Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532740
MD5:	fc4912bd840edb6289e5e387ca8fa299
SHA1:	cb67b24cb712a88985ca63ccf18d15cc135908ba
SHA256:	c1df7516de3589e7b784d1c92514eed70b346d5f3bb6097d2b02f21268bdfedb
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00984700 CryptVerifySignatureA,

0_2_00984700

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2106981900.0000000005160000.00000004.00001000.00020000.00000000.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085408D	0_2_0085408D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086809C	0_2_0086809C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6092	0_2_008D6092
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C0A3	0_2_0083C0A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009040BD	0_2_009040BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081A0BB	0_2_0081A0BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F803D	0_2_007F803D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A0CF	0_2_0090A0CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B40EE	0_2_008B40EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015	0_2_007F6015
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E20F5	0_2_008E20F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009080ED	0_2_009080ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4009	0_2_008C4009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BE0EA	0_2_007BE0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C2017	0_2_008C2017
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C041	0_2_0084C041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00836048	0_2_00836048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F20AE	0_2_007F20AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D	0_2_0089005D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C60AB	0_2_007C60AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E06B	0_2_0081E06B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A079	0_2_0083A079
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EA085	0_2_007EA085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E07F	0_2_0084E07F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080E189	0_2_0080E189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6175	0_2_007E6175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828189	0_2_00828189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DC16D	0_2_007DC16D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FA16C	0_2_007FA16C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00852199	0_2_00852199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00888196	0_2_00888196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D2158	0_2_007D2158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008501B4	0_2_008501B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008021C0	0_2_008021C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008841C2	0_2_008841C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B01C1	0_2_008B01C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C1CF	0_2_0081C1CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE1DD	0_2_008DE1DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008601D1	0_2_008601D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082C1E2	0_2_0082C1E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC1E1	0_2_008EC1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B6108	0_2_007B6108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A01FD	0_2_008A01FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E109	0_2_0086E109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848116	0_2_00848116
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087E113	0_2_0087E113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8118	0_2_008F8118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092613D	0_2_0092613D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E613E	0_2_008E613E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C615C	0_2_008C615C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082615C	0_2_0082615C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091014E	0_2_0091014E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A816A	0_2_008A816A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082216E	0_2_0082216E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00886172	0_2_00886172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D8173	0_2_008D8173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088A28A	0_2_0088A28A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A6288	0_2_008A6288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C427A	0_2_007C427A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C827A	0_2_007C827A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E0270	0_2_007E0270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009102B0	0_2_009102B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E42AD	0_2_008E42AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6256	0_2_007D6256
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086A2C4	0_2_0086A2C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008622C5	0_2_008622C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085A2CD	0_2_0085A2CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A2CB	0_2_0082A2CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA2E4	0_2_008EA2E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C82E0	0_2_008C82E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008542EA	0_2_008542EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E2FC	0_2_0081E2FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DE2F4	0_2_007DE2F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082020B	0_2_0082020B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085C20F	0_2_0085C20F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA222	0_2_008FA222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866236	0_2_00866236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00912222	0_2_00912222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089C23F	0_2_0089C23F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E22C7	0_2_007E22C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE2C1	0_2_007EE2C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F42B4	0_2_007F42B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080C24C	0_2_0080C24C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842249	0_2_00842249
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BA258	0_2_008BA258
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083425B	0_2_0083425B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083025F	0_2_0083025F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00852267	0_2_00852267
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C261	0_2_0088C261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE260	0_2_008AE260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA27F	0_2_008CA27F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC272	0_2_008AC272
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081227C	0_2_0081227C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E26F	0_2_0090E26F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C38B	0_2_0084C38B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC398	0_2_008BC398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E0399	0_2_008E0399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009023D0	0_2_009023D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6330	0_2_007F6330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D23DC	0_2_008D23DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F0326	0_2_007F0326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BC31B	0_2_007BC31B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F63E7	0_2_008F63E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B63F0	0_2_008B63F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080A3FE	0_2_0080A3FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088030A	0_2_0088030A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F430C	0_2_008F430C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838319	0_2_00838319
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A2326	0_2_008A2326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E343	0_2_0083E343
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087A35C	0_2_0087A35C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FE39A	0_2_007FE39A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081037D	0_2_0081037D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00892489	0_2_00892489
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824488	0_2_00824488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4486	0_2_008D4486
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0472	0_2_007D0472
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC442	0_2_007EC442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C2441	0_2_007C2441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CC4B1	0_2_008CC4B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC4B1	0_2_008EC4B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009044D6	0_2_009044D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E64D5	0_2_008E64D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089E4F8	0_2_0089E4F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008084FD	0_2_008084FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D44FC	0_2_007D44FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FA4FE	0_2_007FA4FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844400	0_2_00844400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00884405	0_2_00884405
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B64E8	0_2_007B64E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B442B	0_2_008B442B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085E421	0_2_0085E421
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B2433	0_2_008B2433
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00800445	0_2_00800445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E44B9	0_2_007E44B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DA4B5	0_2_007DA4B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F84B0	0_2_007F84B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085445D	0_2_0085445D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A448	0_2_0090A448
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4456	0_2_008A4456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC453	0_2_008FC453
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00830463	0_2_00830463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E463	0_2_0081E463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E475	0_2_0086E475
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00814475	0_2_00814475
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C6483	0_2_007C6483
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082E580	0_2_0082E580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CA57A	0_2_007CA57A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BC573	0_2_007BC573
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00834588	0_2_00834588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874597	0_2_00874597
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00818595	0_2_00818595
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E8566	0_2_007E8566
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008605A0	0_2_008605A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A05B2	0_2_008A05B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A5BB	0_2_0082A5BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009065AF	0_2_009065AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008205C8	0_2_008205C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A65DB	0_2_008A65DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008785E6	0_2_008785E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009105FA	0_2_009105FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FC513	0_2_007FC513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C5F3	0_2_0088C5F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086450C	0_2_0086450C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D65F7	0_2_007D65F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090251B	0_2_0090251B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6502	0_2_008D6502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AA519	0_2_008AA519
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2515	0_2_008E2515
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908533	0_2_00908533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00836525	0_2_00836525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086C52F	0_2_0086C52F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8533	0_2_008F8533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC541	0_2_008DC541
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B655D	0_2_008B655D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876565	0_2_00876565
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088057B	0_2_0088057B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00898572	0_2_00898572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CE581	0_2_007CE581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822685	0_2_00822685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00872689	0_2_00872689
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C6A0	0_2_0083C6A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B06A3	0_2_008B06A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008706AC	0_2_008706AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DA6A1	0_2_008DA6A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008846B7	0_2_008846B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082C6C3	0_2_0082C6C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009246D9	0_2_009246D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C0629	0_2_007C0629
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F861D	0_2_007F861D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008506EC	0_2_008506EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008046F1	0_2_008046F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E46F6	0_2_008E46F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A6EA	0_2_0090A6EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828606	0_2_00828606
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BA603	0_2_008BA603
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D26EE	0_2_007D26EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00858625	0_2_00858625
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DE6DF	0_2_007DE6DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA62C	0_2_008FA62C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC6D4	0_2_007EC6D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E26CE	0_2_007E26CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842635	0_2_00842635
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B863F	0_2_008B863F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F464E	0_2_008F464E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088864A	0_2_0088864A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090C656	0_2_0090C656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00830650	0_2_00830650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E648	0_2_0090E648
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA653	0_2_008CA653
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085C672	0_2_0085C672
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BA685	0_2_007BA685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D0673	0_2_008D0673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C785	0_2_0084C785
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FE772	0_2_007FE772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC799	0_2_008AC799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086479D	0_2_0086479D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F87AF	0_2_008F87AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008127A0	0_2_008127A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F274B	0_2_007F274B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008927CD	0_2_008927CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E7C2	0_2_0086E7C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C07CA	0_2_008C07CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A27DB	0_2_008A27DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC7D4	0_2_008FC7D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A071D	0_2_008A071D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2713	0_2_008F2713
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089072B	0_2_0089072B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE7D9	0_2_007EE7D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CC7CB	0_2_007CC7CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE736	0_2_008AE736
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4733	0_2_008C4733
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896749	0_2_00896749
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BA7B2	0_2_007BA7B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE75E	0_2_008DE75E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844750	0_2_00844750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BC7AD	0_2_007BC7AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00894750	0_2_00894750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00856765	0_2_00856765
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA768	0_2_008EA768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C8797	0_2_007C8797
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085A768	0_2_0085A768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C2785	0_2_007C2785
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4882	0_2_008A4882
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B2881	0_2_008B2881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084688A	0_2_0084688A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00826894	0_2_00826894
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087C8AE	0_2_0087C8AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009048BB	0_2_009048BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC8A1	0_2_008DC8A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B6856	0_2_007B6856
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081A8B4	0_2_0081A8B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008088BA	0_2_008088BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A68CB	0_2_008A68CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008388C9	0_2_008388C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D4833	0_2_007D4833
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D88C2	0_2_008D88C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D082C	0_2_007D082C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A88D2	0_2_008A88D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E88E5	0_2_008E88E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082E8F7	0_2_0082E8F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EE80F	0_2_008EE80F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E88F6	0_2_007E88F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FA8F7	0_2_007FA8F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080E80C	0_2_0080E80C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090083E	0_2_0090083E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087283D	0_2_0087283D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E850	0_2_0083E850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088285D	0_2_0088285D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F289E	0_2_007F289E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089886B	0_2_0089886B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C689F	0_2_007C689F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E868	0_2_0084E868
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E86A	0_2_0084E86A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC88C	0_2_007EC88C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083698B	0_2_0083698B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084A988	0_2_0084A988
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8969	0_2_007B8969
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE96C	0_2_007EE96C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009089BE	0_2_009089BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FC947	0_2_007FC947
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008789B9	0_2_008789B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E9C3	0_2_0081E9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CA92F	0_2_007CA92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008589D6	0_2_008589D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B69DE	0_2_008B69DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC9D7	0_2_008BC9D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008609D9	0_2_008609D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008649D9	0_2_008649D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008429E7	0_2_008429E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CC9E8	0_2_008CC9E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008269EA	0_2_008269EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008629EE	0_2_008629EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B69E1	0_2_007B69E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C91F	0_2_0083C91F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0A93D	0_2_00A0A93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085291B	0_2_0085291B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C29DB	0_2_007C29DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00802927	0_2_00802927
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E09C0	0_2_007E09C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080C943	0_2_0080C943
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A94B	0_2_0082A94B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083094E	0_2_0083094E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089295B	0_2_0089295B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F49A4	0_2_007F49A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA96D	0_2_008CA96D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089A96D	0_2_0089A96D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876962	0_2_00876962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00832971	0_2_00832971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088097E	0_2_0088097E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E2A64	0_2_007E2A64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DEA60	0_2_007DEA60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00814AC6	0_2_00814AC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090EAC0	0_2_0090EAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00806AE0	0_2_00806AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6A0B	0_2_007D6A0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844AF2	0_2_00844AF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DAA05	0_2_007DAA05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00816A0C	0_2_00816A0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00846A0B	0_2_00846A0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866A17	0_2_00866A17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00888A1C	0_2_00888A1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854A12	0_2_00854A12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00804A1C	0_2_00804A1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B0A17	0_2_008B0A17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824A24	0_2_00824A24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BAA38	0_2_008BAA38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6A9E	0_2_007F6A9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00820A6F	0_2_00820A6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822A71	0_2_00822A71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BEA7E	0_2_008BEA7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B8B8A	0_2_008B8B8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D2B6F	0_2_007D2B6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00802B9D	0_2_00802B9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FCBA3	0_2_008FCBA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8BCB	0_2_008F8BCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085ABE0	0_2_0085ABE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00884BE4	0_2_00884BE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEB01	0_2_008FEB01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086CB16	0_2_0086CB16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D4BE9	0_2_007D4BE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2B1B	0_2_008E2B1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EABD7	0_2_007EABD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C6BD3	0_2_007C6BD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090AB3F	0_2_0090AB3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCBC7	0_2_007CCBC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00870B46	0_2_00870B46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838B4F	0_2_00838B4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4B5E	0_2_008D4B5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DAB5E	0_2_008DAB5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F8B9E	0_2_007F8B9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084EB68	0_2_0084EB68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088AB7D	0_2_0088AB7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904B68	0_2_00904B68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BEB80	0_2_007BEB80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D8B86	0_2_007D8B86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091AB6D	0_2_0091AB6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00882C98	0_2_00882C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00894C9D	0_2_00894C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CAC65	0_2_007CAC65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4CAE	0_2_008D4CAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F0C4C	0_2_007F0C4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824CB6	0_2_00824CB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00922CA7	0_2_00922CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087ACBE	0_2_0087ACBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00900CD0	0_2_00900CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848CCD	0_2_00848CCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C8C31	0_2_007C8C31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E4C2F	0_2_007E4C2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088CCD9	0_2_0088CCD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00832CDC	0_2_00832CDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F6CD0	0_2_008F6CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8C1B	0_2_007B8C1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00918CF3	0_2_00918CF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00830CE0	0_2_00830CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081ACF6	0_2_0081ACF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822C00	0_2_00822C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083EC07	0_2_0083EC07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00816C10	0_2_00816C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896C12	0_2_00896C12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C6C3C	0_2_008C6C3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00812C40	0_2_00812C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CCC48	0_2_008CCC48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080AC4F	0_2_0080AC4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840C52	0_2_00840C52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084CC52	0_2_0084CC52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086AC51	0_2_0086AC51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B4C54	0_2_008B4C54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A8C61	0_2_008A8C61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E4C75	0_2_008E4C75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089CC77	0_2_0089CC77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00906D9D	0_2_00906D9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FAD69	0_2_007FAD69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089ADA2	0_2_0089ADA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908DBD	0_2_00908DBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00892DA7	0_2_00892DA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A2DA4	0_2_008A2DA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00852DBC	0_2_00852DBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BCDC1	0_2_008BCDC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BEDC0	0_2_008BEDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896DF8	0_2_00896DF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00886DFC	0_2_00886DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080CDF7	0_2_0080CDF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DEDF0	0_2_008DEDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874D03	0_2_00874D03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6DE2	0_2_007D6DE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F4DDB	0_2_007F4DDB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BCDDD	0_2_007BCDDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0DA9	0_2_007D0DA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828D54	0_2_00828D54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CAD51	0_2_008CAD51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088ED6F	0_2_0088ED6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00868D6C	0_2_00868D6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E8D91	0_2_007E8D91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00878D73	0_2_00878D73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4D75	0_2_008F4D75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00858E8B	0_2_00858E8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866E94	0_2_00866E94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090CE89	0_2_0090CE89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEE95	0_2_008FEE95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848EAB	0_2_00848EAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081EEB6	0_2_0081EEB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CAEC9	0_2_008CAEC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00806ECB	0_2_00806ECB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DAEC3	0_2_008DAEC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00800EFC	0_2_00800EFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C0EF9	0_2_007C0EF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6E02	0_2_008D6E02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AAE18	0_2_008AAE18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854E18	0_2_00854E18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838E25	0_2_00838E25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4E27	0_2_008A4E27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082AE32	0_2_0082AE32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E8E3E	0_2_008E8E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085EE46	0_2_0085EE46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2E5F	0_2_008F2E5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B6E99	0_2_007B6E99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CEE6F	0_2_008CEE6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086EE60	0_2_0086EE60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E4F75	0_2_007E4F75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00860F89	0_2_00860F89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840F93	0_2_00840F93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904F8B	0_2_00904F8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084EFA2	0_2_0084EFA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908FAE	0_2_00908FAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080AFCF	0_2_0080AFCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082CFD3	0_2_0082CFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A8FDD	0_2_008A8FDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FCFD2	0_2_008FCFD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D4F19	0_2_007D4F19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C2F0D	0_2_007C2F0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEFF2	0_2_008FEFF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2FF1	0_2_008E2FF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00856F01	0_2_00856F01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842F0B	0_2_00842F0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BAFEA	0_2_007BAFEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EEF1D	0_2_008EEF1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876F10	0_2_00876F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089CF11	0_2_0089CF11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4F15	0_2_008C4F15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C4FDC	0_2_007C4FDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00864F27	0_2_00864F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8FD6	0_2_007B8FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00814F31	0_2_00814F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BCF37	0_2_008BCF37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCFAD	0_2_007CCFAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C0F5A	0_2_008C0F5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FAF51	0_2_008FAF51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C9074	0_2_007C9074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00819096	0_2_00819096
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BD053	0_2_007BD053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E70B8	0_2_008E70B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F90B1	0_2_008F90B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008130C3	0_2_008130C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008830CB	0_2_008830CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EB01E	0_2_007EB01E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E500D	0_2_008E500D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085B011	0_2_0085B011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D904D	0_2_008D904D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E50BB	0_2_007E50BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B9043	0_2_008B9043
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D3045	0_2_008D3045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083F054	0_2_0083F054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F7057	0_2_008F7057
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00893050	0_2_00893050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EB050	0_2_008EB050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A106B	0_2_008A106B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E309D	0_2_007E309D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007ED09A	0_2_007ED09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A706D	0_2_008A706D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DF172	0_2_007DF172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C319C	0_2_008C319C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F916D	0_2_007F916D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A3194	0_2_008A3194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089F1AC	0_2_0089F1AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EB14E	0_2_007EB14E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008711B7	0_2_008711B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008251B4	0_2_008251B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008451C3	0_2_008451C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BF1C3	0_2_008BF1C3

