Windows Analysis Report
211.exe

Overview

General Information

Sample name: 211.exe
Analysis ID: 1559169
MD5: f7c96ff131b356fe164c8d666c0f3b46
SHA1: 7468349a73f810bcf320dd6ae65cb46fc81a9c10
SHA256: fb2812b22e399ad46d1c3da512199be1647ad932dd5c0166d58be87cde3e1876
Tags: exeopendiruser-Joker
Infos:

Detection

Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Renames NTDLL to bypass HIPS
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables driver privileges
Enables security privileges
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

AV Detection

barindex
Source: C:\Users\user\Desktop\QQWER.dll ReversingLabs: Detection: 73%
Source: 211.exe ReversingLabs: Detection: 47%
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.8% probability
Source: C:\Users\user\Desktop\QQWER.dll Joe Sandbox ML: detected
Source: 211.exe Joe Sandbox ML: detected

Compliance

barindex
Source: C:\Users\user\Desktop\211.exe Unpacked PE file: 0.2.211.exe.10000000.2.unpack
Source: C:\Users\user\Desktop\211.exe Unpacked PE file: 5.2.211.exe.10000000.2.unpack
Source: 211.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: devco n.pdbo source: 211.exe
Source: Binary string: wntdll.pdbUGP source: 211.exe, 00000000.00000003.1486855520.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000002.2740114913.0000000002D54000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1650913098.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740053388.0000000002D27000.00000040.00000020.00020000.00000000.sdmp, 54e41d.tmp.0.dr, 552434.tmp.5.dr
Source: Binary string: wntdll.pdb source: 211.exe, 00000000.00000003.1486855520.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000002.2740114913.0000000002D54000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1650913098.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740053388.0000000002D27000.00000040.00000020.00020000.00000000.sdmp, 54e41d.tmp.0.dr, 552434.tmp.5.dr
Source: Binary string: DrvInDM U.pdbe source: 211.exe
Source: Binary string: wuser32.pdb source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1652407175.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740388485.0000000002EDC000.00000040.00000020.00020000.00000000.sdmp, 5524a1.tmp.5.dr, 54e47b.tmp.0.dr
Source: Binary string: devc@on.pdb source: 211.exe
Source: Binary string: wuser32.pdbUGP source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1652407175.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740388485.0000000002EDC000.00000040.00000020.00020000.00000000.sdmp, 5524a1.tmp.5.dr, 54e47b.tmp.0.dr
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A199
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10018AD3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10018AD3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10018EEA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_100193C2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_100193C2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10007FDD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10018801
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_10017804
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10011772
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10013C18
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10011C1A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A031
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10024C38
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001AC51
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001AC51
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001AC51
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10006051
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10006051
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001385A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10002461
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1000F472
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_1001847E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10022882
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 0_2_10025484
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10025484
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_10006495
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10006C96
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10014096
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10014096
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FCB0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_100198CC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100188E1
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001A4E7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1000210D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1000210D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_1000B90D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10003116
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10017D41
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10017D41
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FD4D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10001D56
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10025977
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10010199
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001419C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001419C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008DA3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100111A7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10007DB8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_100151BD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_100151BD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_100151BD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 0_2_1001D1C4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001D1C4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_100259D9
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100189E6
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1000FDEA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100101FB
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10014203
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1000B61E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_1001221F
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_1001221F
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001A236
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1001363D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001363D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008E40
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10011653
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10011653
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010255
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010255
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10007E55
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_10007E55
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FA6F
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10022A80
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10011E89
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001A6C7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_10017ECA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010AD6
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010AD6
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 0_2_10008EDD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001BADE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100246E4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100236FF
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100236FF
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FF10
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008B27
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001BB29
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_10015B34
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000833D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-34h], esp 0_2_10012B40
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1000634E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000B353
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_10026356
