Windows Analysis Report
UV4VDg1Lry.exe

Overview

General Information

Sample name: UV4VDg1Lry.exe
renamed because original name is a hash value
Original sample name: ed54c25cc1d3c9dc4589d844dda108453951c950628a1a6033c7dc1483c10c92.exe
Analysis ID: 1528946
MD5: 367d04b040e56296b2a71921dadeae2f
SHA1: 73fb54950be4d8d4397725f09c3eed52bc1d242e
SHA256: ed54c25cc1d3c9dc4589d844dda108453951c950628a1a6033c7dc1483c10c92
Tags: exeuser-adrian__luca
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Modifies existing user documents (likely ransomware behavior)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: UV4VDg1Lry.exe ReversingLabs: Detection: 45%
Source: UV4VDg1Lry.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: cryptography_rust.pdbc source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: UV4VDg1Lry.exe, 00000000.00000003.2053949628.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: cryptography_rust.pdb source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap` source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2053949628.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: select.pyd.0.dr
Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDX9_62_CURVEfieldIDcurvebaseECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Tue Sep 3 19:22:24 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E89280 FindFirstFileExW,FindClose, 0_2_00007FF7F8E89280
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00007FF7F8E883C0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF7F8EA1874
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\Temp\_MEI58042\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\Temp\ Jump to behavior
Source: UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.co
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.cov
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeS
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _bz2.pyd.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digice
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.p
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000002.2810007930.000002871FE29000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, tcl86t.dll.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: _cffi_backend.cp312-win_amd64.pyd.0.dr String found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: METADATA.0.dr String found in binary or memory: https://cryptography.io
Source: METADATA.0.dr String found in binary or memory: https://cryptography.io/
Source: METADATA.0.dr String found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: _rust.pyd.0.dr String found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: METADATA.0.dr String found in binary or memory: https://cryptography.io/en/latest/installation/
Source: METADATA.0.dr String found in binary or memory: https://cryptography.io/en/latest/security/
Source: http-2.9.8.tm.0.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
Source: UV4VDg1Lry.exe, 00000002.00000003.2143746972.000002681587F000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2804159460.0000026815871000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2140900875.000002681588B000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2138324553.000002681588B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: UV4VDg1Lry.exe, 00000002.00000003.2143746972.000002681587F000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2804159460.0000026815871000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2140900875.000002681588B000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2138324553.000002681588B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography
Source: METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography/
Source: METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.dr, _rust.pyd.0.dr String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: _rust.pyd.0.dr String found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: _rust.pyd.0.dr String found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: METADATA.0.dr String found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: UV4VDg1Lry.exe, 00000002.00000003.2138324553.000002681588B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: UV4VDg1Lry.exe, 00000002.00000003.2143746972.000002681587F000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2804159460.0000026815871000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2140900875.000002681588B000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2138324553.000002681588B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: UV4VDg1Lry.exe, 00000002.00000003.2143541456.0000026815BF0000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2803681183.0000026815BF0000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2142705680.0000026815C9B000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2804911067.0000026815BF0000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2144026754.0000026815BF0000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2142785081.0000026815C30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: UV4VDg1Lry.exe, 00000002.00000003.2143746972.000002681587F000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2804159460.0000026815871000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2140900875.000002681588B000.00000004.00000020.00020000.00000000.sdmp, UV4VDg1Lry.exe, 00000002.00000003.2138324553.000002681588B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: METADATA.0.dr String found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: METADATA.0.dr String found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: base_library.zip.0.dr String found in binary or memory: https://peps.python.org/pep-0205/
Source: METADATA.0.dr String found in binary or memory: https://pypi.org/project/cryptography/
Source: METADATA.0.dr String found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: tk.tcl.0.dr String found in binary or memory: https://support.apple.com/en-us/HT201236
Source: LICENSE.APACHE.0.dr String found in binary or memory: https://www.apache.org/licenses/
Source: LICENSE.APACHE.0.dr String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: libcrypto-3.dll.0.dr String found in binary or memory: https://www.openssl.org/H
Source: base_library.zip.0.dr String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.

