Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538053
MD5:	87988911910daf2d730b3ca1d029c15b
SHA1:	796d1f151f6551c8df179d9dc0b36ff72dbc71d8
SHA256:	579817d9822bf05bd0f22d92d924229e99bad4ddfe68a484b4db8cb62f91ea2b
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AA4B9F CryptVerifySignatureA,

0_2_00AA4B9F

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1810276265.00000000008C2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1677306944.0000000005340000.00000004.00001000.00020000.00000000.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B6090	0_2_009B6090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009560B2	0_2_009560B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C40B4	0_2_009C40B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009280A0	0_2_009280A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C00A9	0_2_009C00A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096C0A1	0_2_0096C0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02098	0_2_00A02098
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1609B	0_2_00A1609B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009940DB	0_2_009940DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009500CC	0_2_009500CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095A0E0	0_2_0095A0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D800B	0_2_008D800B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954009	0_2_00954009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093603D	0_2_0093603D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092202E	0_2_0092202E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F604F	0_2_008F604F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093E05F	0_2_0093E05F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00960042	0_2_00960042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096A042	0_2_0096A042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00926045	0_2_00926045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A00079	0_2_00A00079
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC053	0_2_008EC053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E406A	0_2_008E406A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044	0_2_00A32044
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C6072	0_2_009C6072
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CE073	0_2_009CE073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098C064	0_2_0098C064
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009681B8	0_2_009681B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B41AE	0_2_009B41AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FA1A5	0_2_009FA1A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BE1DC	0_2_009BE1DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A221F7	0_2_00A221F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009441F0	0_2_009441F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090C10A	0_2_0090C10A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094210A	0_2_0094210A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099013A	0_2_0099013A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00934120	0_2_00934120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AC153	0_2_009AC153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098A156	0_2_0098A156
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6158	0_2_008D6158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095C14F	0_2_0095C14F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AE171	0_2_009AE171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F0178	0_2_008F0178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC28E	0_2_008FC28E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A262B2	0_2_00A262B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099628C	0_2_0099628C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904286	0_2_00904286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A002B7	0_2_00A002B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009142A8	0_2_009142A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009402DA	0_2_009402DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009762C4	0_2_009762C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009322C5	0_2_009322C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A2FB	0_2_00A1A2FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AA2FF	0_2_009AA2FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A082CE	0_2_00A082CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0A2CE	0_2_00A0A2CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A42E9	0_2_009A42E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A102D9	0_2_00A102D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A021C	0_2_009A021C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00952218	0_2_00952218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098E215	0_2_0098E215
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DE20A	0_2_009DE20A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F6206	0_2_009F6206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093C20C	0_2_0093C20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00916236	0_2_00916236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18211	0_2_00A18211
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00988229	0_2_00988229
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F222C	0_2_009F222C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096622E	0_2_0096622E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998221	0_2_00998221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E024C	0_2_008E024C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1C267	0_2_00A1C267
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097225E	0_2_0097225E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093425C	0_2_0093425C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BC248	0_2_009BC248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098424F	0_2_0098424F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D0241	0_2_009D0241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2243	0_2_009E2243
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2251	0_2_008F2251
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00910271	0_2_00910271
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A827D	0_2_009A827D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1E24F	0_2_00A1E24F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097C266	0_2_0097C266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00980265	0_2_00980265
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C838A	0_2_009C838A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00982385	0_2_00982385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A03B9	0_2_009A03B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EA3BB	0_2_009EA3BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D83DA	0_2_009D83DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A243E5	0_2_00A243E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A3DB	0_2_0092A3DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E43CC	0_2_009E43CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009583C0	0_2_009583C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093E3CD	0_2_0093E3CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D03FD	0_2_009D03FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC3E5	0_2_008EC3E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095E3E2	0_2_0095E3E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A311	0_2_0090A311
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A12337	0_2_00A12337
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090830D	0_2_0090830D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A06311	0_2_00A06311
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00992321	0_2_00992321
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B435B	0_2_009B435B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091C341	0_2_0091C341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00960371	0_2_00960371