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 0_2_1001DB5C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_1001DB5C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10017B68
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10011772
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 0_2_10024781
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10024781
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_1000A7A2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100137A3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000F7AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008BC4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10013FC8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10007BCA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10005FDA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100253E7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000B3F0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 5_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1000710E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A199
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10018AD3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10018AD3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10018EEA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_100193C2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 5_2_100193C2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10007FDD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10018801
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_10017804
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10011772
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10013C18
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10011C1A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A031
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 5_2_10024C38
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1001AC51
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1001AC51
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1001AC51
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10006051
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10006051
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001385A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10002461
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1000F472
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 5_2_1001847E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10022882
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 5_2_10025484
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 5_2_10025484
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_10006495
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10006C96
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10014096
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_10014096
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_100024AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000FCB0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001A8BE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_100198CC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_100188E1
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001A4E7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1000210D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1000210D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 5_2_1000B90D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10003116
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10017D41
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10017D41
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000FD4D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_10001D56
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 5_2_10025977
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10010199
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_1001419C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_1001419C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10008DA3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_100111A7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10007DB8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 5_2_100151BD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 5_2_100151BD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 5_2_100151BD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 5_2_1001D1C4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_1001D1C4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_100259D9
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_100221E2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_100189E6
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1000FDEA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_100101FB
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_10014203
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001121A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1000B61E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_1001221F
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 5_2_1001221F
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001A236
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1001363D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001363D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10008E40
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_10011653
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_10011653
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10010255
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10010255
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10007E55
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 5_2_10007E55
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 5_2_1000C655
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000FA6F
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10022A80
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10011E89
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_1002129C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1001A6C7
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 5_2_10017ECA
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10010AD6
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10010AD6
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 5_2_10008EDD
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_1001BADE
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_100246E4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 5_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1001A6F8
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_100236FF
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 5_2_100236FF
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000FF10
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10008B27
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_1001BB29
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_10015B34
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000833D
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-34h], esp 5_2_10012B40
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 5_2_1000634E
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000B353
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_10026356
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 5_2_1001DB5C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_1001DB5C
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10017B68
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_10011772
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 5_2_10024781
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 5_2_10024781
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 5_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 5_2_1002378A
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 5_2_10014289
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 5_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 5_2_1001BFA0
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 5_2_1000A7A2
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_100137A3
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_1000F7AC
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10008BC4
Source: C:\Users\user\Desktop\211.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 5_2_10013FC8
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:14:56 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:15:12 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69
Source: 211.exe String found in binary or memory: http://.httpsset-cookie:;;
Source: 211.exe, 00000000.00000002.2738661260.0000000000C20000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/
Source: 211.exe String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/
Source: 211.exe, 00000005.00000002.2738541455.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
Source: 211.exe, 00000005.00000002.2738541455.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt87
Source: 211.exe, 00000000.00000002.2738661260.0000000000C54000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt;
Source: 211.exe, 00000000.00000002.2738661260.0000000000C35000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtS
Source: 211.exe, 00000000.00000002.2738661260.0000000000C54000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtX
Source: 211.exe, 00000005.00000002.2738541455.0000000000C15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtm
Source: 211.exe String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
Source: 211.exe, 00000005.00000002.2738541455.0000000000BE2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt-
Source: 211.exe, 00000005.00000002.2738541455.0000000000BE2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt6
Source: 211.exe, 00000005.00000002.2738541455.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtF
Source: 211.exe, 00000000.00000002.2738661260.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2738541455.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtgrams
Source: 211.exe String found in binary or memory: http://ocsp.t
Source: 211.exe String found in binary or memory: http://sf.symc
Source: 211.exe String found in binary or memory: http://ts-ocsp.ws.s
Source: 211.exe String found in binary or memory: http://ts-ocsp.ws.symantec.
Source: 211.exe String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Source: 211.exe String found in binary or memory: https://User-Agent:Mozilla/4.0
Source: 211.exe String found in binary or memory: https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
Source: 211.exe String found in binary or memory: https://ww(w.v
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits, 0_2_1001F2ED
Source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: GetRawInputData memstr_2a3fcccb-e
Source: Yara match File source: Process Memory Space: 211.exe PID: 6600, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 211.exe PID: 5408, type: MEMORYSTR
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_10007FDD NtClose, 0_2_10007FDD
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1001419C ReleaseMutex,NtClose, 0_2_1001419C
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1001221F NtClose, 0_2_1001221F
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_10007FDD NtClose, 5_2_10007FDD
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_1001419C ReleaseMutex,NtClose, 5_2_1001419C
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_1001221F NtClose, 5_2_1001221F
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_004C6680 0_2_004C6680
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_004C51A0 0_2_004C51A0
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_10002628 0_2_10002628
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_100032EA 0_2_100032EA
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_004C6680 5_2_004C6680
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_004C51A0 5_2_004C51A0
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_10002628 5_2_10002628
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_100032EA 5_2_100032EA
Source: C:\Users\user\Desktop\211.exe Process token adjusted: Load Driver Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process token adjusted: Security Jump to behavior
Source: C:\Users\user\Desktop\211.exe Code function: String function: 10029640 appears 130 times
Source: 54e41d.tmp.0.dr Static PE information: Resource name: RT_MESSAGETABLE type: PDP-11 separate I&D executable not stripped
Source: 552434.tmp.5.dr Static PE information: Resource name: RT_MESSAGETABLE type: PDP-11 separate I&D executable not stripped
Source: 54e41d.tmp.0.dr Static PE information: No import functions for PE file found
Source: 552434.tmp.5.dr Static PE information: No import functions for PE file found
Source: 211.exe, 00000000.00000002.2740114913.0000000002E81000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 211.exe
Source: 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 211.exe
Source: 211.exe, 00000000.00000003.1486855520.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 211.exe
Source: 211.exe, 00000000.00000002.2740445326.0000000002FB3000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 211.exe
Source: 211.exe, 00000005.00000003.1652407175.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 211.exe
Source: 211.exe, 00000005.00000002.2740053388.0000000002E54000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 211.exe
Source: 211.exe, 00000005.00000003.1650913098.0000000002C9D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 211.exe
Source: 211.exe, 00000005.00000002.2740388485.0000000002F84000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 211.exe
Source: 211.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: QQWER.dll.0.dr Static PE information: Section: .rsrc ZLIB complexity 1.0002780183550337
Source: 552434.tmp.5.dr Binary string: \Device\IPT[
Source: classification engine Classification label: mal84.evad.winEXE@2/10@0/1
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_0041FD8E GetDiskFreeSpaceExA, 0_2_0041FD8E
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\Desktop\QQWER.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Mutant created: NULL
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\AppData\Local\Temp\54e41d.tmp Jump to behavior
Source: 211.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\211.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 211.exe ReversingLabs: Detection: 47%
Source: unknown Process created: C:\Users\user\Desktop\211.exe "C:\Users\user\Desktop\211.exe"
Source: unknown Process created: C:\Users\user\Desktop\211.exe "C:\Users\user\Desktop\211.exe"
Source: C:\Users\user\Desktop\211.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\211.exe Window detected: Number of UI elements: 23
Source: 211.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 211.exe Static file information: File size 5214208 > 1048576
Source: 211.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x14f000
Source: 211.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x284000
Source: 211.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x10d000
Source: Binary string: devco n.pdbo source: 211.exe
Source: Binary string: wntdll.pdbUGP source: 211.exe, 00000000.00000003.1486855520.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000002.2740114913.0000000002D54000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1650913098.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740053388.0000000002D27000.00000040.00000020.00020000.00000000.sdmp, 54e41d.tmp.0.dr, 552434.tmp.5.dr
Source: Binary string: wntdll.pdb source: 211.exe, 00000000.00000003.1486855520.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000002.2740114913.0000000002D54000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1650913098.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740053388.0000000002D27000.00000040.00000020.00020000.00000000.sdmp, 54e41d.tmp.0.dr, 552434.tmp.5.dr
Source: Binary string: DrvInDM U.pdbe source: 211.exe
Source: Binary string: wuser32.pdb source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1652407175.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740388485.0000000002EDC000.00000040.00000020.00020000.00000000.sdmp, 5524a1.tmp.5.dr, 54e47b.tmp.0.dr
Source: Binary string: devc@on.pdb source: 211.exe
Source: Binary string: wuser32.pdbUGP source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1652407175.0000000002B7A000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2740388485.0000000002EDC000.00000040.00000020.00020000.00000000.sdmp, 5524a1.tmp.5.dr, 54e47b.tmp.0.dr

