00000002.00000001.01000000.00000004.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723851835.00007FF8A8024000.00000002.00000001.01000000.00000019.sdmp, ucrtbase.dll.9.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2269022242.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321926554.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267958915.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321163060.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\6\b\libssl-1_1.pdb?? source: wsx.exe, 00000002.00000002.4723807412.00007FF8A9364000.00000002.00000001.01000000.00000010.sdmp, registry_65f93d51.exe, 0000000A.00000002.4723087461.00007FF8A7AF4000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: wsx.exe, 00000000.00000003.2265916752.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2316073120.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267207504.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320300217.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wsx.exe, 00000002.00000002.4722585633.00007FF8A82C7000.00000002.00000001.01000000.0000000F.sdmp, registry_65f93d51.exe, 0000000A.00000002.4722693885.00007FF8A7617000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2265439691.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2314471193.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2268439591.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321554854.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266304966.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319574651.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268318304.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321475345.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2269354500.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2322173948.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\31\b\bin\amd64\select.pdb source: wsx.exe, 00000000.00000003.2277501724.000001AA02359000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4725412867.00007FF8B9143000.00000002.00000001.01000000.0000000D.sdmp, registry_65f93d51.exe, 00000009.00000003.2326535528.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4725502564.00007FF8B8833000.00000002.00000001.01000000.00000022.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267715426.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320927539.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2267360213.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320610765.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: wsx.exe, 00000000.00000003.2266016159.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2318890669.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc source: wsx.exe, 00000002.00000002.4721310829.000001D6CECF0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721273657.000001DEEDFB0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: wsx.exe, 00000000.00000003.2266404717.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319652327.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.9.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2266698365.000001AA0235B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2319882300.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2268931600.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321843970.000001BF40588000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: wsx.exe, 00000000.00000003.2267090123.000001AA02355000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2320205484.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: wsx.exe, 00000002.00000002.4720209105.000001D6CE80F000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4720209105.000001D6CE96B000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDB33000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4720403641.000001DEEDBBE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: wsx.exe, 00000000.00000003.2267878901.000001AA02356000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2321086900.000001BF40588000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: wsx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wsx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wsx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wsx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wsx.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Binary contains a suspicious time stamp
Source: api-ms-win-core-console-l1-1-0.dll.0.dr Static PE information: 0x6F5B3627 [Thu Mar 15 05:56:55 2029 UTC]
PE file contains sections with non-standard names
Source: wsx.exe Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr Static PE information: section name: .00cfg
Source: registry_65f93d51.exe.2.dr Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.9.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.9.dr Static PE information: section name: .00cfg
Source: VCRUNTIME140.dll.9.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A9335B81 push rcx; ret 2_2_00007FF8A9335B82
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7AC5B81 push rcx; ret 10_2_00007FF8A7AC5B82
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F8EB55 push rdi; ret 10_2_00007FF8A7F8EB5B
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7F6126A push qword ptr [rdi+rbp-01h]; ret 10_2_00007FF8A7F6126F
Drops PE files
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\libffi-7.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\python38.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\libffi-7.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\python38.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe File created: C:\Users\user\AppData\Local\Temp\_MEI18922\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe File created: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe"
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D3DD0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_00007FF7E71D3DD0
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083251 rdtsc 2_2_00007FF8A8083251
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\wsx.exe Window / User API: threadDelayed 1580 Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Window / User API: threadDelayed 8418 Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Window / User API: foregroundWindowGot 1776 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Window / User API: threadDelayed 8484 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Window / User API: threadDelayed 1514 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Window / User API: foregroundWindowGot 1777 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\python38.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\bcrypt\_bcrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_cffi_backend.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\python38.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32\pywintypes38.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\win32wnet.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography\hazmat\bindings\_openssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer\md__mypyc.cp38-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI18922\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\wsx.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI60562\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\wsx.exe API coverage: 1.8 %