Spam, unwanted Advertisements and Ransom Demands
barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File moved: C:\Users\user\Desktop\EFOYFBOLXA\EOWRVPQCCS.mp3 Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File moved: C:\Users\user\Desktop\TQDFJHPUIU.jpg Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File moved: C:\Users\user\Desktop\EIVQSAOTAQ.jpg Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File deleted: C:\Users\user\Desktop\EIVQSAOTAQ.jpg Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File moved: C:\Users\user\Desktop\EOWRVPQCCS.xlsx Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E889E0 0_2_00007FF7F8E889E0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA6964 0_2_00007FF7F8EA6964
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA5C00 0_2_00007FF7F8EA5C00
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E81000 0_2_00007FF7F8E81000
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E939A4 0_2_00007FF7F8E939A4
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E92164 0_2_00007FF7F8E92164
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E91944 0_2_00007FF7F8E91944
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8A2DB 0_2_00007FF7F8E8A2DB
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E9DA5C 0_2_00007FF7F8E9DA5C
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA3C10 0_2_00007FF7F8EA3C10
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E92C10 0_2_00007FF7F8E92C10
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E91B50 0_2_00007FF7F8E91B50
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8ACAD 0_2_00007FF7F8E8ACAD
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8A47B 0_2_00007FF7F8E8A47B
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA08C8 0_2_00007FF7F8EA08C8
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA6418 0_2_00007FF7F8EA6418
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E935A0 0_2_00007FF7F8E935A0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E9E570 0_2_00007FF7F8E9E570
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E91D54 0_2_00007FF7F8E91D54
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E95D30 0_2_00007FF7F8E95D30
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E9DEF0 0_2_00007FF7F8E9DEF0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E99EA0 0_2_00007FF7F8E99EA0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA5E7C 0_2_00007FF7F8EA5E7C
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E89800 0_2_00007FF7F8E89800
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E98794 0_2_00007FF7F8E98794
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E91F60 0_2_00007FF7F8E91F60
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E91740 0_2_00007FF7F8E91740
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA9728 0_2_00007FF7F8EA9728
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E980E4 0_2_00007FF7F8E980E4
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA08C8 0_2_00007FF7F8EA08C8
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA40AC 0_2_00007FF7F8EA40AC
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA1874 0_2_00007FF7F8EA1874
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: String function: 00007FF7F8E82710 appears 52 times
PE file contains executable resources (Code or Archives)
Source: unicodedata.pyd.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file contains more sections than normal
Source: zlib1.dll.0.dr Static PE information: Number of sections : 12 > 10
PE file does not import any functions
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: python3.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: UV4VDg1Lry.exe, 00000000.00000003.2053949628.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dllT vs UV4VDg1Lry.exe
Source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_socket.pyd. vs UV4VDg1Lry.exe
Source: UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_hashlib.pyd. vs UV4VDg1Lry.exe
Source: UV4VDg1Lry.exe, 00000000.00000003.2054740995.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_decimal.pyd. vs UV4VDg1Lry.exe
Source: UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_bz2.pyd. vs UV4VDg1Lry.exe
Source: UV4VDg1Lry.exe, 00000000.00000003.2054580220.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ctypes.pyd. vs UV4VDg1Lry.exe
Source: UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_lzma.pyd. vs UV4VDg1Lry.exe
Source: classification engine Classification label: mal52.rans.winEXE@3/1068@0/0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\Desktop\encryption_time.txt Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042 Jump to behavior
Source: UV4VDg1Lry.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: UV4VDg1Lry.exe ReversingLabs: Detection: 45%
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File read: C:\Users\user\Desktop\UV4VDg1Lry.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\UV4VDg1Lry.exe "C:\Users\user\Desktop\UV4VDg1Lry.exe"
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Process created: C:\Users\user\Desktop\UV4VDg1Lry.exe "C:\Users\user\Desktop\UV4VDg1Lry.exe"
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Process created: C:\Users\user\Desktop\UV4VDg1Lry.exe "C:\Users\user\Desktop\UV4VDg1Lry.exe" Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: libffi-8.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: tcl86t.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: tk86t.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: libcrypto-3.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Section loaded: wintypes.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: UV4VDg1Lry.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: UV4VDg1Lry.exe Static file information: File size 14296438 > 1048576
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: UV4VDg1Lry.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: UV4VDg1Lry.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: cryptography_rust.pdbc source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: UV4VDg1Lry.exe, 00000000.00000003.2053949628.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2054936820.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2054133641.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2055412250.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: cryptography_rust.pdb source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap` source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: UV4VDg1Lry.exe, 00000000.00000003.2053949628.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: select.pyd.0.dr
Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDX9_62_CURVEfieldIDcurvebaseECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Tue Sep 3 19:22:24 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: UV4VDg1Lry.exe, 00000000.00000003.2055182659.000002871FE4D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: UV4VDg1Lry.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: UV4VDg1Lry.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: UV4VDg1Lry.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: UV4VDg1Lry.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: UV4VDg1Lry.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Binary contains a suspicious time stamp
Source: api-ms-win-core-console-l1-1-0.dll.0.dr Static PE information: 0x975A648E [Sun Jun 19 20:33:18 2050 UTC]
PE file contains sections with non-standard names
Source: VCRUNTIME140.dll.0.dr Static PE information: section name: fothk
Source: VCRUNTIME140.dll.0.dr Static PE information: section name: _RDATA
Source: libcrypto-3.dll.0.dr Static PE information: section name: .00cfg
Source: python312.dll.0.dr Static PE information: section name: PyRuntim
Source: zlib1.dll.0.dr Static PE information: section name: .xdata
Drops PE files
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_cffi_backend.cp312-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_tkinter.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\libffi-8.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\cryptography\hazmat\bindings\_rust.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\tk86t.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\python312.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\libcrypto-3.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\tcl86t.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\zlib1.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File created: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E876C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError, 0_2_00007FF7F8E876C0
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_cffi_backend.cp312-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_tkinter.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\cryptography\hazmat\bindings\_rust.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\python312.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-fibers-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI58042\_ctypes.pyd Jump to dropped file
Found evasive API chain checking for process token information
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E89280 FindFirstFileExW,FindClose, 0_2_00007FF7F8E89280
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E883C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_00007FF7F8E883C0
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 0_2_00007FF7F8EA1874
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\Temp\_MEI58042\ Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe File opened: C:\Users\user\AppData\Local\Temp\ Jump to behavior
Source: UV4VDg1Lry.exe, 00000002.00000003.2804159460.000002681589E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWh
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F8E8D12C
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA3480 GetProcessHeap, 0_2_00007FF7F8EA3480
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F8E8D12C
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8D30C SetUnhandledExceptionFilter, 0_2_00007FF7F8E8D30C
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E9A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00007FF7F8E9A614
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00007FF7F8E8C8A0
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Process created: C:\Users\user\Desktop\UV4VDg1Lry.exe "C:\Users\user\Desktop\UV4VDg1Lry.exe" Jump to behavior
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA9570 cpuid 0_2_00007FF7F8EA9570
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\encoding VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\http1.0 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\msgs VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\opt0.4 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\Africa VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America\Argentina VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_tcl_data\tzdata\America VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\ucrtbase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\Desktop\UV4VDg1Lry.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI58042\cryptography VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8E8D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_00007FF7F8E8D010
Source: C:\Users\user\Desktop\UV4VDg1Lry.exe Code function: 0_2_00007FF7F8EA5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, 0_2_00007FF7F8EA5C00
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1528946 Sample: UV4VDg1Lry.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 52 29 Multi AV Scanner detection for submitted file 2->29 6 UV4VDg1Lry.exe 1001 2->6         started        process3 file4 13 C:\Users\user\AppData\Local\...\zlib1.dll, PE32+ 6->13 dropped 15 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->15 dropped 17 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 6->17 dropped 19 56 other files (none is malicious) 6->19 dropped 9 UV4VDg1Lry.exe 2 5 6->9         started        process5 file6 21 C:\Users\user\Desktop\TQDFJHPUIU.jpg, ASCII 9->21 dropped 23 C:\Users\user\DesktopOWRVPQCCS.xlsx, ASCII 9->23 dropped 25 C:\Users\user\DesktopIVQSAOTAQ.jpg, ASCII 9->25 dropped 27 C:\Users\user\Desktop\...OWRVPQCCS.mp3, ASCII 9->27 dropped 31 Modifies existing user documents (likely ransomware behavior) 9->31 signatures7
No contacted IP infos