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097437A	0_2_0097437A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096E378	0_2_0096E378
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00956367	0_2_00956367
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2379	0_2_008E2379
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4362	0_2_009F4362
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00900497	0_2_00900497
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A044B7	0_2_00A044B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094C48F	0_2_0094C48F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A30488	0_2_00A30488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009904B6	0_2_009904B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009944DA	0_2_009944DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA4D4	0_2_008EA4D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009684FE	0_2_009684FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A004CB	0_2_00A004CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009384E6	0_2_009384E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EE4EB	0_2_009EE4EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009984EF	0_2_009984EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097A41D	0_2_0097A41D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0242B	0_2_00A0242B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A6415	0_2_009A6415
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E643E	0_2_009E643E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00992438	0_2_00992438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096C43B	0_2_0096C43B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F8423	0_2_009F8423
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E447	0_2_0090E447
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094244C	0_2_0094244C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095A44A	0_2_0095A44A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00936470	0_2_00936470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092E46A	0_2_0092E46A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A2466	0_2_009A2466
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C459B	0_2_009C459B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092259B	0_2_0092259B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00948598	0_2_00948598
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A145AD	0_2_00A145AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009725B3	0_2_009725B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098C5B1	0_2_0098C5B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009805DF	0_2_009805DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009965D4	0_2_009965D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A185F1	0_2_00A185F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009125C3	0_2_009125C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C05C2	0_2_009C05C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009465F5	0_2_009465F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009085F5	0_2_009085F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096E5FA	0_2_0096E5FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098A51E	0_2_0098A51E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0652F	0_2_00A0652F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC519	0_2_008FC519
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094450B	0_2_0094450B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00964525	0_2_00964525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E052D	0_2_009E052D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00930525	0_2_00930525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00966555	0_2_00966555
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F257D	0_2_009F257D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090657F	0_2_0090657F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096A567	0_2_0096A567
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AC56C	0_2_009AC56C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091669D	0_2_0091669D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009766A0	0_2_009766A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099A6A1	0_2_0099A6A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009046A9	0_2_009046A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E86CB	0_2_008E86CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A086E6	0_2_00A086E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A126ED	0_2_00A126ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009346F4	0_2_009346F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CA6F4	0_2_009CA6F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A226CC	0_2_00A226CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00902614	0_2_00902614
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EC619	0_2_009EC619
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097060B	0_2_0097060B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BE63A	0_2_009BE63A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D263F	0_2_009D263F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091463D	0_2_0091463D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FE633	0_2_009FE633
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FE620	0_2_008FE620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AA62D	0_2_009AA62D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00926656	0_2_00926656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098465D	0_2_0098465D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D0658	0_2_009D0658
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BA650	0_2_009BA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097C671	0_2_0097C671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EE67E	0_2_008EE67E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F267A	0_2_008F267A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097A662	0_2_0097A662
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2668	0_2_009E2668
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091066C	0_2_0091066C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CC791	0_2_009CC791
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E4781	0_2_009E4781
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DC7BD	0_2_009DC7BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EA7B0	0_2_009EA7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3A79B	0_2_00A3A79B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FA7A7	0_2_009FA7A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC7DF	0_2_008DC7DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092C7F1	0_2_0092C7F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0C7C8	0_2_00A0C7C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009787EA	0_2_009787EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B471A	0_2_009B471A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC70B	0_2_008EC70B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00982701	0_2_00982701
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AE703	0_2_009AE703
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00962736	0_2_00962736
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E738	0_2_0099E738
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00952724	0_2_00952724
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00920725	0_2_00920725
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A26766	0_2_00A26766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A0751	0_2_009A0751
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FE75B	0_2_008FE75B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A10759	0_2_00A10759
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A8761	0_2_009A8761
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095A769	0_2_0095A769