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe API coverage: 1.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\wsx.exe TID: 1120 Thread sleep count: 1580 > 30 Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe TID: 1120 Thread sleep time: -790000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe TID: 1120 Thread sleep count: 8418 > 30 Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe TID: 1120 Thread sleep time: -4209000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524 Thread sleep count: 8484 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524 Thread sleep time: -4242000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524 Thread sleep count: 1514 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe TID: 6524 Thread sleep time: -757000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71D7790 FindFirstFileExW,FindClose, 0_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 0_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71F08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 2_2_00007FF7E71F08E4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71D7790 FindFirstFileExW,FindClose, 2_2_00007FF7E71D7790
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 2_2_00007FF7E71E6644
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 2_2_00007FF8A8084471
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 9_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5C7790 FindFirstFileExW,FindClose, 9_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 9_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5E08E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 10_2_00007FF6BD5E08E4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5C7790 FindFirstFileExW,FindClose, 10_2_00007FF6BD5C7790
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D6644 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError, 10_2_00007FF6BD5D6644
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4471 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte, 10_2_00007FF8A73D4471
Source: wsx.exe, 00000000.00000003.2280085504.000001AA0235A000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 00000009.00000003.2327919764.000001BF4058B000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.dr Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: registry_65f93d51.exe, 0000000A.00000003.2333460204.000001DEED0B6000.00000004.00000020.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4718994312.000001DEED0DF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWoto %SystemRoot%\system32\mswsock.dllad() method that
Source: wsx.exe, 00000002.00000003.2291758750.000001D6CBE90000.00000004.00000020.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4718299020.000001D6CBE7E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: cacert.pem.0.dr Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging
barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8086500 2_2_00007FF8A8086500
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A80863C0 2_2_00007FF8A80863C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D6500 10_2_00007FF8A73D6500
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D63C0 10_2_00007FF8A73D63C0
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8083251 rdtsc 2_2_00007FF8A8083251
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71DB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7E71DB5DC
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F24D0 GetProcessHeap, 0_2_00007FF7E71F24D0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71DAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7E71DAFC4
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71DB7C0 SetUnhandledExceptionFilter, 0_2_00007FF7E71DB7C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71DB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7E71DB5DC
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71E9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7E71E9A14
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71DAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_00007FF7E71DAFC4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71DB7C0 SetUnhandledExceptionFilter, 2_2_00007FF7E71DB7C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71DB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00007FF7E71DB5DC
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF7E71E9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00007FF7E71E9A14
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8084FED __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00007FF8A8084FED
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8A02A38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_00007FF8A8A02A38
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8A033B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00007FF8A8A033B4
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8A0359C SetUnhandledExceptionFilter, 2_2_00007FF8A8A0359C
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A92F1D75 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 2_2_00007FF8A92F1D75
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5CB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FF6BD5CB5DC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5CAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FF6BD5CAFC4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5CB7C0 SetUnhandledExceptionFilter, 9_2_00007FF6BD5CB7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 9_2_00007FF6BD5D9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FF6BD5D9A14
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5CB5DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF6BD5CB5DC
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5CAFC4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 10_2_00007FF6BD5CAFC4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5CB7C0 SetUnhandledExceptionFilter, 10_2_00007FF6BD5CB7C0
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF6BD5D9A14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF6BD5D9A14
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A72C359C SetUnhandledExceptionFilter, 10_2_00007FF8A72C359C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A72C33B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF8A72C33B4
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A72C2A38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 10_2_00007FF8A72C2A38
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D4FED __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF8A73D4FED
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7A81D75 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF8A7A81D75
