Windows Analysis Report
LiquidText Installer.exe

Overview

General Information

Sample name: LiquidText Installer.exe
Analysis ID: 1501320
MD5: 9ab59b8d383a6ab6c131c5e96b4d68de
SHA1: 22192dab0ce673ae164d0fb25cf3a015c3e9c37c
SHA256: 967552d901dbdcc34498c2e57a61bc2846400f90726d951d4075ade86e4af545
Infos:

Detection

Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Source: C:\Users\user\Desktop\LiquidText Installer.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LiquidText Installer.exe.log Jump to behavior
Source: LiquidText Installer.exe Static PE information: certificate valid
Source: LiquidText Installer.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\1\s\src\StoreInstaller\obj\Release\net472\StoreInstaller.pdb source: LiquidText Installer.exe
Source: Binary string: D:\a\_work\1\s\src\StoreInstaller\obj\Release\net472\StoreInstaller.pdbSHA256Oy source: LiquidText Installer.exe
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F713000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/StoreInstaller;component/Resources/StoreAppList.Light.png
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5FA55000.00000004.00000800.00020000.00000000.sdmp, LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F81C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://e12564.dspb.akamaiedge.net
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F7F1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://e16646.g.akamaiedge.net
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F713000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Resources/StoreAppList.Light.png
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F713000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/resources/storeapplist.light.png
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5FA55000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F68E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5FA55000.00000004.00000800.00020000.00000000.sdmp, LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F8EB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.UniversalStore.DisplayCatalog.Contracts.Version7.R
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F68E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/StoreInstaller.Models
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F7AB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LiquidText Installer.exe, 00000000.00000002.2494440349.0000017E5F68E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.oh
Detected potential crypto function
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E841ED 0_2_00007FF848E841ED
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E946CE 0_2_00007FF848E946CE
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848EB6672 0_2_00007FF848EB6672
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E901BD 0_2_00007FF848E901BD
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E81A15 0_2_00007FF848E81A15
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F940A8 0_2_00007FF848F940A8
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F90CBC 0_2_00007FF848F90CBC
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F91B50 0_2_00007FF848F91B50
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F977E0 0_2_00007FF848F977E0
Sample file is different than original file name gathered from version info
Source: LiquidText Installer.exe Binary or memory string: OriginalFilenameStoreInstaller.exe@ vs LiquidText Installer.exe
Source: classification engine Classification label: clean4.winEXE@1/5@0/0
Source: C:\Users\user\Desktop\LiquidText Installer.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8517.tmp Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Mutant created: NULL
Source: C:\Users\user\Desktop\LiquidText Installer.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{f6bec8ba-58ff-4dfc-9981-2ec5ebd23734}-9N9Z9NSV47FL
Source: C:\Users\user\Desktop\LiquidText Installer.exe File created: C:\Users\user\AppData\Local\Temp\Tmp816B.tmp Jump to behavior
Source: LiquidText Installer.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: LiquidText Installer.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\LiquidText Installer.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: LiquidText Installer.exe String found in binary or memory: Expired)UnknownInstallerType%ProductUnavailableECompatibilityArchitectureCheckFail1CompatibilityOSCheckFail)InstallationStarting-InstallationInProgress%InstallationPaused=InstallationDownloadingPercent+InstallState.CanceledGInstallationDownloadProgressDetails
Source: LiquidText Installer.exe String found in binary or memory: 0.0-InstallState.Completed
Source: LiquidText Installer.exe String found in binary or memory: I-install
Source: LiquidText Installer.exe String found in binary or memory: )Gusto mo bang kanselahin ang pag-install?
Source: LiquidText Installer.exe String found in binary or memory: Nakumpleto ang pag-install
Source: LiquidText Installer.exe String found in binary or memory: Ini-install
Source: LiquidText Installer.exe String found in binary or memory: &Naka-install ang pinakabagong bersyon.
Source: LiquidText Installer.exe String found in binary or memory: ella l-installazzjoni?
Source: LiquidText Installer.exe String found in binary or memory: L-installazzjoni tlestiet
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: esdsip.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ncryptprov.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: msctfui.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windowscodecsext.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: icm32.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.applicationmodel.store.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: webservices.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: installservice.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.web.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: twinui.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\LiquidText Installer.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: LiquidText Installer.exe Static PE information: certificate valid
Source: initial sample Static PE information: Valid certificate with Microsoft Issuer
Source: LiquidText Installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: LiquidText Installer.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: LiquidText Installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\src\StoreInstaller\obj\Release\net472\StoreInstaller.pdb source: LiquidText Installer.exe
Source: Binary string: D:\a\_work\1\s\src\StoreInstaller\obj\Release\net472\StoreInstaller.pdbSHA256Oy source: LiquidText Installer.exe
Binary contains a suspicious time stamp
Source: LiquidText Installer.exe Static PE information: 0xC2ABFCEE [Fri Jun 30 12:28:30 2073 UTC]
PE file contains an invalid checksum
Source: LiquidText Installer.exe Static PE information: real checksum: 0xe0df9 should be: 0xe0d26
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848D6D2A5 pushad ; iretd 0_2_00007FF848D6D2A6
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E8E468 pushad ; ret 0_2_00007FF848E8E4E1
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E955B8 push eax; ret 0_2_00007FF848E95851
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E95598 push eax; ret 0_2_00007FF848E95851
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E99E8C push eax; ret 0_2_00007FF848E99EA4
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E957D8 push eax; ret 0_2_00007FF848E95851
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E957B8 push eax; ret 0_2_00007FF848E95851
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848E8201D push esi; ret 0_2_00007FF848E82022
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F96048 pushad ; ret 0_2_00007FF848F9612D
Source: LiquidText Installer.exe Static PE information: section name: .text entropy: 6.809768386929733
Source: C:\Users\user\Desktop\LiquidText Installer.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LiquidText Installer.exe.log Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\LiquidText Installer.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\LiquidText Installer.exe Memory allocated: 17E5D8E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Memory allocated: 17E77420000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F977E0 rdtsc 0_2_00007FF848F977E0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598771 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598645 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598517 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598405 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598293 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598109 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597957 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597828 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597703 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597602 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597496 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597384 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597277 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597160 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597033 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596906 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596781 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596670 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596557 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596453 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596333 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596206 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596078 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595967 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595856 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595719 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595441 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595105 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594994 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594884 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594772 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594671 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594549 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594437 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594328 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594215 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594104 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594000 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593880 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593766 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593656 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593547 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593432 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593328 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\LiquidText Installer.exe Window / User API: threadDelayed 7889 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Window / User API: threadDelayed 1883 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -23058430092136925s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5520 Thread sleep time: -2767011611056431s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -598771s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -598645s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -598517s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -598405s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -598293s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -598109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597957s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597828s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597703s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597602s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597496s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597384s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597277s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597160s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -597033s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596906s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596670s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596557s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596333s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596206s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -596078s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -595967s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -595856s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -595719s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -595441s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -595105s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594994s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594884s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594772s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594671s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594549s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594437s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594328s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594215s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594104s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -594000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -593880s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -593766s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -593656s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -593547s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -593432s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe TID: 5604 Thread sleep time: -593328s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598771 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598645 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598517 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598405 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598293 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 598109 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597957 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597828 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597703 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597602 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597496 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597384 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597277 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597160 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 597033 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596906 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596781 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596670 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596557 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596453 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596333 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596206 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 596078 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595967 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595856 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595719 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595441 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 595105 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594994 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594884 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594772 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594671 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594549 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594437 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594328 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594215 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594104 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 594000 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593880 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593766 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593656 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593547 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593432 Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Thread delayed: delay time: 593328 Jump to behavior
Source: LiquidText Installer.exe, 00000000.00000002.2500441740.0000017E7BD53000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\LiquidText Installer.exe Code function: 0_2_00007FF848F977E0 rdtsc 0_2_00007FF848F977E0
Enables debug privileges
Source: C:\Users\user\Desktop\LiquidText Installer.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Users\user\Desktop\LiquidText Installer.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\System32\WinMetadata\Windows.Globalization.winmd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8517.tmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\System32\WinMetadata\Windows.Data.winmd VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFFFD4.tmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\LiquidText Installer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1501320 Sample: LiquidText Installer.exe Startdate: 29/08/2024 Architecture: WINDOWS Score: 4 4 LiquidText Installer.exe 16 19 2->4         started       
No contacted IP infos