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC89A	0_2_008EC89A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094A881	0_2_0094A881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092488E	0_2_0092488E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093888F	0_2_0093888F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B2886	0_2_009B2886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F08AF	0_2_009F08AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093E8C7	0_2_0093E8C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009708CE	0_2_009708CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009968F5	0_2_009968F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009728E4	0_2_009728E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094C8EC	0_2_0094C8EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E0811	0_2_009E0811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A835	0_2_0092A835
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A4830	0_2_009A4830
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D8822	0_2_008D8822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E483B	0_2_008E483B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091C852	0_2_0091C852
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097A854	0_2_0097A854
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA85F	0_2_008EA85F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908845	0_2_00908845
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E6849	0_2_009E6849
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095884D	0_2_0095884D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F2877	0_2_009F2877
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C6877	0_2_009C6877
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2485E	0_2_00A2485E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00912994	0_2_00912994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00992983	0_2_00992983
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090C98C	0_2_0090C98C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998987	0_2_00998987
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098C9B4	0_2_0098C9B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14993	0_2_00A14993
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095A9D2	0_2_0095A9D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009669DA	0_2_009669DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097C9DB	0_2_0097C9DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1E9FB	0_2_00A1E9FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009949C2	0_2_009949C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E09D1	0_2_008E09D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D09FD	0_2_009D09FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F69F7	0_2_009F69F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091A9EB	0_2_0091A9EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954913	0_2_00954913
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8905	0_2_009D8905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2917	0_2_008E2917
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D6906	0_2_009D6906
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE92F	0_2_008DE92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0E902	0_2_00A0E902
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CA931	0_2_009CA931
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00930940	0_2_00930940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095C949	0_2_0095C949
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E4942	0_2_009E4942
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0C940	0_2_00A0C940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090097F	0_2_0090097F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EEA83	0_2_009EEA83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908AAC	0_2_00908AAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A6AA4	0_2_009A6AA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00988ADB	0_2_00988ADB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00986AD2	0_2_00986AD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BEAC5	0_2_009BEAC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1AAC7	0_2_00A1AAC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099CAFE	0_2_0099CAFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00980AF0	0_2_00980AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B0AEC	0_2_009B0AEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C2AE0	0_2_009C2AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928A10	0_2_00928A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00914A1D	0_2_00914A1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00990A06	0_2_00990A06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091EA39	0_2_0091EA39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BCA34	0_2_009BCA34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18A12	0_2_00A18A12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ECA23	0_2_009ECA23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CEA5F	0_2_009CEA5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00922A5D	0_2_00922A5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EEA5C	0_2_008EEA5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00982A4F	0_2_00982A4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BAA45	0_2_009BAA45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FEA75	0_2_009FEA75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DAA6B	0_2_009DAA6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090AB91	0_2_0090AB91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1CBA0	0_2_00A1CBA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4B87	0_2_009F4B87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BABBE	0_2_009BABBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092CBA0	0_2_0092CBA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094EBA6	0_2_0094EBA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FCBA8	0_2_009FCBA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00952BAF	0_2_00952BAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B6BA0	0_2_009B6BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A22B9E	0_2_00A22B9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096ABD6	0_2_0096ABD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F8BDC	0_2_009F8BDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B8BDC	0_2_009B8BDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AEBD7	0_2_009AEBD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00984BD7	0_2_00984BD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FABC8	0_2_009FABC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A20BF8	0_2_00A20BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904BF0	0_2_00904BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A4BEB	0_2_009A4BEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00974BE9	0_2_00974BE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ACB19	0_2_009ACB19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093AB09	0_2_0093AB09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094AB37	0_2_0094AB37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2B3D	0_2_009E2B3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A26B0B	0_2_00A26B0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00978B3A	0_2_00978B3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00902B22	0_2_00902B22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00956B26	0_2_00956B26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093CB27	0_2_0093CB27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00984B22	0_2_00984B22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A06B60	0_2_00A06B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEB48	0_2_008FEB48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C8B57	0_2_009C8B57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2B5C	0_2_008F2B5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00948B47	0_2_00948B47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B4B45	0_2_009B4B45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A12B4F	0_2_00A12B4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E8B7A	0_2_008E8B7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00934B64	0_2_00934B64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00944B6E	0_2_00944B6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A38B5F	0_2_00A38B5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C0C96	0_2_009C0C96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097AC84	0_2_0097AC84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8C98	0_2_008F8C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00924C88	0_2_00924C88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093EC8D	0_2_0093EC8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ECCA9	0_2_008ECCA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EACA7	0_2_008EACA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00992CB3	0_2_00992CB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A0CD8	0_2_009A0CD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18CE7	0_2_00A18CE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F0CD8	0_2_009F0CD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00976CDF	0_2_00976CDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2CD6	0_2_008F2CD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DECD2	0_2_008DECD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091ECF5	0_2_0091ECF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00912CF6	0_2_00912CF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F2CF1	0_2_009F2CF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D8CFC	0_2_008D8CFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CACEA	0_2_009CACEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E0CE2	0_2_009E0CE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00946CEB	0_2_00946CEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00996C05	0_2_00996C05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0EC3F	0_2_00A0EC3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CCC3C	0_2_009CCC3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A04C0D	0_2_00A04C0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099EC36	0_2_0099EC36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092AC53	0_2_0092AC53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095EC4D	0_2_0095EC4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02C7C	0_2_00A02C7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00964C63	0_2_00964C63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FCC79	0_2_008FCC79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00960D95	0_2_00960D95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F6D90	0_2_009F6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094CDBB	0_2_0094CDBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02D9F	0_2_00A02D9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F0DEC	0_2_008F0DEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00996DF3	0_2_00996DF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00978D1D	0_2_00978D1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6D00	0_2_008D6D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092ED1D	0_2_0092ED1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E4D3C	0_2_009E4D3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00950D36	0_2_00950D36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1ED09	0_2_00A1ED09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998D35	0_2_00998D35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2CD0F	0_2_00A2CD0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00996D37	0_2_00996D37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FED2E	0_2_009FED2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A8D29	0_2_009A8D29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EED33	0_2_008EED33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42D1A	0_2_00A42D1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B2D51	0_2_009B2D51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A24D6C	0_2_00A24D6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095AD41	0_2_0095AD41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00914D47	0_2_00914D47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098AD4E	0_2_0098AD4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EAD7A	0_2_009EAD7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096ED64	0_2_0096ED64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0CD52	0_2_00A0CD52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4E9B	0_2_009F4E9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00980E97	0_2_00980E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00962E8E	0_2_00962E8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2EBF	0_2_009E2EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A08E95	0_2_00A08E95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ECEA8	0_2_009ECEA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4EB8	0_2_008F4EB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099AEA5	0_2_0099AEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097EEDF	0_2_0097EEDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954EC2	0_2_00954EC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098CEF9	0_2_0098CEF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1AEC3	0_2_00A1AEC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095EEF1	0_2_0095EEF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EEEF0	0_2_009EEEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B0EE8	0_2_009B0EE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093EE16	0_2_0093EE16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00986E1F	0_2_00986E1F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ACE11	0_2_009ACE11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FAE1C	0_2_008FAE1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D2E09	0_2_009D2E09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BCE02	0_2_009BCE02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00916E0B	0_2_00916E0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00928E0E	0_2_00928E0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00970E32	0_2_00970E32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00932E34	0_2_00932E34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00922E38	0_2_00922E38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097CE27	0_2_0097CE27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00900E57	0_2_00900E57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A26E6D	0_2_00A26E6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A22E54	0_2_00A22E54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097CF96	0_2_0097CF96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A12FA9	0_2_00A12FA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A8F95	0_2_009A8F95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D2F8F	0_2_009D2F8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00920F86	0_2_00920F86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A00FBE	0_2_00A00FBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00968FB4	0_2_00968FB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B4FA5	0_2_009B4FA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096AFD3	0_2_0096AFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00956FC4	0_2_00956FC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092CFC4	0_2_0092CFC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00910FF5	0_2_00910FF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096CFF2	0_2_0096CFF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092AFE2	0_2_0092AFE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098EFEB	0_2_0098EFEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EAFFB	0_2_008EAFFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0095CF16	0_2_0095CF16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DCF15	0_2_009DCF15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F6F0F	0_2_009F6F0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AAF03	0_2_009AAF03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998F02	0_2_00998F02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00924F37	0_2_00924F37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F6F20	0_2_008F6F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1CF12	0_2_00A1CF12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FAF2A	0_2_009FAF2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D4F25	0_2_009D4F25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CAF21	0_2_009CAF21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00952F5A	0_2_00952F5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DEF47	0_2_009DEF47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A04F47	0_2_00A04F47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00990F71	0_2_00990F71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B6F67	0_2_009B6F67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A109A	0_2_009A109A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099F088	0_2_0099F088
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DF09A	0_2_008DF09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094F08D	0_2_0094F08D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B90B4	0_2_009B90B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ED0BE	0_2_008ED0BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009950A9	0_2_009950A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009310A2	0_2_009310A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FD0AD	0_2_009FD0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EF0B9	0_2_008EF0B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DB0A0	0_2_009DB0A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0F0E0	0_2_00A0F0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009590D7	0_2_009590D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009150D3	0_2_009150D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009010CB	0_2_009010CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CD0FC	0_2_009CD0FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A37022	0_2_00A37022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F1019	0_2_009F1019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BB015	0_2_009BB015
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E9006	0_2_009E9006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E9013	0_2_008E9013
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00965036	0_2_00965036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A09008	0_2_00A09008
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FD026	0_2_008FD026
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094703B	0_2_0094703B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098902F	0_2_0098902F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091D055	0_2_0091D055
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E504F	0_2_009E504F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0094B042	0_2_0094B042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A3063	0_2_009A3063
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1105F	0_2_00A1105F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F3186	0_2_008F3186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00999181	0_2_00999181
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D3186	0_2_009D3186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009171BE	0_2_009171BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0096F1A6	0_2_0096F1A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FF1BC	0_2_008FF1BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A91CE	0_2_009A91CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FB1CB	0_2_009FB1CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F91E0	0_2_008F91E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A07129	0_2_00A07129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091311D	0_2_0091311D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0093B11F	0_2_0093B11F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0097710B	0_2_0097710B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1713F	0_2_00A1713F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FF13F	0_2_009FF13F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0D103	0_2_00A0D103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00971123	0_2_00971123

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00A9FB94 appears 35 times

Sample file is different than original file name gathered from version info

Source: file.exe, 00000000.00000000.1668140029.00000000008C6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: wprgrgqn ZLIB complexity 0.9951514682718272

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CE5A1 push ebx; mov dword ptr [esp], 7BBE297Dh	0_2_008CE5B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CE5F1 push ecx; mov dword ptr [esp], ebx	0_2_008CEF4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CE5F1 push 34B325A3h; mov dword ptr [esp], ecx	0_2_008CEF54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D408A push 5C6FB07Dh; mov dword ptr [esp], ecx	0_2_008D50C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CC0B7 push edx; mov dword ptr [esp], 7B080A84h	0_2_008CC0B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A02C push ecx; mov dword ptr [esp], edi	0_2_00B4A06C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A02C push 1404D626h; mov dword ptr [esp], ebx	0_2_00B4A123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D2069 push 38BCDA82h; mov dword ptr [esp], edi	0_2_008D2095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 55AB6081h; mov dword ptr [esp], edx	0_2_00A320C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 74ECC82Ch; mov dword ptr [esp], edx	0_2_00A320CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 72951B92h; mov dword ptr [esp], esp	0_2_00A321B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push esi; mov dword ptr [esp], 191FFED6h	0_2_00A32208
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 7E0D073Dh; mov dword ptr [esp], ebx	0_2_00A3222C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push edi; mov dword ptr [esp], esi	0_2_00A3227E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 234B7748h; mov dword ptr [esp], eax	0_2_00A322CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push edx; mov dword ptr [esp], 1FF1D100h	0_2_00A32389
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push edi; mov dword ptr [esp], 30EECFB5h	0_2_00A323FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 7A970861h; mov dword ptr [esp], ebp	0_2_00A32445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 727F7701h; mov dword ptr [esp], edi	0_2_00A3244F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 62E5A695h; mov dword ptr [esp], esi	0_2_00A324C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 67F822ECh; mov dword ptr [esp], eax	0_2_00A324E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 3C520DC5h; mov dword ptr [esp], ebp	0_2_00A32505
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 20745756h; mov dword ptr [esp], esi	0_2_00A3256B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 5A464452h; mov dword ptr [esp], eax	0_2_00A32575
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 3B332BFEh; mov dword ptr [esp], edi	0_2_00A32627
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 222C468Fh; mov dword ptr [esp], ecx	0_2_00A3265D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push esi; mov dword ptr [esp], 536C069Eh	0_2_00A326BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 3883B2C3h; mov dword ptr [esp], ebp	0_2_00A3275F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 2710B767h; mov dword ptr [esp], ecx	0_2_00A32784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 4B4011A9h; mov dword ptr [esp], esi	0_2_00A327B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32044 push 67D93066h; mov dword ptr [esp], ebp	0_2_00A32820

Source: file.exe	Static PE information: section name: entropy: 7.7981680493863905
Source: file.exe	Static PE information: section name: wprgrgqn entropy: 7.954218945063447

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8CDBED instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8CDB10 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A7305F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A717F4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A99A3A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A79BF1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B08972 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5540000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 57A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 55C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CDBB3 second address: 8CDBCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007F81A505507Dh 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48A9B second address: A48A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48A9F second address: A48AA9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F81A5055076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48AA9 second address: A48AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48AAF second address: A48AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48AB5 second address: A48ACF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81A47422A6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F265 second address: A3F26B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F26B second address: A3F29C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F81A47422A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b jnl 00007F81A47422A5h 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A47CC9 second address: A47CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81A5055081h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A47CDF second address: A47CE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A482D0 second address: A482F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F81A5055082h 0x0000000a jp 00007F81A5055076h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A482F4 second address: A482F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B161 second address: A4B165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B165 second address: 8CDBB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 5240E251h 0x0000000d push ebx 0x0000000e mov dword ptr [ebp+122D33C4h], ebx 0x00000014 pop ecx 0x00000015 push dword ptr [ebp+122D0759h] 0x0000001b mov edx, 4D125FB6h 0x00000020 mov dword ptr [ebp+122D1AFCh], ebx 0x00000026 call dword ptr [ebp+122D3A88h] 0x0000002c pushad 0x0000002d pushad 0x0000002e jmp 00007F81A474229Ch 0x00000033 mov edx, dword ptr [ebp+122D29BFh] 0x00000039 popad 0x0000003a xor eax, eax 0x0000003c mov dword ptr [ebp+122D3346h], ecx 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 jmp 00007F81A47422A2h 0x0000004b mov dword ptr [ebp+122D2B93h], eax 0x00000051 pushad 0x00000052 mov dword ptr [ebp+122D3346h], esi 0x00000058 jmp 00007F81A47422A2h 0x0000005d popad 0x0000005e mov esi, 0000003Ch 0x00000063 jmp 00007F81A47422A5h 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c jnl 00007F81A47422A2h 0x00000072 lodsw 0x00000074 mov dword ptr [ebp+122D3346h], eax 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e js 00007F81A474229Ch 0x00000084 mov dword ptr [ebp+122D3346h], ecx 0x0000008a mov ebx, dword ptr [esp+24h] 0x0000008e jmp 00007F81A47422A9h 0x00000093 clc 0x00000094 nop 0x00000095 push eax 0x00000096 push edx 0x00000097 push ecx 0x00000098 push ebx 0x00000099 pop ebx 0x0000009a pop ecx 0x0000009b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B1E0 second address: A4B22F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007F81A5055076h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F81A5055078h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push 00000000h 0x00000029 mov dx, ax 0x0000002c call 00007F81A5055079h 0x00000031 jp 00007F81A5055081h 0x00000037 push eax 0x00000038 push ecx 0x00000039 pushad 0x0000003a push edi 0x0000003b pop edi 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B22F second address: A4B23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B360 second address: A4B39C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push ebx 0x00000009 call 00007F81A505507Bh 0x0000000e or edi, dword ptr [ebp+122D2A67h] 0x00000014 pop ecx 0x00000015 pop edi 0x00000016 mov edi, edx 0x00000018 push 00000000h 0x0000001a jo 00007F81A505507Ch 0x00000020 mov edi, dword ptr [ebp+122D19DDh] 0x00000026 mov dword ptr [ebp+122D2100h], esi 0x0000002c push 7F54D9C2h 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B39C second address: A4B3BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F81A47422A9h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B4A9 second address: A4B4AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4B4AF second address: A4B4B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5D200 second address: A5D204 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6C518 second address: A6C520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2FFB2 second address: A2FFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A6A0 second address: A6A6B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F81A474229Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A6B5 second address: A6A6C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F81A505507Bh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A6C6 second address: A6A6CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6AF8A second address: A6AF94 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F81A5055076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6AF94 second address: A6AFAF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007F81A4742296h 0x00000009 ja 00007F81A4742296h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6AFAF second address: A6AFC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81A505507Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6AFC1 second address: A6AFD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F81A474229Ch 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6B65E second address: A6B689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F81A505507Ah 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F81A5055088h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6258E second address: A62594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62594 second address: A62598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E2FA second address: A2E30C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F81A4742298h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E30C second address: A2E312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E312 second address: A2E334 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F81A47422A7h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E334 second address: A2E33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E33A second address: A2E340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BEA2 second address: A6BEDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F81A5055089h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jns 00007F81A5055076h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F81A5055081h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6BEDE second address: A6BEE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Source: file.exe, file.exe, 00000000.00000002.1810342366.0000000000A52000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1810342366.0000000000A52000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: file.exe, 00000000.00000002.1810342366.0000000000A52000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: oSGF_Program Manager
Source: file.exe, file.exe, 00000000.00000002.1810342366.0000000000A52000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: SGF_Program Manager

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

ID:	1538053
Product:	CloudBasic
Start time:	06:19:05
Start date:	20.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	87988911910daf2d730b3ca1d029c15b
SHA1:	796d1f151f6551c8df179d9dc0b36ff72dbc71d8
SHA256:	579817d9822bf05bd0f22d92d924229e99bad4ddfe68a484b4db8cb62f91ea2b
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
file.exe