Windows Analysis Report
3507071243740008011.exe

Overview

General Information

Sample name:	3507071243740008011.exe
Analysis ID:	1538168
MD5:	300ffb3fd65eb4a84a14802828f91e38
SHA1:	937574595a8e68f7a77b95a7f99b530007f9fc5c
SHA256:	24beefbe74ccf89b245d50c7279c83803186566d4be4f89f875e203ec2f4edf9
Tags:	exeuser-Racco42
Infos:

Detection

GuLoader

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected GuLoader

AI detected suspicious sample

Opens the same file many times (likely Sandbox evasion)

Switches to a custom stack to bypass stack traces

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 3507071243740008011.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 3507071243740008011.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Uses 32bit PE files

Source: 3507071243740008011.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 193.107.36.30:443 -> 192.168.2.4:49839 version: TLS 1.2

Source: 3507071243740008011.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3507071243740008011.exe, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_004065C5 FindFirstFileW,FindClose,	0_2_004065C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405990
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00402862 FindFirstFileW,	0_2_00402862

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /jFhxxDhhDcCKVgiwlWM221.bin HTTP/1.1User-Agent: 5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: alfacen.comCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: alfacen.com

Source: 3507071243740008011.exe, 00000000.00000002.2444086680.000000000040A000.00000004.00000001.01000000.00000003.sdmp, 3507071243740008011.exe, 00000000.00000000.1654398706.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 3507071243740008011.exe, 00000004.00000000.2441682476.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: 3507071243740008011.exe, 00000004.00000003.2727628175.0000000006B43000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2767646001.0000000006B34000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727893517.0000000006B43000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2767716944.0000000006B45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://alfacen.com/
Source: 3507071243740008011.exe, 00000004.00000002.2767646001.0000000006B34000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791020426.0000000036160000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://alfacen.com/jFhxxDhhDcCKVgiwlWM221.bin
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214

Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839

Source: unknown

HTTPS traffic detected: 193.107.36.30:443 -> 192.168.2.4:49839 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_00405425 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405425

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\3507071243740008011.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA35C0 NtCreateMutant,LdrInitializeThunk,	4_2_36DA35C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2DF0 NtQuerySystemInformation,LdrInitializeThunk,	4_2_36DA2DF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3090 NtSetValueKey,	4_2_36DA3090
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3010 NtOpenDirectoryObject,	4_2_36DA3010
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3D70 NtOpenThread,	4_2_36DA3D70
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3D10 NtOpenProcessToken,	4_2_36DA3D10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA39B0 NtGetContextThread,	4_2_36DA39B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA4650 NtSuspendThread,	4_2_36DA4650
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA4340 NtSetContextThread,	4_2_36DA4340
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2EE0 NtQueueApcThread,	4_2_36DA2EE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2E80 NtReadVirtualMemory,	4_2_36DA2E80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2EA0 NtAdjustPrivilegesToken,	4_2_36DA2EA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2E30 NtWriteVirtualMemory,	4_2_36DA2E30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2FE0 NtCreateFile,	4_2_36DA2FE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2F90 NtProtectVirtualMemory,	4_2_36DA2F90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2FB0 NtResumeThread,	4_2_36DA2FB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2FA0 NtQuerySection,	4_2_36DA2FA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2F60 NtCreateProcessEx,	4_2_36DA2F60
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2F30 NtCreateSection,	4_2_36DA2F30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2CC0 NtQueryVirtualMemory,	4_2_36DA2CC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2CF0 NtOpenProcess,	4_2_36DA2CF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2CA0 NtQueryInformationToken,	4_2_36DA2CA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2C70 NtFreeVirtualMemory,	4_2_36DA2C70
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2C60 NtCreateKey,	4_2_36DA2C60
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2C00 NtQueryInformationProcess,	4_2_36DA2C00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2DD0 NtDelayExecution,	4_2_36DA2DD0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2DB0 NtEnumerateKey,	4_2_36DA2DB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2D10 NtMapViewOfSection,	4_2_36DA2D10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2D00 NtSetInformationFile,	4_2_36DA2D00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2D30 NtUnmapViewOfSection,	4_2_36DA2D30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2AD0 NtReadFile,	4_2_36DA2AD0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2AF0 NtWriteFile,	4_2_36DA2AF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2AB0 NtWaitForSingleObject,	4_2_36DA2AB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2BF0 NtAllocateVirtualMemory,	4_2_36DA2BF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2BE0 NtQueryValueKey,	4_2_36DA2BE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2B80 NtQueryInformationFile,	4_2_36DA2B80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2BA0 NtEnumerateValueKey,	4_2_36DA2BA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2B60 NtClose,	4_2_36DA2B60