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A7FDC350 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 10_2_00007FF8A7FDC350
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Users\user\Desktop\wsx.exe "C:\Users\user\Desktop\wsx.exe" Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe"" Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /create /tn "registry_65f93d51.exe" /tr "C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe" /sc onlogon /rl highest /f Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Process created: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "schtasks /query /tn "registry_65f93d51.exe"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\schtasks.exe schtasks /query /tn "registry_65f93d51.exe" Jump to behavior
Source: wsx.exe, 00000002.00000002.4721891045.000001D6CF7A0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721938594.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager
Source: wsx.exe, 00000002.00000002.4721891045.000001D6CF7A0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721938594.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp, registry_65f93d51.exe, 0000000A.00000002.4721601148.000001DEEE1D0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Program Manager0
Source: wsx.exe, 00000002.00000003.3239685469.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721891045.000001D6CF7A0000.00000004.00001000.00020000.00000000.sdmp, wsx.exe, 00000002.00000002.4721938594.000001D6CF7E0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: program manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F88E0 cpuid 0_2_00007FF7E71F88E0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: EnumSystemLocalesW, 10_2_00007FF8A7FDAA9C
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: GetPrimaryLen,EnumSystemLocalesW, 10_2_00007FF8A7FDAB04
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: GetPrimaryLen,EnumSystemLocalesW, 10_2_00007FF8A7FDABB8
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: EnterCriticalSection,__crt_fast_encode_pointer,EnumSystemLocalesW,LeaveCriticalSection, 10_2_00007FF8A7FD8D68
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 10_2_00007FF8A7FDB024
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 10_2_00007FF8A7FDB1E4
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\certifi VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\ucrtbase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_socket.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\select.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_ssl.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_hashlib.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_queue.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md.cp38-win_amd64.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\charset_normalizer\md__mypyc.cp38-win_amd64.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\unicodedata.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\certifi\cacert.pem VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_asyncio.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\_overlapped.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\lockfile VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI60562\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Queries volume information: C:\Users\user\Desktop\wsx.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\charset_normalizer VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\certifi VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\cryptography-3.4.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\ucrtbase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\_socket.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\select.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI18922\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Queries volume information: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71DB4C0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF7E71DB4C0
Source: C:\Users\user\Desktop\wsx.exe Code function: 0_2_00007FF7E71F4D50 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, 0_2_00007FF7E71F4D50
Source: C:\Users\user\Desktop\wsx.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\Desktop\wsx.exe Code function: 2_2_00007FF8A8085DB7 bind,WSAGetLastError, 2_2_00007FF8A8085DB7
Source: C:\Users\user\AppData\Roaming\Software\registry_65f93d51.exe Code function: 10_2_00007FF8A73D5DB7 bind,WSAGetLastError, 10_2_00007FF8A73D5DB7
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523266 Sample: wsx.exe Startdate: 01/10/2024 Architecture: WINDOWS Score: 68 58 pontoslivelobb.servicos.ws 2->58 60 estudosadulto.educacao.ws 2->60 66 Multi AV Scanner detection for submitted file 2->66 68 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->68 70 AI detected suspicious sample 2->70 72 Sigma detected: Invoke-Obfuscation VAR+ Launcher 2->72 9 wsx.exe 90 2->9         started        13 registry_65f93d51.exe 90 2->13         started        signatures3 process4 file5 42 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 9->42 dropped 44 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->44 dropped 46 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 9->46 dropped 54 65 other files (none is malicious) 9->54 dropped 76 Potentially malicious time measurement code found 9->76 15 wsx.exe 3 9->15         started        48 C:\Users\user\AppData\Local\...\win32wnet.pyd, PE32+ 13->48 dropped 50 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 13->50 dropped 52 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 13->52 dropped 56 65 other files (none is malicious) 13->56 dropped 19 registry_65f93d51.exe 13->19         started        signatures6 process7 dnsIp8 62 estudosadulto.educacao.ws 94.156.67.32, 443, 49725, 49728 TERASYST-ASBG Bulgaria 15->62 64 pontoslivelobb.servicos.ws 191.252.83.191, 49724, 49727, 80 LocawebServicosdeInternetSABR Brazil 15->64 40 C:\Users\user\...\registry_65f93d51.exe, PE32+ 15->40 dropped 21 cmd.exe 1 15->21         started        24 cmd.exe 1 15->24         started        26 cmd.exe 1 19->26         started        file9 process10 signatures11 74 Uses schtasks.exe or at.exe to add and modify task schedules 21->74 28 conhost.exe 21->28         started        30 schtasks.exe 1 21->30         started        32 conhost.exe 24->32         started        34 schtasks.exe 1 24->34         started        36 conhost.exe 26->36         started        38 schtasks.exe 1 26->38         started        process12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
191.252.83.191
 pontoslivelobb.servicos.ws Brazil
27715 LocawebServicosdeInternetSABR false
94.156.67.32
 estudosadulto.educacao.ws Bulgaria
31420 TERASYST-ASBG false

Contacted Domains

Name IP Active
pontoslivelobb.servicos.ws 191.252.83.191 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
estudosadulto.educacao.ws 94.156.67.32 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://pontoslivelobb.servicos.ws/conta.php false
    		unknown