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\211.exe Unpacked PE file: 0.2.211.exe.10000000.2.unpack
Source: C:\Users\user\Desktop\211.exe Unpacked PE file: 5.2.211.exe.10000000.2.unpack
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_004C45F0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, 0_2_004C45F0
Source: initial sample Static PE information: section where entry point is pointing to: .rsrc
Source: QQWER.dll.0.dr Static PE information: section name: .Upack
Source: 54e41d.tmp.0.dr Static PE information: section name: RT
Source: 54e41d.tmp.0.dr Static PE information: section name: .mrdata
Source: 54e41d.tmp.0.dr Static PE information: section name: .00cfg
Source: 54e47b.tmp.0.dr Static PE information: section name: .didat
Source: 552434.tmp.5.dr Static PE information: section name: RT
Source: 552434.tmp.5.dr Static PE information: section name: .mrdata
Source: 552434.tmp.5.dr Static PE information: section name: .00cfg
Source: 5524a1.tmp.5.dr Static PE information: section name: .didat
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_0052F2C0 push eax; ret 0_2_0052F2EE
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_00531534 push eax; ret 0_2_00531552
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1002C7F8 push edi; ret 0_2_1002C7FC
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_0052F2C0 push eax; ret 5_2_0052F2EE
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_00531534 push eax; ret 5_2_00531552
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_1002C7F8 push edi; ret 5_2_1002C7FC
Source: QQWER.dll.0.dr Static PE information: section name: .rsrc entropy: 7.999713933191419
Source: 54e41d.tmp.0.dr Static PE information: section name: .text entropy: 6.844715065913507
Source: 552434.tmp.5.dr Static PE information: section name: .text entropy: 6.844715065913507
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\AppData\Local\Temp\54e47b.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\AppData\Local\Temp\54e41d.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\AppData\Local\Temp\5524a1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\Desktop\QQWER.dll Jump to dropped file
Source: C:\Users\user\Desktop\211.exe File created: C:\Users\user\AppData\Local\Temp\552434.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Users\user\Desktop\211.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_004CC590 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 0_2_004CC590
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits, 0_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_004CC590 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 5_2_004CC590
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits, 5_2_1001F2ED
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\211.exe Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\211.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\211.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\54e47b.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\54e41d.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5524a1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe Dropped PE file which has not been started: C:\Users\user\Desktop\QQWER.dll Jump to dropped file
Source: C:\Users\user\Desktop\211.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\552434.tmp Jump to dropped file
Source: C:\Users\user\Desktop\211.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\211.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1000710E GetVersionExA,GetSystemInfo,RtlGetNtVersionNumbers, 0_2_1000710E
Source: 211.exe, 00000005.00000002.2738541455.0000000000B88000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWx
Source: 211.exe, 00000000.00000002.2738661260.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWp
Source: 211.exe, 00000000.00000002.2738661260.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1551065289.0000000000C54000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000002.2738541455.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000005.00000003.1710108421.0000000000C16000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\211.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\211.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_10004B1B LdrInitializeThunk, 0_2_10004B1B
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_004C45F0 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, 0_2_004C45F0
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1001A4C7 mov eax, dword ptr fs:[00000030h] 0_2_1001A4C7
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_1000AE99 mov eax, dword ptr fs:[00000030h] 0_2_1000AE99
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_1001A4C7 mov eax, dword ptr fs:[00000030h] 5_2_1001A4C7
Source: C:\Users\user\Desktop\211.exe Code function: 5_2_1000AE99 mov eax, dword ptr fs:[00000030h] 5_2_1000AE99
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_004B1250 GetProcessHeap,RtlAllocateHeap, 0_2_004B1250
Source: C:\Users\user\Desktop\211.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\211.exe Process token adjusted: Debug Jump to behavior
Source: 211.exe Binary or memory string: @TaskbarCreatedShell_TrayWndTrayNotifyWndSysPagerToolbarWindow32@@
Source: 211.exe Binary or memory string: Shell_TrayWnd
Source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000002.2738661260.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: GetProgmanWindow
Source: 211.exe, 00000000.00000002.2738661260.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SetProgmanWindow?
Source: 211.exe, 00000005.00000002.2738541455.0000000000B88000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SetProgmanWindow9
Source: 211.exe, 00000000.00000002.2740445326.0000000002F0B000.00000040.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000002.2738661260.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, 211.exe, 00000000.00000003.1487921635.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SetProgmanWindow
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_10019EDC cpuid 0_2_10019EDC
Source: C:\Users\user\Desktop\211.exe Code function: 0_2_00533C00 GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA, 0_2_00533C00
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs