Source: file.exe |
ReversingLabs: Detection: 50% |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00403B58 CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptDestroyHash,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext, |
0_2_00403B58 |
Source: file.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: unknown |
DNS traffic detected: query: info.pillowkidguest.ru replaycode: Name error (3) |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
DNS traffic detected: DNS query: s.itorrent.bz |
Source: global traffic |
DNS traffic detected: DNS query: info.pillowkidguest.ru |
Source: global traffic |
DNS traffic detected: DNS query: cdn.itorrent.bz |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cdn.itorrent.bz/ |
Source: file.exe |
String found in binary or memory: http://cdn.itorrent.bz/itorrent-application/itorrent.zip |
Source: file.exe, 00000000.00000002.3001735411.0000000000668000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cdn.itorrent.bz/itorrent-application/itorrent.zip5 |
Source: file.exe |
String found in binary or memory: http://cdn.itorrent.bz/itorrent-application/itorrent.zipFreeSpacer_setup.exe. |
Source: file.exe |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: file.exe |
String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t |
Source: file.exe |
String found in binary or memory: http://g.itorrent.bz/support.i |
Source: file.exe |
String found in binary or memory: http://g.itorrent.bz/support.ilbad |
Source: file.exe, 00000000.00000003.1887309756.00000000006CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001835622.00000000006CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://info.pillowkidguest.ru/Ts |
Source: file.exe |
String found in binary or memory: http://info.pillowkidguest.ru/logo.png |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://info.pillowkidguest.ru/logo.pngU |
Source: file.exe |
String found in binary or memory: http://info.pillowkidguest.ru/logo.pnga8b13a8ef5c233e82e7c47bb5977f38a |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://info.pillowkidguest.ru/logo.pngm |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://info.pillowkidguest.ru/logo.pngs2 |
Source: file.exe |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/ |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz// |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz//95 |
Source: file.exe |
String found in binary or memory: http://s.itorrent.bz/i/ |
Source: file.exe, 00000000.00000002.3001735411.0000000000668000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df% |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.0000000000668000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404 |
Source: file.exe, 00000000.00000003.1887608203.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.00000000006A4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404/ |
Source: file.exe, 00000000.00000003.1887608203.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.00000000006A4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404T |
Source: file.exe, 00000000.00000003.1887608203.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.00000000006A4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404j |
Source: file.exe, 00000000.00000003.1887608203.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.0000000000668000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/s/?version=1.0.0.404 |
Source: file.exe |
String found in binary or memory: http://s.itorrent.bz/i/BUTTON###image/pngCan |
Source: file.exe, 00000000.00000002.3001835622.00000000006C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1887309756.00000000006C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/l$J |
Source: file.exe, 00000000.00000003.1887029003.00000000006EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001891613.00000000006EB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s.itorrent.bz/w5 |
Source: file.exe |
String found in binary or memory: http://tfile.me/forum/download.php?id=706491&ak=11xxxxxxxx |
Source: file.exe |
String found in binary or memory: http://tfile.me/forum/download.php?id=706491&ak=11xxxxxxxxF |
Source: file.exe, 00000000.00000002.3001627761.0000000000450000.00000004.00000001.01000000.00000007.sdmp |
String found in binary or memory: http://tfile.me/forum/download.php?id=706491&ak=11xxxxxxxxJ |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00411CFB |
0_2_00411CFB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004360B3 |
0_2_004360B3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00437135 |
0_2_00437135 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004341AD |
0_2_004341AD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042D2E3 |
0_2_0042D2E3 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004345E2 |
0_2_004345E2 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00436625 |
0_2_00436625 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041E68F |
0_2_0041E68F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004338A1 |
0_2_004338A1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00424950 |
0_2_00424950 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00434A17 |
0_2_00434A17 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00437B4C |
0_2_00437B4C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0041DC2B |
0_2_0041DC2B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042DCCB |
0_2_0042DCCB |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00425C8F |
0_2_00425C8F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00433D95 |
0_2_00433D95 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00426F5F |
0_2_00426F5F |
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 00439BBF appears 33 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 00438F67 appears 41 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 004261A0 appears 61 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 00439B56 appears 46 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 00439B89 appears 68 times |
|
Source: C:\Users\user\Desktop\file.exe |
Code function: String function: 0040792F appears 31 times |
|
Source: file.exe |
Static PE information: invalid certificate |
Source: file.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal48.winEXE@1/1@11/0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00406633 __EH_prolog3_GS,_memset,SHGetFolderPathW,CoCreateInstance,CoTaskMemFree, |
0_2_00406633 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00405D6E LoadResource,LockResource,SizeofResource,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,CreateStreamOnHGlobal,GlobalFree,GdipAlloc, |
0_2_00405D6E |
Source: C:\Users\user\Desktop\file.exe |
File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06 |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Mutant created: NULL |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: Debug |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: xD |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: $C |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: LyD |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: @yD |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: DyD |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: HyD |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: LhD |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: prf |
0_2_00412753 |
Source: C:\Users\user\Desktop\file.exe |
Command line argument: NB |
0_2_0042E7A0 |
Source: file.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: file.exe |
ReversingLabs: Detection: 50% |
Source: file.exe |
String found in binary or memory: --start |
Source: file.exe |
String found in binary or memory: //d/ps/p/installed/i |
Source: file.exe |
String found in binary or memory: --install |
Source: file.exe |
String found in binary or memory: //d/ps/p/installed/i |
Source: file.exe |
String found in binary or memory: @openhttpieoperalauncheroperaoldyandexgooglechromeinternet explorerfirefoxffamigo01HKLMHKEY_LOCAL_MACHINE\DisplayNameSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall<?xml version="1.0"?><d></d>//d/ps/p/rs/rname//d/ps/p/fs/f//d/ps/p/installed/i//d/machineid//d/guid//d/defbrowser//d/osexceptionl |
Source: file.exe |
String found in binary or memory: iTorrent.--installset-autoloadset-defaultset-firewall -- |
Source: file.exe |
String found in binary or memory: dftsttfdp%ib%ipdfif--startpifip%ib%iContent-Type: application/xml; |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Window detected: Number of UI elements: 31 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00425C8F EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00425C8F |
Source: file.exe, 00000000.00000003.1887608203.00000000006A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3001735411.00000000006A4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\file.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0042EC02 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_0042EC02 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004278D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_004278D8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004278A7 SetUnhandledExceptionFilter, |
0_2_004278A7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
0_2_0042F095 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW, |
0_2_0042F249 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_0042F20C |
Source: C:\Users\user\Desktop\file.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
0_2_004263F6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW, |
0_2_00435614 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _GetPrimaryLen,EnumSystemLocalesW, |
0_2_004358C8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: EnumSystemLocalesW, |
0_2_00435888 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _GetPrimaryLen,EnumSystemLocalesW, |
0_2_00435945 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, |
0_2_004359C8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, |
0_2_00435BBD |
Source: C:\Users\user\Desktop\file.exe |
Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00435CE7 |
Source: C:\Users\user\Desktop\file.exe |
Code function: GetLocaleInfoW,_GetPrimaryLen, |
0_2_00435D94 |
Source: C:\Users\user\Desktop\file.exe |
Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, |
0_2_00435E68 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_004038C5 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z,__EH_prolog3,LookupAccountNameW,GetLastError,LookupAccountNameW, |
0_2_004038C5 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0040A723 __EH_prolog3_GS,_memset,GetVersionExW, |
0_2_0040A723 |