Windows Analysis Report
215.exe

Overview

General Information

Sample name: 215.exe
Analysis ID: 1559177
MD5: 4d18783059031dea15c1ff32f60ea380
SHA1: b370235425ba172a351eb7bd9c3e711029103c62
SHA256: 62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1
Tags: exeopendiruser-Joker
Infos:

Detection

Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Renames NTDLL to bypass HIPS
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables driver privileges
Enables security privileges
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

AV Detection

barindex
Source: C:\Users\user\Desktop\QQWER.dll ReversingLabs: Detection: 73%
Source: 215.exe ReversingLabs: Detection: 47%
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.3% probability
Source: C:\Users\user\Desktop\QQWER.dll Joe Sandbox ML: detected
Source: 215.exe Joe Sandbox ML: detected

Compliance

barindex
Source: C:\Users\user\Desktop\215.exe Unpacked PE file: 0.2.215.exe.10000000.2.unpack
Source: C:\Users\user\Desktop\215.exe Unpacked PE file: 4.2.215.exe.10000000.2.unpack
Source: 215.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Binary string: devco n.pdbo source: 215.exe
Source: Binary string: wntdll.pdbUGP source: 215.exe, 00000000.00000002.2630715178.0000000002BD1000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000003.1373948172.0000000002A2A000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1526583142.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2630835922.0000000002C8D000.00000040.00000020.00020000.00000000.sdmp, 64c0e8.tmp.4.dr, 648508.tmp.0.dr
Source: Binary string: wntdll.pdb source: 215.exe, 00000000.00000002.2630715178.0000000002BD1000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000003.1373948172.0000000002A2A000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1526583142.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2630835922.0000000002C8D000.00000040.00000020.00020000.00000000.sdmp, 64c0e8.tmp.4.dr, 648508.tmp.0.dr
Source: Binary string: DrvInDM U.pdbe source: 215.exe
Source: Binary string: wuser32.pdb source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2631007926.0000000002D83000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1527587500.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2631166829.0000000002E4C000.00000040.00000020.00020000.00000000.sdmp, 6485a4.tmp.0.dr, 64c146.tmp.4.dr
Source: Binary string: devc@on.pdb source: 215.exe
Source: Binary string: wuser32.pdbUGP source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2631007926.0000000002D83000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1527587500.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2631166829.0000000002E4C000.00000040.00000020.00020000.00000000.sdmp, 6485a4.tmp.0.dr, 64c146.tmp.4.dr
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A199
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10018AD3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10018AD3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10018EEA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_100193C2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_100193C2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10007FDD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10018801
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_10017804
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10011772
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10013C18
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10011C1A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A031
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10024C38
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001AC51
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001AC51
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001AC51
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10006051
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10006051
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001385A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10002461
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1000F472
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_1001847E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10022882
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 0_2_10025484
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10025484
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_10006495
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10006C96
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10014096
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10014096
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FCB0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_100198CC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100188E1
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001A4E7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1000210D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1000210D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_1000B90D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10003116
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10017D41
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10017D41
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FD4D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10001D56
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10025977
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10010199
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001419C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001419C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008DA3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100111A7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10007DB8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_100151BD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_100151BD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_100151BD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 0_2_1001D1C4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_1001D1C4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_100259D9
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100189E6
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1000FDEA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100101FB
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10014203
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1000B61E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_1001221F
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 0_2_1001221F
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001A236
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1001363D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001363D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008E40
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10011653
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_10011653
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010255
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010255
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10007E55
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_10007E55
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 0_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FA6F
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10022A80
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10011E89
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1001A6C7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 0_2_10017ECA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010AD6
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10010AD6
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 0_2_10008EDD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001BADE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100246E4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100236FF
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 0_2_100236FF
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000FF10
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008B27
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1001BB29
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_10015B34
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000833D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-34h], esp 0_2_10012B40
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_1000634E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000B353
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_10026356
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 0_2_1001DB5C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_1001DB5C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10017B68
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_10011772
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 0_2_10024781
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10024781
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 0_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 0_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 0_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 0_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 0_2_1000A7A2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100137A3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000F7AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10008BC4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10013FC8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_10007BCA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 0_2_10005FDA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_100253E7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 0_2_1000B3F0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 4_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1000710E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A199
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10018AD3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10018AD3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10018EEA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_100193C2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 4_2_100193C2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10007FDD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10018801
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_10017804
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10011772
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10013C18
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10011C1A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A031
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 4_2_10024C38
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1001AC51
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1001AC51
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1001AC51
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10006051
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10006051
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001385A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10002461
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1000F472
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 4_2_1001847E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10022882
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 4_2_10025484
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 4_2_10025484
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_10006495
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10006C96
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10014096
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_10014096
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_100024AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000FCB0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001A8BE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_100198CC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_100188E1
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001A4E7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1000210D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1000210D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 4_2_1000B90D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10003116
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10017D41
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10017D41
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000FD4D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_10001D56
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 4_2_10025977
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10010199
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_1001419C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_1001419C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10008DA3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_100111A7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10007DB8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 4_2_100151BD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 4_2_100151BD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 4_2_100151BD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-28h], esp 4_2_1001D1C4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_1001D1C4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_100259D9
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_100221E2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_100189E6
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1000FDEA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_100101FB
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_10014203
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001121A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1000B61E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_1001221F
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-2Ch], esp 4_2_1001221F
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001A236
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1001363D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001363D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10008E40
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_10011653
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_10011653
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10010255
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10010255
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10007E55
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 4_2_10007E55
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-40h], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-3Ch], esp 4_2_1000C655
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000FA6F
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10022A80
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10011E89
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-50h], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_1002129C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1001A6C7
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-20h], esp 4_2_10017ECA
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10010AD6
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10010AD6
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 4_2_10008EDD
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_1001BADE
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_100246E4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-00000084h], esp 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 4_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1001A6F8
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_100236FF
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-08h], esp 4_2_100236FF
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000FF10
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10008B27
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_1001BB29
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_10015B34
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000833D
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-34h], esp 4_2_10012B40
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-04h], esp 4_2_1000634E
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000B353
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_10026356
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-54h], esp 4_2_1001DB5C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_1001DB5C
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10017B68
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_10011772
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-38h], esp 4_2_10024781
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 4_2_10024781
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-14h], esp 4_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-0Ch], esp 4_2_1002378A
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-4Ch], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-58h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-44h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-48h], esp 4_2_10014289
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-24h], esp 4_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-1Ch], esp 4_2_1001BFA0
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-18h], esp 4_2_1000A7A2
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_100137A3
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_1000F7AC
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10008BC4
Source: C:\Users\user\Desktop\215.exe Code function: 4x nop then cmp dword ptr [ebp-10h], esp 4_2_10013FC8
Source: Joe Sandbox View IP Address: 42.193.100.57 42.193.100.57
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: unknown TCP traffic detected without corresponding DNS query: 42.193.100.57
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /%E5%AD%98%E6%A1%A3/.txt HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: 42.193.100.57Cache-Control: no-cache
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:21:59 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Wed, 20 Nov 2024 08:22:15 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69
Source: 215.exe String found in binary or memory: http://.httpsset-cookie:;;
Source: 215.exe String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/
Source: 215.exe, 00000004.00000002.2629366792.0000000000AF0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
Source: 215.exe, 00000000.00000002.2629312386.0000000000A03000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt-
Source: 215.exe, 00000004.00000002.2629366792.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt._cache_
Source: 215.exe, 00000004.00000002.2629366792.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtJ
Source: 215.exe String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
Source: 215.exe, 00000000.00000002.2629312386.0000000000A03000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt1
Source: 215.exe, 00000004.00000002.2629366792.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt3
Source: 215.exe, 00000004.00000002.2629366792.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtAs
Source: 215.exe, 00000000.00000002.2629312386.00000000009D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtS
Source: 215.exe, 00000004.00000002.2629366792.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtST
Source: 215.exe, 00000004.00000002.2629366792.0000000000B3F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtgrams
Source: 215.exe, 00000004.00000002.2629366792.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtm
Source: 215.exe, 00000000.00000002.2629312386.0000000000A03000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtn
Source: 215.exe String found in binary or memory: http://ocsp.t
Source: 215.exe String found in binary or memory: http://sf.symc
Source: 215.exe String found in binary or memory: http://ts-ocsp.ws.s
Source: 215.exe String found in binary or memory: http://ts-ocsp.ws.symantec.
Source: 215.exe String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Source: 215.exe String found in binary or memory: https://User-Agent:Mozilla/4.0
Source: 215.exe String found in binary or memory: https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
Source: 215.exe String found in binary or memory: https://ww(w.v
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits, 0_2_1001F2ED
Source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: GetRawInputData memstr_2e29a65d-f
Source: Yara match File source: Process Memory Space: 215.exe PID: 7260, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: 215.exe PID: 7584, type: MEMORYSTR
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_10007FDD NtClose, 0_2_10007FDD
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1001419C ReleaseMutex,NtClose, 0_2_1001419C
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1001221F NtClose, 0_2_1001221F
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_10007FDD NtClose, 4_2_10007FDD
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_1001419C ReleaseMutex,NtClose, 4_2_1001419C
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_1001221F NtClose, 4_2_1001221F
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_004C60B0 0_2_004C60B0
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_10002628 0_2_10002628
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_100032EA 0_2_100032EA
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_004C60B0 4_2_004C60B0
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_10002628 4_2_10002628
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_100032EA 4_2_100032EA
Source: C:\Users\user\Desktop\215.exe Process token adjusted: Load Driver Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process token adjusted: Security Jump to behavior
Source: C:\Users\user\Desktop\215.exe Code function: String function: 10029640 appears 130 times
Source: 648508.tmp.0.dr Static PE information: Resource name: RT_MESSAGETABLE type: PDP-11 separate I&D executable not stripped
Source: 64c0e8.tmp.4.dr Static PE information: Resource name: RT_MESSAGETABLE type: PDP-11 separate I&D executable not stripped
Source: 64c0e8.tmp.4.dr Static PE information: No import functions for PE file found
Source: 648508.tmp.0.dr Static PE information: No import functions for PE file found
Source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 215.exe
Source: 215.exe, 00000000.00000003.1373948172.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 215.exe
Source: 215.exe, 00000000.00000002.2631007926.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 215.exe
Source: 215.exe, 00000000.00000002.2630715178.0000000002CFE000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 215.exe
Source: 215.exe, 00000004.00000003.1526583142.0000000002C01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 215.exe
Source: 215.exe, 00000004.00000002.2630835922.0000000002DBA000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs 215.exe
Source: 215.exe, 00000004.00000003.1527587500.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 215.exe
Source: 215.exe, 00000004.00000002.2631166829.0000000002EF4000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameuser32j% vs 215.exe
Source: 215.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: QQWER.dll.0.dr Static PE information: Section: .rsrc ZLIB complexity 1.0002780183550337
Source: 648508.tmp.0.dr Binary string: \Device\IPT[
Source: classification engine Classification label: mal84.evad.winEXE@2/11@0/1
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_00415A0C GetDiskFreeSpaceExA, 0_2_00415A0C
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\Desktop\QQWER.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Mutant created: NULL
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\AppData\Local\Temp\648508.tmp Jump to behavior
Source: 215.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\215.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 215.exe ReversingLabs: Detection: 47%
Source: unknown Process created: C:\Users\user\Desktop\215.exe "C:\Users\user\Desktop\215.exe"
Source: unknown Process created: C:\Users\user\Desktop\215.exe "C:\Users\user\Desktop\215.exe"
Source: C:\Users\user\Desktop\215.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\215.exe Window detected: Number of UI elements: 23
Source: 215.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 215.exe Static file information: File size 5222400 > 1048576
Source: 215.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x14f000
Source: 215.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x286000
Source: 215.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x10d000
Source: Binary string: devco n.pdbo source: 215.exe
Source: Binary string: wntdll.pdbUGP source: 215.exe, 00000000.00000002.2630715178.0000000002BD1000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000003.1373948172.0000000002A2A000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1526583142.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2630835922.0000000002C8D000.00000040.00000020.00020000.00000000.sdmp, 64c0e8.tmp.4.dr, 648508.tmp.0.dr
Source: Binary string: wntdll.pdb source: 215.exe, 00000000.00000002.2630715178.0000000002BD1000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000003.1373948172.0000000002A2A000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1526583142.0000000002ADE000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2630835922.0000000002C8D000.00000040.00000020.00020000.00000000.sdmp, 64c0e8.tmp.4.dr, 648508.tmp.0.dr
Source: Binary string: DrvInDM U.pdbe source: 215.exe
Source: Binary string: wuser32.pdb source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2631007926.0000000002D83000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1527587500.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2631166829.0000000002E4C000.00000040.00000020.00020000.00000000.sdmp, 6485a4.tmp.0.dr, 64c146.tmp.4.dr
Source: Binary string: devc@on.pdb source: 215.exe
Source: Binary string: wuser32.pdbUGP source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2631007926.0000000002D83000.00000040.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000003.1527587500.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2631166829.0000000002E4C000.00000040.00000020.00020000.00000000.sdmp, 6485a4.tmp.0.dr, 64c146.tmp.4.dr

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\215.exe Unpacked PE file: 0.2.215.exe.10000000.2.unpack
Source: C:\Users\user\Desktop\215.exe Unpacked PE file: 4.2.215.exe.10000000.2.unpack
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_004C4020 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, 0_2_004C4020
Source: initial sample Static PE information: section where entry point is pointing to: .rsrc
Source: QQWER.dll.0.dr Static PE information: section name: .Upack
Source: 648508.tmp.0.dr Static PE information: section name: RT
Source: 648508.tmp.0.dr Static PE information: section name: .mrdata
Source: 648508.tmp.0.dr Static PE information: section name: .00cfg
Source: 6485a4.tmp.0.dr Static PE information: section name: .didat
Source: 64c0e8.tmp.4.dr Static PE information: section name: RT
Source: 64c0e8.tmp.4.dr Static PE information: section name: .mrdata
Source: 64c0e8.tmp.4.dr Static PE information: section name: .00cfg
Source: 64c146.tmp.4.dr Static PE information: section name: .didat
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_0052ECF0 push eax; ret 0_2_0052ED1E
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_00530F64 push eax; ret 0_2_00530F82
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1002C7F8 push edi; ret 0_2_1002C7FC
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_0052ECF0 push eax; ret 4_2_0052ED1E
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_00530F64 push eax; ret 4_2_00530F82
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_1002C7F8 push edi; ret 4_2_1002C7FC
Source: QQWER.dll.0.dr Static PE information: section name: .rsrc entropy: 7.999713933191419
Source: 648508.tmp.0.dr Static PE information: section name: .text entropy: 6.844715065913507
Source: 64c0e8.tmp.4.dr Static PE information: section name: .text entropy: 6.844715065913507
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\AppData\Local\Temp\64c146.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\Desktop\QQWER.dll Jump to dropped file
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\AppData\Local\Temp\64c0e8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\AppData\Local\Temp\6485a4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe File created: C:\Users\user\AppData\Local\Temp\648508.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Users\user\Desktop\215.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Jump to behavior
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_004CBFC0 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 0_2_004CBFC0
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits, 0_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_004CBFC0 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow, 4_2_004CBFC0
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits, 4_2_1001F2ED
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\215.exe Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess
Source: C:\Users\user\Desktop\215.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe File opened: C:\Windows\SysWOW64\ntdll.dll Jump to behavior
Source: C:\Users\user\Desktop\215.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\64c146.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe Dropped PE file which has not been started: C:\Users\user\Desktop\QQWER.dll Jump to dropped file
Source: C:\Users\user\Desktop\215.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\64c0e8.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\6485a4.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\648508.tmp Jump to dropped file
Source: C:\Users\user\Desktop\215.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\215.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1000710E GetVersionExA,GetSystemInfo,RtlGetNtVersionNumbers, 0_2_1000710E
Source: 215.exe, 00000000.00000002.2629312386.0000000000A19000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2629312386.000000000098E000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2629366792.0000000000B3F000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000004.00000002.2629366792.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\215.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\215.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_10004B1B LdrInitializeThunk, 0_2_10004B1B
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_004C4020 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary, 0_2_004C4020
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1001A4C7 mov eax, dword ptr fs:[00000030h] 0_2_1001A4C7
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_1000AE99 mov eax, dword ptr fs:[00000030h] 0_2_1000AE99
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_1001A4C7 mov eax, dword ptr fs:[00000030h] 4_2_1001A4C7
Source: C:\Users\user\Desktop\215.exe Code function: 4_2_1000AE99 mov eax, dword ptr fs:[00000030h] 4_2_1000AE99
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_10027BB0 GetProcessHeap,RtlAllocateHeap,MessageBoxA, 0_2_10027BB0
Source: C:\Users\user\Desktop\215.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\215.exe Process token adjusted: Debug Jump to behavior
Source: 215.exe Binary or memory string: @TaskbarCreatedShell_TrayWndTrayNotifyWndSysPagerToolbarWindow32@@
Source: 215.exe Binary or memory string: Shell_TrayWnd
Source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2629312386.000000000098E000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2631007926.0000000002D83000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: GetProgmanWindow
Source: 215.exe, 00000004.00000002.2629366792.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SetProgmanWindowx
Source: 215.exe, 00000004.00000002.2629366792.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: GetProgmanWindow*
Source: 215.exe, 00000000.00000003.1374898577.0000000002A2C000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2629312386.000000000098E000.00000004.00000020.00020000.00000000.sdmp, 215.exe, 00000000.00000002.2631007926.0000000002D83000.00000040.00000020.00020000.00000000.sdmp Binary or memory string: SetProgmanWindow
Source: 215.exe, 00000000.00000002.2629312386.000000000098E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SetProgmanWindowk{
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_10019EDC cpuid 0_2_10019EDC
Source: C:\Users\user\Desktop\215.exe Code function: 0_2_00533630 GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA, 0_2_00533630
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs