Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532362
MD5:	2f196bd220285987b1fcdb38e168a2fc
SHA1:	75c5911f580bd69b5f4163a9851ad4b52a1e8f29
SHA256:	19dbf29be3e1392aed675d6fe0b0e4079df3bee3fa93fda2659a76f4d080533f
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_009EC698 CryptVerifySignatureA,

0_2_009EC698

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1702561914.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1835547145.0000000000812000.00000040.00000001.01000000.00000003.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CD089	0_2_008CD089
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AA08C	0_2_008AA08C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B108D	0_2_008B108D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083808A	0_2_0083808A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089D087	0_2_0089D087
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00917086	0_2_00917086
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C80A0	0_2_008C80A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089C0A7	0_2_0089C0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AC0B5	0_2_009AC0B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088F0BE	0_2_0088F0BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009040A9	0_2_009040A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD	0_2_0097B0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008850C9	0_2_008850C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008680C0	0_2_008680C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008690CA	0_2_008690CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E50C1	0_2_008E50C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008670D2	0_2_008670D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008800DF	0_2_008800DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082C0DB	0_2_0082C0DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089A0E8	0_2_0089A0E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093A0F0	0_2_0093A0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087C0EF	0_2_0087C0EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009520FF	0_2_009520FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E0F2	0_2_0083E0F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086A0F2	0_2_0086A0F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009200EB	0_2_009200EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095E0EA	0_2_0095E0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B400E	0_2_008B400E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D200B	0_2_008D200B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095901D	0_2_0095901D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096801C	0_2_0096801C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AD007	0_2_008AD007
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092F01F	0_2_0092F01F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00833013	0_2_00833013
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C301A	0_2_008C301A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093D00B	0_2_0093D00B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DD014	0_2_008DD014
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00976009	0_2_00976009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BE029	0_2_008BE029
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094D037	0_2_0094D037
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088E02E	0_2_0088E02E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093B03D	0_2_0093B03D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089F038	0_2_0089F038
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00832031	0_2_00832031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082F034	0_2_0082F034
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091902B	0_2_0091902B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848039	0_2_00848039
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00829047	0_2_00829047
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096D05E	0_2_0096D05E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086304F	0_2_0086304F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844048	0_2_00844048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F1041	0_2_008F1041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841054	0_2_00841054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876053	0_2_00876053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908047	0_2_00908047
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A04F	0_2_0092A04F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084505B	0_2_0084505B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B3054	0_2_008B3054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00926071	0_2_00926071
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00900075	0_2_00900075
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083D065	0_2_0083D065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00871076	0_2_00871076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC07C	0_2_008DC07C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00961067	0_2_00961067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083F071	0_2_0083F071
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E207A	0_2_008E207A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00886070	0_2_00886070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00931197	0_2_00931197
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088818E	0_2_0088818E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090C196	0_2_0090C196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00923199	0_2_00923199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896199	0_2_00896199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CC19E	0_2_008CC19E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00877192	0_2_00877192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B019C	0_2_008B019C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088B196	0_2_0088B196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00895196	0_2_00895196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00968189	0_2_00968189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096E1B4	0_2_0096E1B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E31A5	0_2_008E31A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FB1A0	0_2_008FB1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086F1BD	0_2_0086F1BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009801DB	0_2_009801DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094A1D7	0_2_0094A1D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008761C3	0_2_008761C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009411DC	0_2_009411DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008721D4	0_2_008721D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009021F4	0_2_009021F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008701E1	0_2_008701E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085B1EC	0_2_0085B1EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094F1FF	0_2_0094F1FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008491F4	0_2_008491F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C51FD	0_2_008C51FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008741F4	0_2_008741F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093B1ED	0_2_0093B1ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090D115	0_2_0090D115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00950110	0_2_00950110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A10F	0_2_0083A10F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098A10D	0_2_0098A10D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D8117	0_2_008D8117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4113	0_2_008F4113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00970137	0_2_00970137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00910130	0_2_00910130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093213B	0_2_0093213B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085E12C	0_2_0085E12C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FE122	0_2_008FE122
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086D129	0_2_0086D129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098512A	0_2_0098512A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00943156	0_2_00943156
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090515A	0_2_0090515A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096A158	0_2_0096A158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091814B	0_2_0091814B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085915A	0_2_0085915A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089816F	0_2_0089816F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC162	0_2_008BC162
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928166	0_2_00928166
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00836174	0_2_00836174
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854172	0_2_00854172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E4176	0_2_008E4176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092D16B	0_2_0092D16B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00890172	0_2_00890172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FD174	0_2_008FD174
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084017B	0_2_0084017B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EE286	0_2_008EE286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4284	0_2_008F4284
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00880298	0_2_00880298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00934283	0_2_00934283
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090F28E	0_2_0090F28E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F22AD	0_2_008F22AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC2AD	0_2_008AC2AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008862A0	0_2_008862A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008552B1	0_2_008552B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083B2B8	0_2_0083B2B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008472B8	0_2_008472B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008972C0	0_2_008972C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082B2C9	0_2_0082B2C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009462C4	0_2_009462C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008912DF	0_2_008912DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008602E7	0_2_008602E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008992EB	0_2_008992EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C92EA	0_2_008C92EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008682F0	0_2_008682F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009492EC	0_2_009492EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008652FF	0_2_008652FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008522FB	0_2_008522FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E62F1	0_2_008E62F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C0207	0_2_008C0207
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093821C	0_2_0093821C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085F215	0_2_0085F215
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093F206	0_2_0093F206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082D215	0_2_0082D215
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00873219	0_2_00873219
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096A235	0_2_0096A235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00937235	0_2_00937235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A2220	0_2_008A2220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092123D	0_2_0092123D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F023F	0_2_008F023F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095D227	0_2_0095D227
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00960225	0_2_00960225
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084A237	0_2_0084A237
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084423B	0_2_0084423B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C324B	0_2_008C324B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C241	0_2_0088C241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D9247	0_2_008D9247
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E5245	0_2_008E5245
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00958247	0_2_00958247
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088A262	0_2_0088A262
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00853269	0_2_00853269
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C1263	0_2_008C1263
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A270	0_2_0082A270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B272	0_2_0086B272
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090026D	0_2_0090026D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC270	0_2_008EC270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828383	0_2_00828383
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082738B	0_2_0082738B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084238D	0_2_0084238D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092539E	0_2_0092539E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C396	0_2_0084C396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00873399	0_2_00873399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009543BE	0_2_009543BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094B3A1	0_2_0094B3A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C63B3	0_2_008C63B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C73C4	0_2_008C73C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088A3C1	0_2_0088A3C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA3DE	0_2_008CA3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009223C0	0_2_009223C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C3D1	0_2_0088C3D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009153F1	0_2_009153F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092D3F3	0_2_0092D3F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A03E8	0_2_008A03E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A93EC	0_2_008A93EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009563F2	0_2_009563F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D43E4	0_2_008D43E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D53F5	0_2_008D53F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086C3FC	0_2_0086C3FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008813F6	0_2_008813F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE30A	0_2_008AE30A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B230B	0_2_008B230B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085C302	0_2_0085C302
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087A31F	0_2_0087A31F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A5310	0_2_008A5310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B4317	0_2_008B4317
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00863318	0_2_00863318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00916335	0_2_00916335
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00945332	0_2_00945332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00939338	0_2_00939338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AB332	0_2_008AB332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CF335	0_2_008CF335
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00913328	0_2_00913328
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00944356	0_2_00944356
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082E344	0_2_0082E344
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088734E	0_2_0088734E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E0348	0_2_008E0348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F5348	0_2_008F5348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087834D	0_2_0087834D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093035D	0_2_0093035D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A349	0_2_0092A349
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090834D	0_2_0090834D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00962377	0_2_00962377
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A836F	0_2_008A836F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BA36C	0_2_008BA36C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083936E	0_2_0083936E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093F37D	0_2_0093F37D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00882376	0_2_00882376
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00894376	0_2_00894376
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D1372	0_2_008D1372
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AA486	0_2_008AA486
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085F488	0_2_0085F488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A3485	0_2_008A3485
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00851491	0_2_00851491
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093C48D	0_2_0093C48D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009194B7	0_2_009194B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008344AB	0_2_008344AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A4BF	0_2_0092A4BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008644C4	0_2_008644C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009474DB	0_2_009474DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B64DB	0_2_008B64DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E4D0	0_2_0084E4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DD4DA	0_2_008DD4DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087C4DE	0_2_0087C4DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008404DA	0_2_008404DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008854D7	0_2_008854D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E4E2	0_2_0083E4E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008934ED	0_2_008934ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083F4E5	0_2_0083F4E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008954FE	0_2_008954FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088E403	0_2_0088E403
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908404	0_2_00908404
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B341C	0_2_008B341C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095F40E	0_2_0095F40E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC42F	0_2_008FC42F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00935433	0_2_00935433
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B0423	0_2_008B0423
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C3424	0_2_008C3424
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092943A	0_2_0092943A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE424	0_2_008DE424
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084F42E	0_2_0084F42E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ED437	0_2_008ED437
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A43F	0_2_0083A43F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EB430	0_2_008EB430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00856444	0_2_00856444
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F944E	0_2_008F944E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088944C	0_2_0088944C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA44B	0_2_008FA44B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083D44A	0_2_0083D44A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097445C	0_2_0097445C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093A45F	0_2_0093A45F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BB45B	0_2_008BB45B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FF45F	0_2_008FF45F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00967445	0_2_00967445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AD451	0_2_008AD451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00911470	0_2_00911470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC46C	0_2_008BC46C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B9463	0_2_008B9463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DA466	0_2_008DA466
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8479	0_2_008F8479
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091E466	0_2_0091E466
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091B591	0_2_0091B591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896588	0_2_00896588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087158F	0_2_0087158F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FE585	0_2_008FE585
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091459F	0_2_0091459F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096F598	0_2_0096F598
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093158B	0_2_0093158B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091C5B7	0_2_0091C5B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AB5A1	0_2_008AB5A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009035BC	0_2_009035BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094A5B9	0_2_0094A5B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009265A2	0_2_009265A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC5BC	0_2_008DC5BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009415A0	0_2_009415A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090D5AF	0_2_0090D5AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AA5CB	0_2_008AA5CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009285D0	0_2_009285D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008845CB	0_2_008845CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008305CB	0_2_008305CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086B5CF	0_2_0086B5CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E85C4	0_2_008E85C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F75DE	0_2_008F75DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009455C2	0_2_009455C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008985D6	0_2_008985D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009345F6	0_2_009345F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C5E5	0_2_0083C5E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009795F0	0_2_009795F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009595FD	0_2_009595FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084B5FC	0_2_0084B5FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009705EE	0_2_009705EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092B5E9	0_2_0092B5E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C5FB	0_2_0084C5FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088D509	0_2_0088D509
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00902513	0_2_00902513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096451C	0_2_0096451C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096D519	0_2_0096D519
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095B500	0_2_0095B500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089C528	0_2_0089C528
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00925533	0_2_00925533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A522	0_2_0090A522
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096E52E	0_2_0096E52E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2532	0_2_008E2532
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090652E	0_2_0090652E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B8534	0_2_008B8534
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E542	0_2_0086E542
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D9549	0_2_008D9549
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094E552	0_2_0094E552
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096B55B	0_2_0096B55B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087D548	0_2_0087D548
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA556	0_2_008EA556
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088F554	0_2_0088F554
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D756E	0_2_008D756E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089256F	0_2_0089256F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6564	0_2_008D6564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A2564	0_2_008A2564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085A576	0_2_0085A576
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087B684	0_2_0087B684
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A68E	0_2_0082A68E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00841695	0_2_00841695
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F5699	0_2_008F5699
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090F686	0_2_0090F686
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087569A	0_2_0087569A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009586B0	0_2_009586B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095C6B0	0_2_0095C6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A46A3	0_2_008A46A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A6A9	0_2_0083A6A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008786AB	0_2_008786AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E6BF	0_2_0090E6BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088B6B1	0_2_0088B6B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008996B3	0_2_008996B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B76CA	0_2_008B76CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA6CB	0_2_008CA6CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E06C9	0_2_008E06C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089D6C2	0_2_0089D6C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C86C1	0_2_008C86C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F46DF	0_2_008F46DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008906DB	0_2_008906DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008596E2	0_2_008596E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009686FE	0_2_009686FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097E6FE	0_2_0097E6FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009156FB	0_2_009156FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008556EE	0_2_008556EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090D6E2	0_2_0090D6E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009576E2	0_2_009576E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088F6F3	0_2_0088F6F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093D6ED	0_2_0093D6ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2607	0_2_008F2607
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090461B	0_2_0090461B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B161F	0_2_008B161F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00849619	0_2_00849619
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089E62D	0_2_0089E62D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00921626	0_2_00921626
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088863D	0_2_0088863D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00940621	0_2_00940621
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090262B	0_2_0090262B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FD64F	0_2_008FD64F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00943645	0_2_00943645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00831651	0_2_00831651
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874654	0_2_00874654
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840651	0_2_00840651
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B065D	0_2_008B065D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082C65B	0_2_0082C65B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00843661	0_2_00843661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00861661	0_2_00861661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095467B	0_2_0095467B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085D674	0_2_0085D674
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00845673	0_2_00845673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C978E	0_2_008C978E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC78D	0_2_008AC78D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088E783	0_2_0088E783
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C2787	0_2_008C2787
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091F780	0_2_0091F780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082B798	0_2_0082B798
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2795	0_2_008E2795
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00949788	0_2_00949788
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085879A	0_2_0085879A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E97AE	0_2_008E97AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008807A3	0_2_008807A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008877A6	0_2_008877A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC7BD	0_2_008FC7BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008677B8	0_2_008677B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AB7CC	0_2_008AB7CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009537D2	0_2_009537D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EF7C3	0_2_008EF7C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008267CD	0_2_008267CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092C7C3	0_2_0092C7C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009557C1	0_2_009557C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008377D6	0_2_008377D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008637DD	0_2_008637DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D37D6	0_2_008D37D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008427D9	0_2_008427D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008927E8	0_2_008927E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008387E4	0_2_008387E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA7E3	0_2_008FA7E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094B7F9	0_2_0094B7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE7E5	0_2_008AE7E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091D7E1	0_2_0091D7E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B57FA	0_2_008B57FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008327F7	0_2_008327F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009337EA	0_2_009337EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008957F6	0_2_008957F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00847704	0_2_00847704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854700	0_2_00854700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B470E	0_2_008B470E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4700	0_2_008D4700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089B71C	0_2_0089B71C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00939704	0_2_00939704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848719	0_2_00848719
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00886715	0_2_00886715
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00850729	0_2_00850729
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082D72C	0_2_0082D72C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00900726	0_2_00900726
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CD734	0_2_008CD734
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00988726	0_2_00988726
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00944740	0_2_00944740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092974E	0_2_0092974E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00879766	0_2_00879766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095B776	0_2_0095B776
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D276A	0_2_008D276A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828777	0_2_00828777
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A877C	0_2_008A877C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00960761	0_2_00960761
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091676A	0_2_0091676A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00935892	0_2_00935892
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085388C	0_2_0085388C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087388B	0_2_0087388B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C7881	0_2_008C7881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092F89F	0_2_0092F89F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CF89D	0_2_008CF89D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085F89E	0_2_0085F89E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095288E	0_2_0095288E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096688A	0_2_0096688A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096E88B	0_2_0096E88B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085689B	0_2_0085689B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DF8AD	0_2_008DF8AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009318B4	0_2_009318B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009048BB	0_2_009048BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D88BD	0_2_008D88BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008818BA	0_2_008818BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009228A0	0_2_009228A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A78BE	0_2_008A78BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094F8A3	0_2_0094F8A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC8B4	0_2_008BC8B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E18C6	0_2_008E18C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092B8D8	0_2_0092B8D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093C8DF	0_2_0093C8DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087D8D7	0_2_0087D8D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E78DF	0_2_008E78DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CD8DF	0_2_008CD8DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008478DE	0_2_008478DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008368E2	0_2_008368E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009078F2	0_2_009078F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093B8F7	0_2_0093B8F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009658FE	0_2_009658FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009128FB	0_2_009128FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009478F9	0_2_009478F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F18E1	0_2_008F18E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095E8E9	0_2_0095E8E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F080E	0_2_008F080E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00946815	0_2_00946815
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A9804	0_2_008A9804
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00924800	0_2_00924800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E681A	0_2_008E681A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866811	0_2_00866811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094D80E	0_2_0094D80E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082E819	0_2_0082E819
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090880F	0_2_0090880F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087F823	0_2_0087F823
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B3825	0_2_008B3825
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090F820	0_2_0090F820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00910822	0_2_00910822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089F830	0_2_0089F830
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090982C	0_2_0090982C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00869839	0_2_00869839
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E84E	0_2_0084E84E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FB840	0_2_008FB840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00861853	0_2_00861853
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A185F	0_2_008A185F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A386C	0_2_008A386C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE86B	0_2_008DE86B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093A879	0_2_0093A879
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087A86C	0_2_0087A86C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088E865	0_2_0088E865

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 009E768D appears 35 times

Sample file is different than original file name gathered from version info

Source: file.exe, 00000000.00000000.1689530477.0000000000816000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: icnnzupo ZLIB complexity 0.9951843646740763

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E52F push ebx; mov dword ptr [esp], esp	0_2_0081E53F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E52F push 78547356h; mov dword ptr [esp], ecx	0_2_0081E547
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E52F push eax; mov dword ptr [esp], esi	0_2_0081F159
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A780B6 push eax; mov dword ptr [esp], edi	0_2_00A780D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098108A push esi; mov dword ptr [esp], eax	0_2_009810F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098108A push eax; mov dword ptr [esp], ebp	0_2_00981101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098108A push 78DA4E86h; mov dword ptr [esp], eax	0_2_00981109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098108A push ebx; mov dword ptr [esp], ebp	0_2_00981186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098108A push 237CEA22h; mov dword ptr [esp], esi	0_2_0098118E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098108A push ebx; mov dword ptr [esp], eax	0_2_009811C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C09C push edx; mov dword ptr [esp], 08EAD926h	0_2_0081C09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AC0B5 push eax; mov dword ptr [esp], 2E8F9DD1h	0_2_009AC18F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AC0B5 push eax; mov dword ptr [esp], edx	0_2_009AC21E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AC0B5 push 37ED0300h; mov dword ptr [esp], edi	0_2_009AC23F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push ebx; mov dword ptr [esp], esi	0_2_0097B0B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push 527782E7h; mov dword ptr [esp], ecx	0_2_0097B0E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push 0B6F62CAh; mov dword ptr [esp], edx	0_2_0097B219
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push edx; mov dword ptr [esp], ebx	0_2_0097B2CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push 1B20552Fh; mov dword ptr [esp], ebx	0_2_0097B345
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push eax; mov dword ptr [esp], 39644573h	0_2_0097B3C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push ecx; mov dword ptr [esp], 4BEE6837h	0_2_0097B417
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push ecx; mov dword ptr [esp], eax	0_2_0097B44F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push 704301D7h; mov dword ptr [esp], ebx	0_2_0097B457
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push esi; mov dword ptr [esp], 8F428184h	0_2_0097B45E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push ecx; mov dword ptr [esp], ebx	0_2_0097B498
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push 60C5D282h; mov dword ptr [esp], edx	0_2_0097B4F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push ebp; mov dword ptr [esp], ecx	0_2_0097B51B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push esi; mov dword ptr [esp], edx	0_2_0097B52E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097B0AD push edi; mov dword ptr [esp], ebx	0_2_0097B592
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C0BC push eax; mov dword ptr [esp], ecx	0_2_0081C0DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009090F0 push 6F627944h; mov dword ptr [esp], edx	0_2_0090911D

Source: file.exe	Static PE information: section name: entropy: 7.806404187042036
Source: file.exe	Static PE information: section name: icnnzupo entropy: 7.954454224398055

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 81DB0B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 81DBDE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9BB789 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A50A3C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8206F4 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 7060000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81E2C0 second address: 81E2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81E2C4 second address: 81DB6A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5DF0DE1E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e sub dword ptr [ebp+122D2754h], edx 0x00000014 push dword ptr [ebp+122D0725h] 0x0000001a xor dword ptr [ebp+122D1DB5h], ebx 0x00000020 call dword ptr [ebp+122D26DFh] 0x00000026 pushad 0x00000027 stc 0x00000028 xor eax, eax 0x0000002a pushad 0x0000002b mov si, dx 0x0000002e mov dword ptr [ebp+122D21EEh], ebx 0x00000034 popad 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 jng 00007F5DF0DE1E0Ch 0x0000003f mov dword ptr [ebp+122D39A6h], eax 0x00000045 pushad 0x00000046 xor ebx, 45747784h 0x0000004c mov esi, dword ptr [ebp+122D39CEh] 0x00000052 popad 0x00000053 mov esi, 0000003Ch 0x00000058 sub dword ptr [ebp+122D21EEh], ecx 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 pushad 0x00000063 mov dx, 56B7h 0x00000067 mov eax, dword ptr [ebp+122D376Eh] 0x0000006d popad 0x0000006e lodsw 0x00000070 mov dword ptr [ebp+122D21EEh], eax 0x00000076 add eax, dword ptr [esp+24h] 0x0000007a mov dword ptr [ebp+122D21EEh], ecx 0x00000080 jmp 00007F5DF0DE1E14h 0x00000085 mov ebx, dword ptr [esp+24h] 0x00000089 mov dword ptr [ebp+122D21EEh], eax 0x0000008f nop 0x00000090 push ecx 0x00000091 push eax 0x00000092 push edx 0x00000093 pushad 0x00000094 popad 0x00000095 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DB6A second address: 81DB9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5DF0D6CDF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5DF0D6CDF1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81DB9C second address: 81DBA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F5DF0DE1E06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 990FCF second address: 990FEF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5DF0D6CDE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5DF0D6CDF2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98FFB2 second address: 98FFBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98FFBA second address: 98FFC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98FFC0 second address: 98FFC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98FFC4 second address: 98FFD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98FFD2 second address: 98FFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 990153 second address: 99016A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5DF0D6CDE6h 0x00000008 jmp 00007F5DF0D6CDEAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99016A second address: 990183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5DF0DE1E0Dh 0x00000009 je 00007F5DF0DE1E06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 993756 second address: 993779 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5DF0D6CDEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e jnp 00007F5DF0D6CDECh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 993779 second address: 9937A5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5DF0DE1E06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d jo 00007F5DF0DE1E13h 0x00000013 push eax 0x00000014 jmp 00007F5DF0DE1E0Bh 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push edi 0x00000022 pop edi 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9939F3 second address: 9939F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9939F7 second address: 993A5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5DF0DE1E12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F5DF0DE1E14h 0x0000000f jmp 00007F5DF0DE1E16h 0x00000014 popad 0x00000015 popad 0x00000016 add dword ptr [esp], 26ADD773h 0x0000001d or dword ptr [ebp+122D26E4h], ebx 0x00000023 lea ebx, dword ptr [ebp+124496B6h] 0x00000029 or dword ptr [ebp+124475E2h], eax 0x0000002f xchg eax, ebx 0x00000030 pushad 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 993AE3 second address: 993AED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F5DF0D6CDE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B47F3 second address: 9B47F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2987 second address: 9B298C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B298C second address: 9B299B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F5DF0DE1E06h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2D8E second address: 9B2DCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F5DF0D6CDF8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 pushad 0x00000016 js 00007F5DF0D6CDE6h 0x0000001c push esi 0x0000001d pop esi 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 popad 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push edi 0x00000026 pop edi 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2F05 second address: 9B2F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2F09 second address: 9B2F0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B2F0D second address: 9B2F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 jg 00007F5DF0DE1E06h 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 pop edx 0x0000001a jne 00007F5DF0DE1E08h 0x00000020 push ecx 0x00000021 push esi 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B309C second address: 9B30A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B30A0 second address: 9B30A6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B30A6 second address: 9B30B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F5DF0D6CDE8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B34E3 second address: 9B34E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B34E7 second address: 9B34EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B34EF second address: 9B351B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 je 00007F5DF0DE1E06h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 pop eax 0x00000015 jmp 00007F5DF0DE1E0Ch 0x0000001a je 00007F5DF0DE1E06h 0x00000020 popad 0x00000021 push ecx 0x00000022 push eax 0x00000023 pop eax 0x00000024 pop ecx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9724BE second address: 9724D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5DF0D6CDF1h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B38CF second address: 9B38F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5DF0DE1E0Eh 0x0000000b popad 0x0000000c jmp 00007F5DF0DE1E0Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3E8A second address: 9B3EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3EA0 second address: 9B3EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3EA4 second address: 9B3EA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3EA8 second address: 9B3EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5DF0DE1E10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3EBE second address: 9B3EC5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B4050 second address: 9B408B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5DF0DE1E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F5DF0DE1E13h 0x0000000f jmp 00007F5DF0DE1E11h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B408B second address: 9B409D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F5DF0D6CDE6h 0x0000000c popad 0x0000000d push ecx 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B41DA second address: 9B41DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Source: file.exe, file.exe, 00000000.00000002.1835571016.0000000000998000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1835571016.0000000000998000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

ID:	1532362
Product:	CloudBasic
Start time:	02:18:05
Start date:	13.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2f196bd220285987b1fcdb38e168a2fc
SHA1:	75c5911f580bd69b5f4163a9851ad4b52a1e8f29
SHA256:	19dbf29be3e1392aed675d6fe0b0e4079df3bee3fa93fda2659a76f4d080533f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
file.exe