Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532507
MD5:	0d02cf0f47e5e00b974005486688bff3
SHA1:	28f40eab6e86751e122a3356629b035395d873ee
SHA256:	7d675e8c4d85715d3fb67443be91e55956ab88549140a2e66675fdc3bfdeabd8
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00CAA48E CryptVerifySignatureA,

0_2_00CAA48E

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2164528840.0000000005280000.00000004.00001000.00020000.00000000.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD00B1	0_2_00BD00B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C040CE	0_2_00C040CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C240D2	0_2_00C240D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B960A8	0_2_00B960A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E0D5	0_2_00C2E0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B320AE	0_2_00B320AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A09F	0_2_00B4A09F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA091	0_2_00BAA091
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF	0_2_00C480EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095	0_2_00B92095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B28084	0_2_00B28084
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1E08B	0_2_00B1E08B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA8086	0_2_00BA8086
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE	0_2_00C3E0FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00FC	0_2_00BC00FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E0F0	0_2_00B8E0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C20088	0_2_00C20088
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B640D2	0_2_00B640D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC80D0	0_2_00BC80D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B38022	0_2_00B38022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10056	0_2_00C10056
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2022	0_2_00BA2022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE00D	0_2_00AEE00D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12019	0_2_00B12019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C064	0_2_00B8C064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC053	0_2_00BAC053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA604F	0_2_00BA604F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A040	0_2_00B6A040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2C1A2	0_2_00B2C1A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD61BC	0_2_00AD61BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB61AA	0_2_00BB61AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E19F	0_2_00B0E19F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC418C	0_2_00BC418C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE184	0_2_00BFE184
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C1FB	0_2_00C0C1FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C22183	0_2_00C22183
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E1F1	0_2_00B3E1F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF01FC	0_2_00BF01FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B061C1	0_2_00B061C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA1C8	0_2_00BFA1C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE1C5	0_2_00BDE1C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B601C8	0_2_00B601C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE129	0_2_00BEE129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B16116	0_2_00B16116
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04101	0_2_00B04101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE011C	0_2_00AE011C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E105	0_2_00B9E105
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C104	0_2_00B9C104
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3017C	0_2_00C3017C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68172	0_2_00B68172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2177	0_2_00BC2177
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8160	0_2_00AE8160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B22152	0_2_00B22152
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE214F	0_2_00BE214F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58141	0_2_00B58141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB014E	0_2_00BB014E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB62B6	0_2_00BB62B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B442A9	0_2_00B442A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C282E6	0_2_00C282E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A2FA	0_2_00C2A2FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7E28E	0_2_00B7E28E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8A287	0_2_00B8A287
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B082F1	0_2_00B082F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B982F5	0_2_00B982F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B002E3	0_2_00B002E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E2AD	0_2_00C4E2AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B40234	0_2_00B40234
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA23F	0_2_00BEA23F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6234	0_2_00BD6234
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8223	0_2_00BB8223
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE235	0_2_00AFE235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B26229	0_2_00B26229
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E214	0_2_00B4E214
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADE206	0_2_00ADE206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA214	0_2_00BBA214
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0C271	0_2_00B0C271
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC27E	0_2_00BDC27E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08219	0_2_00C08219
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0021E	0_2_00C0021E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A26E	0_2_00B0A26E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5E25F	0_2_00B5E25F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2A247	0_2_00B2A247
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02239	0_2_00C02239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A3B2	0_2_00B4A3B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA3BD	0_2_00BBA3BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B10396	0_2_00B10396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C183F6	0_2_00C183F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE3FD	0_2_00BEE3FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF83EC	0_2_00BF83EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA3E4	0_2_00BDA3E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B963D9	0_2_00B963D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B303DB	0_2_00B303DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B623DC	0_2_00B623DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE3D5	0_2_00BBE3D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C063B7	0_2_00C063B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6321	0_2_00BC6321
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA31E	0_2_00BFA31E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C366	0_2_00C2C366
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE312	0_2_00BAE312
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5031F	0_2_00B5031F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14370	0_2_00B14370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1A370	0_2_00B1A370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2630C	0_2_00C2630C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE036E	0_2_00BE036E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC36E	0_2_00BEC36E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1631E	0_2_00C1631E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C357	0_2_00B4C357
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF434A	0_2_00AF434A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4342	0_2_00BF4342
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1C4BF	0_2_00B1C4BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4249A	0_2_00B4249A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B56485	0_2_00B56485
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6C484	0_2_00B6C484
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02483	0_2_00B02483
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC497	0_2_00AEC497
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD24FC	0_2_00BD24FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C480	0_2_00C1C480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B664F8	0_2_00B664F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD64EA	0_2_00BD64EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C4D0	0_2_00B4C4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA64D3	0_2_00BA64D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA4C4	0_2_00AFA4C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B204CB	0_2_00B204CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADA4D6	0_2_00ADA4D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA24C5	0_2_00BA24C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E441	0_2_00C2E441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE442C	0_2_00BE442C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8432	0_2_00AF8432
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9A41D	0_2_00B9A41D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0416	0_2_00BC0416
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5441B	0_2_00B5441B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12407	0_2_00B12407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2A40B	0_2_00B2A40B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE2467	0_2_00AE2467
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E409	0_2_00C0E409
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36416	0_2_00C36416
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9445F	0_2_00B9445F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA455	0_2_00BCA455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4845B	0_2_00B4845B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE644E	0_2_00BE644E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE445A	0_2_00AE445A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE451	0_2_00AEE451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE85A4	0_2_00AE85A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE5B2	0_2_00BDE5B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E5A9	0_2_00B8E5A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF65BA	0_2_00AF65BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C085D7	0_2_00C085D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B165AA	0_2_00B165AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2E595	0_2_00B2E595
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C58C	0_2_00B9C58C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA858D	0_2_00BA858D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B865F7	0_2_00B865F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C22591	0_2_00C22591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE25E5	0_2_00BE25E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5C5DE	0_2_00B5C5DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEA529	0_2_00AEA529
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B32538	0_2_00B32538
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64523	0_2_00B64523
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD0524	0_2_00BD0524
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3851A	0_2_00B3851A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4516	0_2_00BA4516
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE578	0_2_00BCE578
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58578	0_2_00B58578
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14511	0_2_00C14511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04567	0_2_00B04567
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC564	0_2_00BFC564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2655D	0_2_00B2655D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00535	0_2_00C00535
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA543	0_2_00BDA543
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C306C6	0_2_00C306C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E6D7	0_2_00C1E6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF46A3	0_2_00BF46A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B466A9	0_2_00B466A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE6A6	0_2_00BBE6A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B926A7	0_2_00B926A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E690	0_2_00B3E690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C6E5	0_2_00C1C6E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C286EA	0_2_00C286EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADA684	0_2_00ADA684
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80691	0_2_00B80691
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46686	0_2_00C46686
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C687	0_2_00C3C687
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B646F8	0_2_00B646F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE46F0	0_2_00BE46F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B346E4	0_2_00B346E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD86E2	0_2_00BD86E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3C6D8	0_2_00B3C6D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC6D1	0_2_00BDC6D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8A6C6	0_2_00B8A6C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF663C	0_2_00BF663C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE63C	0_2_00BAE63C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A647	0_2_00C1A647
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A64D	0_2_00C0A64D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60639	0_2_00B60639
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B06623	0_2_00B06623
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6634	0_2_00AD6634
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0624	0_2_00BB0624
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE60E	0_2_00AFE60E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1E614	0_2_00B1E614
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02670	0_2_00C02670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA656	0_2_00BEA656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF065B	0_2_00AF065B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C187C1	0_2_00C187C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B987BD	0_2_00B987BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B027A2	0_2_00B027A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE67B3	0_2_00AE67B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA78A	0_2_00BCA78A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C787	0_2_00C2C787
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF27E7	0_2_00AF27E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC780	0_2_00CBC780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC67F7	0_2_00BC67F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B947F4	0_2_00B947F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9A7E8	0_2_00B9A7E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A7E1	0_2_00B6A7E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE67DB	0_2_00BE67DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC7C3	0_2_00BEC7C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36726	0_2_00B36726
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFC704	0_2_00AFC704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5070D	0_2_00B5070D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6762	0_2_00BA6762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C71D	0_2_00C0C71D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5C754	0_2_00B5C754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C228C4	0_2_00C228C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD28BA	0_2_00BD28BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C008C8	0_2_00C008C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C068E9	0_2_00C068E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12889	0_2_00B12889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B568F7	0_2_00B568F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD68E8	0_2_00AD68E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE28E9	0_2_00AE28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA8F4	0_2_00BFA8F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC8F0	0_2_00BFC8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE48FB	0_2_00AE48FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C268A6	0_2_00C268A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE8C1	0_2_00BDE8C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE83C	0_2_00BAE83C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC083A	0_2_00BC083A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4826	0_2_00AF4826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C834	0_2_00B8C834
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2485B	0_2_00C2485B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14817	0_2_00B14817
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1A81C	0_2_00B1A81C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2809	0_2_00BA2809
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE887C	0_2_00BE887C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5487F	0_2_00B5487F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEA861	0_2_00AEA861
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7086C	0_2_00B7086C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B30857	0_2_00B30857
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1085C	0_2_00B1085C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0482D	0_2_00C0482D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6843	0_2_00BB6843
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE845	0_2_00BEE845
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7284B	0_2_00B7284B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2A84F	0_2_00B2A84F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B189BA	0_2_00B189BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE9AF	0_2_00BFE9AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE9A9	0_2_00BCE9A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD699C	0_2_00BD699C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9499F	0_2_00B9499F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C209F5	0_2_00C209F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6992	0_2_00AF6992
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A9FD	0_2_00C2A9FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1C9F0	0_2_00B1C9F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A9FD	0_2_00B3A9FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE9F1	0_2_00AFE9F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B169DC	0_2_00B169DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC9D4	0_2_00BAC9D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB09C5	0_2_00BB09C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66936	0_2_00B66936
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8934	0_2_00BD8934
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD893C	0_2_00AD893C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA92E	0_2_00BAA92E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2492F	0_2_00B2492F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48915	0_2_00B48915
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34909	0_2_00B34909
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7A909	0_2_00B7A909
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE297B	0_2_00BE297B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2976	0_2_00BC2976
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B26961	0_2_00B26961
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC96E	0_2_00BDC96E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0896A	0_2_00B0896A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC949	0_2_00ADC949
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC94B	0_2_00AEC94B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B76948	0_2_00B76948
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5EAB4	0_2_00B5EAB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4EAB3	0_2_00B4EAB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2CAB8	0_2_00B2CAB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8A8F	0_2_00AD8A8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBAA9C	0_2_00BBAA9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88A89	0_2_00B88A89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CA8D	0_2_00B9CA8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3CAF1	0_2_00B3CAF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B50AE6	0_2_00B50AE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0AF8	0_2_00AF0AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE6AD4	0_2_00BE6AD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1EAB9	0_2_00C1EAB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4AC1	0_2_00BD4AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCAC3	0_2_00BFCAC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9EA31	0_2_00B9EA31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6EA3F	0_2_00B6EA3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00A49	0_2_00C00A49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2A2F	0_2_00BF2A2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA8A20	0_2_00BA8A20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B24A04	0_2_00B24A04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64A01	0_2_00B64A01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0EA09	0_2_00B0EA09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5AA0A	0_2_00B5AA0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B06A70	0_2_00B06A70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1EA52	0_2_00B1EA52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36A59	0_2_00B36A59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52A5E	0_2_00B52A5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4A53	0_2_00BF4A53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF6A44	0_2_00BF6A44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0EBC1	0_2_00C0EBC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CBC8	0_2_00C0CBC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BECBB1	0_2_00BECBB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0B8D	0_2_00BB0B8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0B86	0_2_00BE0B86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58B8C	0_2_00B58B8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08BFB	0_2_00C08BFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2BF8	0_2_00BE2BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1ABFC	0_2_00B1ABFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14B93	0_2_00C14B93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE6BF1	0_2_00AE6BF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98BCC	0_2_00B98BCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7ABCF	0_2_00B7ABCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14BCD	0_2_00B14BCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4ABC9	0_2_00B4ABC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BACB2B	0_2_00BACB2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AB55	0_2_00C0AB55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66B15	0_2_00B66B15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1AB62	0_2_00C1AB62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE0B08	0_2_00AE0B08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B00B1A	0_2_00B00B1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44B6A	0_2_00C44B6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60B0C	0_2_00B60B0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAEB73	0_2_00BAEB73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80B76	0_2_00B80B76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFCB70	0_2_00AFCB70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA0B55	0_2_00BA0B55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3ACCB	0_2_00C3ACCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2CB6	0_2_00BD2CB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B32CA2	0_2_00B32CA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24CD0	0_2_00C24CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFACBB	0_2_00AFACBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8CAC	0_2_00BB8CAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1ACDC	0_2_00C1ACDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8C9F	0_2_00BF8C9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00CE0	0_2_00C00CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAAC98	0_2_00BAAC98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCCC99	0_2_00BCCC99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18CFB	0_2_00C18CFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04C8D	0_2_00B04C8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B42CF0	0_2_00B42CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02CD7	0_2_00B02CD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDCCD0	0_2_00BDCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B30CDD	0_2_00B30CDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDACCE	0_2_00BDACCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8CD4	0_2_00AE8CD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE2C3C	0_2_00AE2C3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B70C29	0_2_00B70C29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEEC17	0_2_00BEEC17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B54C18	0_2_00B54C18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6AC04	0_2_00B6AC04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B72C05	0_2_00B72C05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4C7E	0_2_00BC4C7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEC69	0_2_00BDEC69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF2C7A	0_2_00AF2C7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2C5D	0_2_00BC2C5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2C52	0_2_00BB2C52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12C41	0_2_00B12C41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4C4F	0_2_00BE4C4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B22C4C	0_2_00B22C4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EDC5	0_2_00C2EDC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AECDBE	0_2_00AECDBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04DD6	0_2_00C04DD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C30DDB	0_2_00C30DDB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEED8F	0_2_00AEED8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84D89	0_2_00B84D89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B18DF1	0_2_00B18DF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8DFE	0_2_00BB8DFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADEDE7	0_2_00ADEDE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8CDF3	0_2_00B8CDF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10D8D	0_2_00C10D8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5CDE5	0_2_00B5CDE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C22DAF	0_2_00C22DAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B16DC1	0_2_00B16DC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12DB7	0_2_00C12DB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94D36	0_2_00B94D36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46D24	0_2_00B46D24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9AD2B	0_2_00B9AD2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFED29	0_2_00BFED29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE6D33	0_2_00AE6D33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B62D16	0_2_00B62D16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B38D17	0_2_00B38D17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0ED65	0_2_00C0ED65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFAD6E	0_2_00BFAD6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8D49	0_2_00AF8D49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B76D50	0_2_00B76D50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06D29	0_2_00C06D29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B78D4F	0_2_00B78D4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92EA9	0_2_00B92EA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3CEA5	0_2_00B3CEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2EE92	0_2_00B2EE92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90E94	0_2_00B90E94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B62E84	0_2_00B62E84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68EF6	0_2_00B68EF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3EEF7	0_2_00B3EEF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52EF0	0_2_00B52EF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CEF5	0_2_00B9CEF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6EF3	0_2_00AF6EF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B38EEC	0_2_00B38EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE6ED6	0_2_00BE6ED6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8ED4	0_2_00BD8ED4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2EC9	0_2_00BF2EC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0E1F	0_2_00BC0E1F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8AE0C	0_2_00B8AE0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48E01	0_2_00B48E01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDCE6B	0_2_00BDCE6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1CE68	0_2_00B1CE68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCAE67	0_2_00BCAE67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64E6A	0_2_00B64E6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86E50	0_2_00B86E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6EE44	0_2_00B6EE44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1AE34	0_2_00C1AE34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B44FB5	0_2_00B44FB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6EFB7	0_2_00B6EFB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA0FA8	0_2_00BA0FA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6FBB	0_2_00AD6FBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBEFA0	0_2_00BBEFA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0F9C	0_2_00BB0F9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24FEA	0_2_00C24FEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2F88	0_2_00BC2F88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCCF88	0_2_00BCCF88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34FF9	0_2_00B34FF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2FEE	0_2_00BE2FEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8FE9	0_2_00BE8FE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B50FD7	0_2_00B50FD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2AFD6	0_2_00B2AFD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0FD2	0_2_00BE0FD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B26FDD	0_2_00B26FDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C20FAD	0_2_00C20FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02F36	0_2_00B02F36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4F34	0_2_00BF4F34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0CF12	0_2_00B0CF12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B00F14	0_2_00B00F14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06F6F	0_2_00C06F6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5EF0C	0_2_00B5EF0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B72F7D	0_2_00B72F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98F6D	0_2_00B98F6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8F70	0_2_00AE8F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0F4B	0_2_00AF0F4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCF5B	0_2_00BFCF5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14F54	0_2_00B14F54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1AF4E	0_2_00B1AF4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B970B9	0_2_00B970B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B250B3	0_2_00B250B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA30B6	0_2_00BA30B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B890A8	0_2_00B890A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C390D5	0_2_00C390D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1109E	0_2_00B1109E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF08C	0_2_00BAF08C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD308A	0_2_00BD308A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB9083	0_2_00BB9083
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF9086	0_2_00BF9086
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE50FC	0_2_00BE50FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9F0FC	0_2_00B9F0FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFB0F3	0_2_00BFB0F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B670FB	0_2_00B670FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B190FE	0_2_00B190FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7F0D4	0_2_00B7F0D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C430AD	0_2_00C430AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA70D5	0_2_00BA70D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB029	0_2_00ADB029
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1F022	0_2_00B1F022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEF00E	0_2_00AEF00E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D004	0_2_00B2D004
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF1008	0_2_00BF1008
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2D000	0_2_00C2D000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE506D	0_2_00AE506D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3D074	0_2_00B3D074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9D059	0_2_00B9D059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B55052	0_2_00B55052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEB05E	0_2_00AEB05E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2F036	0_2_00C2F036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBD046	0_2_00BBD046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0F1CD	0_2_00C0F1CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C111D3	0_2_00C111D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCF1AB	0_2_00BCF1AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B131AE	0_2_00B131AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C311EB	0_2_00C311EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B47199	0_2_00B47199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1F18B	0_2_00B1F18B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2F1F8	0_2_00C2F1F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7D189	0_2_00B7D189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF71FF	0_2_00BF71FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C25182	0_2_00C25182
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9B1FA	0_2_00B9B1FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0F1FD	0_2_00B0F1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B1F5	0_2_00B8B1F5

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00CA5483 appears 35 times

Sample file is different than original file name gathered from version info

Source: file.exe, 00000000.00000002.2298082624.000000000162E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: xibttluw ZLIB complexity 0.9948459998530709

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0777 push 020B4918h; mov dword ptr [esp], edi	0_2_00AD078E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0777 push ebx; mov dword ptr [esp], eax	0_2_00AD3ACC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACEAB1 push ecx; mov dword ptr [esp], eax	0_2_00ACF09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD00A8 push ebx; mov dword ptr [esp], 5B7DA93Dh	0_2_00AD3240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 1BE83FCEh; mov dword ptr [esp], eax	0_2_00C4810F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push ebp; mov dword ptr [esp], esp	0_2_00C4812A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push ebx; mov dword ptr [esp], ebp	0_2_00C48138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 0A97A678h; mov dword ptr [esp], eax	0_2_00C4816F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push edi; mov dword ptr [esp], ebp	0_2_00C481B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 3673D800h; mov dword ptr [esp], eax	0_2_00C481E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 1E41298Eh; mov dword ptr [esp], ebx	0_2_00C48204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 35815A9Ch; mov dword ptr [esp], esp	0_2_00C482BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push edi; mov dword ptr [esp], ebx	0_2_00C4836A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 789FB055h; mov dword ptr [esp], ecx	0_2_00C483C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push edi; mov dword ptr [esp], 7EFA9B9Fh	0_2_00C48499
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push 5C97D2E1h; mov dword ptr [esp], esi	0_2_00C484D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480EF push ebx; mov dword ptr [esp], 6AF67B10h	0_2_00C4855E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095 push eax; mov dword ptr [esp], edx	0_2_00B92382
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095 push ecx; mov dword ptr [esp], 5BAA6DC1h	0_2_00B92392
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095 push 081584D5h; mov dword ptr [esp], ecx	0_2_00B923C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095 push 14122FEBh; mov dword ptr [esp], edx	0_2_00B92513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095 push ecx; mov dword ptr [esp], edi	0_2_00B92615
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92095 push ecx; mov dword ptr [esp], edi	0_2_00B9262B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push esi; mov dword ptr [esp], ebp	0_2_00C3E234
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push 13CED951h; mov dword ptr [esp], ebx	0_2_00C3E292
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push ecx; mov dword ptr [esp], eax	0_2_00C3E2DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push esi; mov dword ptr [esp], ebp	0_2_00C3E316
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push ebp; mov dword ptr [esp], eax	0_2_00C3E409
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push ecx; mov dword ptr [esp], edx	0_2_00C3E442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push 50A0AF9Eh; mov dword ptr [esp], ebx	0_2_00C3E452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E0FE push ebx; mov dword ptr [esp], ecx	0_2_00C3E4BE

Source: file.exe	Static PE information: section name: entropy: 7.79705416381067
Source: file.exe	Static PE information: section name: xibttluw entropy: 7.952446029560402

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: ACD954 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C7A0FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C78A86 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: ACB506 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: ACD886 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D0B6A2 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5580000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 57F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5610000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C513B9 second address: C513BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C513BF second address: C513C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C51518 second address: C5151C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5151C second address: C51520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C51520 second address: C5155E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB6C5460346h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e js 00007FB6C546034Ah 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB6C5460351h 0x0000001f jmp 00007FB6C5460353h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55057 second address: C550EE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB6C54671F5h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007FB6C54671E8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 movsx esi, si 0x0000002c clc 0x0000002d jc 00007FB6C54671ECh 0x00000033 adc esi, 2F997D80h 0x00000039 push 00000000h 0x0000003b mov edi, dword ptr [ebp+122D36EFh] 0x00000041 call 00007FB6C54671E9h 0x00000046 push ebx 0x00000047 pushad 0x00000048 pushad 0x00000049 popad 0x0000004a jmp 00007FB6C54671EBh 0x0000004f popad 0x00000050 pop ebx 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 je 00007FB6C54671FEh 0x0000005a jmp 00007FB6C54671F8h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C550EE second address: C55119 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FB6C5460358h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55119 second address: C55141 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jl 00007FB6C54671F2h 0x0000000f jne 00007FB6C54671ECh 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 jl 00007FB6C54671EEh 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55141 second address: C551C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push 00000000h 0x00000008 push ecx 0x00000009 call 00007FB6C5460348h 0x0000000e pop ecx 0x0000000f mov dword ptr [esp+04h], ecx 0x00000013 add dword ptr [esp+04h], 00000017h 0x0000001b inc ecx 0x0000001c push ecx 0x0000001d ret 0x0000001e pop ecx 0x0000001f ret 0x00000020 push 00000003h 0x00000022 jmp 00007FB6C546034Eh 0x00000027 jmp 00007FB6C5460358h 0x0000002c push 00000000h 0x0000002e jl 00007FB6C546034Bh 0x00000034 mov esi, 69690313h 0x00000039 push 00000003h 0x0000003b call 00007FB6C5460354h 0x00000040 mov dword ptr [ebp+122D3169h], ebx 0x00000046 pop esi 0x00000047 push 7304E4AFh 0x0000004c jc 00007FB6C5460358h 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C551C7 second address: C55204 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 4CFB1B51h 0x00000010 mov ecx, 17DCC818h 0x00000015 lea ebx, dword ptr [ebp+1245AF32h] 0x0000001b mov dword ptr [ebp+122D3303h], edx 0x00000021 xchg eax, ebx 0x00000022 jp 00007FB6C54671F0h 0x00000028 push eax 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55204 second address: C55208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C676B8 second address: C676BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B231 second address: C4B24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C546034Eh 0x00000009 jo 00007FB6C5460346h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B24A second address: C4B265 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB6C54671F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7405E second address: C74065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74065 second address: C7407C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jng 00007FB6C54671FEh 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FB6C54671E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7407C second address: C74080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74355 second address: C7435A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C747A9 second address: C747B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74918 second address: C74928 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007FB6C54671E8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74ED5 second address: C74EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 push esi 0x00000007 pushad 0x00000008 jp 00007FB6C5460346h 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7517C second address: C75180 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75180 second address: C75186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75D0F second address: C75D23 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e ja 00007FB6C54671E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75D23 second address: C75D2D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6C5460346h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75D2D second address: C75D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75D33 second address: C75D38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79FBF second address: C79FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79FC3 second address: C79FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A600 second address: C7A606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A606 second address: C7A61A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FB6C5460346h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A61A second address: C7A61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A61F second address: C7A64C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C546034Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edx 0x0000000e jmp 00007FB6C546034Dh 0x00000013 pop edx 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A64C second address: C7A650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A650 second address: C7A656 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A656 second address: C7A65C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7A65C second address: C7A671 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB6C5460346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B860 second address: C7B866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B866 second address: C7B87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB6C5460346h 0x0000000a popad 0x0000000b jbe 00007FB6C546034Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B87D second address: C7B88D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FB6C54671EAh 0x0000000b rdtsc

Source: file.exe, file.exe, 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

ID:	1532507
Product:	CloudBasic
Start time:	14:48:05
Start date:	13.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	0d02cf0f47e5e00b974005486688bff3
SHA1:	28f40eab6e86751e122a3356629b035395d873ee
SHA256:	7d675e8c4d85715d3fb67443be91e55956ab88549140a2e66675fdc3bfdeabd8
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
file.exe