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 0097F6F5 appears 35 times

Sample file is different than original file name gathered from version info

Source: file.exe, 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2240350811.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: ontajrjf ZLIB complexity 0.9950039586438152

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC06C push 749B1D27h; mov dword ptr [esp], ecx	0_2_007AC0A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC06C push 7B7796A1h; mov dword ptr [esp], ebx	0_2_007AC79F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A0D1 push edx; mov dword ptr [esp], 193C9507h	0_2_0092A0D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC03C push edi; mov dword ptr [esp], eax	0_2_007AC4A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC020 push eax; mov dword ptr [esp], 2DD116B9h	0_2_007AC129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC020 push ecx; mov dword ptr [esp], edx	0_2_007AC609
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A0FA push 638B3692h; mov dword ptr [esp], edx	0_2_0092A110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push edx; mov dword ptr [esp], ebx	0_2_007F631C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push edi; mov dword ptr [esp], esi	0_2_007F6352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push 4DE65703h; mov dword ptr [esp], ebp	0_2_007F63A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push eax; mov dword ptr [esp], ebx	0_2_007F6476
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push ebp; mov dword ptr [esp], edi	0_2_007F649C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push ecx; mov dword ptr [esp], 628F8170h	0_2_007F64A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push eax; mov dword ptr [esp], edi	0_2_007F64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B200D push ecx; mov dword ptr [esp], esi	0_2_007B327F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954019 push edi; mov dword ptr [esp], ebp	0_2_00954030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954019 push ebp; mov dword ptr [esp], esp	0_2_00954034
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2010 push ecx; mov dword ptr [esp], edx	0_2_009E231A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 54BE78F5h; mov dword ptr [esp], eax	0_2_008903DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ebx; mov dword ptr [esp], edx	0_2_0089041D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 7967E4EFh; mov dword ptr [esp], ecx	0_2_008904F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push esi; mov dword ptr [esp], 534CCED9h	0_2_008904FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push eax; mov dword ptr [esp], ebp	0_2_0089052B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push eax; mov dword ptr [esp], edx	0_2_00890570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 7F1AD491h; mov dword ptr [esp], eax	0_2_008905B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 33607BB1h; mov dword ptr [esp], ecx	0_2_008905FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ebx; mov dword ptr [esp], edx	0_2_00890636
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ebp; mov dword ptr [esp], edi	0_2_0089068B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ecx; mov dword ptr [esp], edi	0_2_008906A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E045 push ebp; mov dword ptr [esp], eax	0_2_0099E052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E045 push eax; mov dword ptr [esp], 69739E80h	0_2_0099E05C

Source: file.exe	Static PE information: section name: entropy: 7.790554993050825
Source: file.exe	Static PE information: section name: ontajrjf entropy: 7.953007139478122

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7AD86A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7AD947 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9586CE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9E2EAD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7B48DE instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 53A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5590000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 7590000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AE0A2 second address: 7AE0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA4392209E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AE0AD second address: 7AD8C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B23Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnl 00007FA438C9B23Ch 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 nop 0x00000017 stc 0x00000018 clc 0x00000019 push dword ptr [ebp+122D01E9h] 0x0000001f sub dword ptr [ebp+122D192Eh], edx 0x00000025 add dword ptr [ebp+122D192Eh], edx 0x0000002b call dword ptr [ebp+122D2A1Ah] 0x00000031 pushad 0x00000032 sub dword ptr [ebp+122D1965h], edi 0x00000038 je 00007FA438C9B242h 0x0000003e jno 00007FA438C9B23Ch 0x00000044 xor eax, eax 0x00000046 mov dword ptr [ebp+122D1965h], edx 0x0000004c stc 0x0000004d mov edx, dword ptr [esp+28h] 0x00000051 xor dword ptr [ebp+122D1965h], edx 0x00000057 mov dword ptr [ebp+122D352Bh], eax 0x0000005d mov dword ptr [ebp+122D1965h], edi 0x00000063 mov esi, 0000003Ch 0x00000068 jmp 00007FA438C9B249h 0x0000006d or dword ptr [ebp+122D2A57h], esi 0x00000073 add esi, dword ptr [esp+24h] 0x00000077 mov dword ptr [ebp+122D1965h], edi 0x0000007d lodsw 0x0000007f stc 0x00000080 add eax, dword ptr [esp+24h] 0x00000084 sub dword ptr [ebp+122D1B33h], ecx 0x0000008a sub dword ptr [ebp+122D1910h], esi 0x00000090 mov ebx, dword ptr [esp+24h] 0x00000094 sub dword ptr [ebp+122D2A57h], edx 0x0000009a nop 0x0000009b pushad 0x0000009c push eax 0x0000009d push edx 0x0000009e pushad 0x0000009f popad 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD8C1 second address: 7AD8CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD8CB second address: 7AD8F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FA438C9B24Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D774 second address: 92D778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D778 second address: 92D78D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D78D second address: 92D79F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FA4392209E6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D79F second address: 92D7B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FA438C9B241h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D7B6 second address: 92D7BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D7BC second address: 92D7C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 920CA4 second address: 920CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA4392209EEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 920CB7 second address: 920CDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FA438C9B236h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jno 00007FA438C9B242h 0x00000017 pushad 0x00000018 push eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CA8C second address: 92CAA0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4392209EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CAA0 second address: 92CAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B245h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CC23 second address: 92CC27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CC27 second address: 92CC58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B245h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jne 00007FA438C9B236h 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA438C9B23Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D084 second address: 92D088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D088 second address: 92D098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a ja 00007FA438C9B236h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92FE54 second address: 92FEC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA4392209F8h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FA4392209E8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a mov esi, dword ptr [ebp+122D3593h] 0x00000030 push 00000000h 0x00000032 jnc 00007FA4392209E8h 0x00000038 push 007E7773h 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA4392209F0h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93006A second address: 93009C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007FA438C9B236h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push edi 0x00000012 jl 00007FA438C9B236h 0x00000018 pop edi 0x00000019 pop edx 0x0000001a mov eax, dword ptr [eax] 0x0000001c jmp 00007FA438C9B23Ch 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pop eax 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93009C second address: 93015B instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4392209F8h 0x00000008 jmp 00007FA4392209F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FA4392209E8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a xor dword ptr [ebp+122D1A2Fh], esi 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push edx 0x00000035 call 00007FA4392209E8h 0x0000003a pop edx 0x0000003b mov dword ptr [esp+04h], edx 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc edx 0x00000048 push edx 0x00000049 ret 0x0000004a pop edx 0x0000004b ret 0x0000004c push 00000000h 0x0000004e push 00000003h 0x00000050 call 00007FA4392209E9h 0x00000055 jnl 00007FA4392209F2h 0x0000005b push eax 0x0000005c jl 00007FA4392209F4h 0x00000062 jmp 00007FA4392209EEh 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b jmp 00007FA4392209EEh 0x00000070 mov eax, dword ptr [eax] 0x00000072 jmp 00007FA4392209EEh 0x00000077 mov dword ptr [esp+04h], eax 0x0000007b push eax 0x0000007c push edx 0x0000007d push eax 0x0000007e push edx 0x0000007f push edi 0x00000080 pop edi 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93015B second address: 930165 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9301F4 second address: 93025B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FA4392209F4h 0x00000011 mov ecx, 275D9DAAh 0x00000016 push 00000000h 0x00000018 jmp 00007FA4392209EDh 0x0000001d pushad 0x0000001e jne 00007FA4392209E6h 0x00000024 mov ax, bx 0x00000027 popad 0x00000028 push 7B973D73h 0x0000002d push esi 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FA4392209EEh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93025B second address: 9302B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 xor dword ptr [esp], 7B973DF3h 0x0000000e pushad 0x0000000f mov dword ptr [ebp+12455CEBh], eax 0x00000015 mov dword ptr [ebp+122D17E8h], ebx 0x0000001b popad 0x0000001c push 00000003h 0x0000001e mov dword ptr [ebp+122D1A2Fh], ebx 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FA438C9B238h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 00000017h 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 or dword ptr [ebp+122D186Fh], esi 0x00000046 clc 0x00000047 push 00000003h 0x00000049 mov cx, 70B7h 0x0000004d push 77D5FE2Dh 0x00000052 push ecx 0x00000053 pushad 0x00000054 pushad 0x00000055 popad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9302B8 second address: 93031B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 add dword ptr [esp], 482A01D3h 0x0000000d sub dword ptr [ebp+122D186Fh], ebx 0x00000013 jno 00007FA4392209F7h 0x00000019 lea ebx, dword ptr [ebp+12455D3Fh] 0x0000001f sub dword ptr [ebp+122D2BD9h], eax 0x00000025 mov esi, dword ptr [ebp+122D36F3h] 0x0000002b xchg eax, ebx 0x0000002c push esi 0x0000002d jmp 00007FA4392209F0h 0x00000032 pop esi 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FA4392209F1h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 925C83 second address: 925C9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B244h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D88C second address: 94D890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D890 second address: 94D8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B246h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA438C9B23Dh 0x00000010 jmp 00007FA438C9B245h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D8CE second address: 94D8E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA4392209EDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D8E1 second address: 94D8E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DC9E second address: 94DCB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4392209F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DCB5 second address: 94DCBF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA438C9B236h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E11E second address: 94E143 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F8h 0x00000007 pushad 0x00000008 jbe 00007FA4392209E6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E2CD second address: 94E2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E2D7 second address: 94E2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jne 00007FA4392209E6h 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E2E4 second address: 94E2E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E489 second address: 94E493 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E493 second address: 94E4A1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007FA438C9B236h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E4A1 second address: 94E4A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E5CA second address: 94E5E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FA438C9B236h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FA438C9B238h 0x00000015 rdtsc

Source: file.exe, file.exe, 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

ID:	1532740
Product:	CloudBasic
Start time:	21:03:05
Start date:	13.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	fc4912bd840edb6289e5e387ca8fa299
SHA1:	cb67b24cb712a88985ca63ccf18d15cc135908ba
SHA256:	c1df7516de3589e7b784d1c92514eed70b346d5f3bb6097d2b02f21268bdfedb
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
file.exe