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_00403373

Detected potential crypto function

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00404C62	0_2_00404C62
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00406ADD	0_2_00406ADD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_004072B4	0_2_004072B4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB5630	4_2_36DB5630
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2F7B0	4_2_36E2F7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2F43F	4_2_36E2F43F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E395C3	4_2_36E395C3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0D5B0	4_2_36E0D5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E27571	4_2_36E27571
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D2F0	4_2_36D8D2F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB739A	4_2_36DB739A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D34C	4_2_36D5D34C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2132D	4_2_36E2132D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2F0E0	4_2_36E2F0E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E270E9	4_2_36E270E9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F0CC	4_2_36E1F0CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7B1B0	4_2_36D7B1B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B16B	4_2_36E3B16B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA516C	4_2_36DA516C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D79EB0	4_2_36D79EB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D33FD2	4_2_36D33FD2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D33FD5	4_2_36D33FD5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FFB1	4_2_36E2FFB1
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FF09	4_2_36E2FF09
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FCF2	4_2_36E2FCF2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE9C32	4_2_36DE9C32
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8FDC0	4_2_36D8FDC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E27D73	4_2_36E27D73
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73D40	4_2_36D73D40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E21D5A	4_2_36E21D5A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1DAC6	4_2_36E1DAC6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E11AA3	4_2_36E11AA3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DAAC	4_2_36E0DAAC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB5AA0	4_2_36DB5AA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E27A46	4_2_36E27A46
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FA49	4_2_36E2FA49
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE3A6C	4_2_36DE3A6C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DADBF9	4_2_36DADBF9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE5BF0	4_2_36DE5BF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8FB80	4_2_36D8FB80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FB76	4_2_36E2FB76
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D738E0	4_2_36D738E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD800	4_2_36DDD800
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D79950	4_2_36D79950
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B950	4_2_36D8B950
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E05910	4_2_36E05910
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8C6E0	4_2_36D8C6E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6C7C0	4_2_36D6C7C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D94750	4_2_36D94750
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70770	4_2_36D70770
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1E4F6	4_2_36E1E4F6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E22446	4_2_36E22446
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E14420	4_2_36E14420
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E30591	4_2_36E30591
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70535	4_2_36D70535
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF02C0	4_2_36DF02C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E10274	4_2_36E10274
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E303E6	4_2_36E303E6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7E3F0	4_2_36D7E3F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2A352	4_2_36E2A352
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E02000	4_2_36E02000
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E281CC	4_2_36E281CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E241A2	4_2_36E241A2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E301AA	4_2_36E301AA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF8158	4_2_36DF8158
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D60100	4_2_36D60100
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0A118	4_2_36E0A118
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2EEDB	4_2_36E2EEDB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D82E90	4_2_36D82E90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2CE93	4_2_36E2CE93
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70E59	4_2_36D70E59
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2EE26	4_2_36E2EE26
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D62FC8	4_2_36D62FC8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7CFE0	4_2_36D7CFE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEEFA0	4_2_36DEEFA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE4F40	4_2_36DE4F40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E12F30	4_2_36E12F30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D90F30	4_2_36D90F30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB2F28	4_2_36DB2F28
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D60CF2	4_2_36D60CF2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E10CB5	4_2_36E10CB5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70C00	4_2_36D70C00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6ADE0	4_2_36D6ADE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D88DBF	4_2_36D88DBF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7AD00	4_2_36D7AD00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0CD1F	4_2_36E0CD1F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6EA80	4_2_36D6EA80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E26BD7	4_2_36E26BD7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2AB40	4_2_36E2AB40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9E8F0	4_2_36D9E8F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D568B8	4_2_36D568B8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D72840	4_2_36D72840
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7A840	4_2_36D7A840
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3A9A6	4_2_36E3A9A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D729A0	4_2_36D729A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D86962	4_2_36D86962

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36D5B970 appears 262 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DDEA12 appears 86 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DA5130 appears 58 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DEF290 appears 105 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DB7E54 appears 108 times

PE file contains executable resources (Code or Archives)

Source: 3507071243740008011.exe

Static PE information: Resource name: RT_VERSION type: Intel 80386 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Sample file is different than original file name gathered from version info

Source: 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036E5D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 3507071243740008011.exe
Source: 3507071243740008011.exe, 00000004.00000003.2727268386.0000000036AE9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 3507071243740008011.exe

Uses 32bit PE files

Source: 3507071243740008011.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal80.troj.evad.winEXE@2/8@1/1

Source: C:\Users\user\Desktop\3507071243740008011.exe

0_2_00403373

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_004046E6 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004046E6

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_004020FE CoCreateInstance,

0_2_004020FE

Source: C:\Users\user\Desktop\3507071243740008011.exe

File created: C:\Users\user\AppData\Roaming\pechay

Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe

File created: C:\Users\user\AppData\Local\Temp\nslD521.tmp

Jump to behavior

Source: 3507071243740008011.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\3507071243740008011.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 3507071243740008011.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\3507071243740008011.exe

File read: C:\Users\user\Desktop\3507071243740008011.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\3507071243740008011.exe "C:\Users\user\Desktop\3507071243740008011.exe"
Source: C:\Users\user\Desktop\3507071243740008011.exe	Process created: C:\Users\user\Desktop\3507071243740008011.exe "C:\Users\user\Desktop\3507071243740008011.exe"

Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: 3507071243740008011.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3507071243740008011.exe, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.2445417513.0000000005438000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_10001B18

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_10002DE0 push eax; ret	0_2_10002E0E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D3135D push eax; iretd	4_2_36D31369
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D327FA pushad ; ret	4_2_36D327F9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D3225F pushad ; ret	4_2_36D327F9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D3283D push eax; iretd	4_2_36D32858
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D609AD push ecx; mov dword ptr [esp], ecx	4_2_36D609B6

Drops PE files

Source: C:\Users\user\Desktop\3507071243740008011.exe

File created: C:\Users\user\AppData\Local\Temp\nsaD5CD.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\3507071243740008011.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Opens the same file many times (likely Sandbox evasion)

Source: C:\Users\user\Desktop\3507071243740008011.exe

File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Saddukisk233\centerleder.ini count: 45722

Jump to behavior

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\3507071243740008011.exe	API/Special instruction interceptor: Address: 59AA0FB
Source: C:\Users\user\Desktop\3507071243740008011.exe	API/Special instruction interceptor: Address: 458A0FB

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\3507071243740008011.exe	RDTSC instruction interceptor: First address: 596FD31 second address: 596FD31 instructions: 0x00000000 rdtsc 0x00000002 test cx, cx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007FF06CB84AC7h 0x00000009 inc ebp 0x0000000a inc ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\3507071243740008011.exe	RDTSC instruction interceptor: First address: 454FD31 second address: 454FD31 instructions: 0x00000000 rdtsc 0x00000002 test cx, cx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007FF06CCEEEF7h 0x00000009 inc ebp 0x0000000a inc ebx 0x0000000b rdtsc

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 4_2_36DDD1C0 rdtsc

4_2_36DDD1C0

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\3507071243740008011.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaD5CD.tmp\System.dll

Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\3507071243740008011.exe

API coverage: 0.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\3507071243740008011.exe TID: 2496

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_004065C5 FindFirstFileW,FindClose,	0_2_004065C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405990
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00402862 FindFirstFileW,	0_2_00402862

Source: 3507071243740008011.exe, 00000004.00000002.2767716944.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727628175.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWy
Source: 3507071243740008011.exe, 00000004.00000002.2767716944.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727628175.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\3507071243740008011.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\3507071243740008011.exe	API call chain: ExitProcess graph end node

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 4_2_36DDD1C0 rdtsc

4_2_36DDD1C0

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 4_2_36DA35C0 NtCreateMutant,LdrInitializeThunk,

4_2_36DA35C0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_10001B18

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1D6F0 mov eax, dword ptr fs:[00000030h]	4_2_36E1D6F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D916CF mov eax, dword ptr fs:[00000030h]	4_2_36D916CF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F6C7 mov eax, dword ptr fs:[00000030h]	4_2_36E1F6C7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D6E0 mov eax, dword ptr fs:[00000030h]	4_2_36D8D6E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D6E0 mov eax, dword ptr fs:[00000030h]	4_2_36D8D6E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D576B2 mov eax, dword ptr fs:[00000030h]	4_2_36D576B2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D576B2 mov eax, dword ptr fs:[00000030h]	4_2_36D576B2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D576B2 mov eax, dword ptr fs:[00000030h]	4_2_36D576B2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D6AA mov eax, dword ptr fs:[00000030h]	4_2_36D5D6AA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D6AA mov eax, dword ptr fs:[00000030h]	4_2_36D5D6AA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D99660 mov eax, dword ptr fs:[00000030h]	4_2_36D99660
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D99660 mov eax, dword ptr fs:[00000030h]	4_2_36D99660
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DFD660 mov eax, dword ptr fs:[00000030h]	4_2_36DFD660
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63616 mov eax, dword ptr fs:[00000030h]	4_2_36D63616
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63616 mov eax, dword ptr fs:[00000030h]	4_2_36D63616
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35636 mov eax, dword ptr fs:[00000030h]	4_2_36E35636
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9F603 mov eax, dword ptr fs:[00000030h]	4_2_36D9F603
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91607 mov eax, dword ptr fs:[00000030h]	4_2_36D91607
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D657C0 mov eax, dword ptr fs:[00000030h]	4_2_36D657C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D657C0 mov eax, dword ptr fs:[00000030h]	4_2_36D657C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D657C0 mov eax, dword ptr fs:[00000030h]	4_2_36D657C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D7E0 mov ecx, dword ptr fs:[00000030h]	4_2_36D6D7E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1D7B0 mov eax, dword ptr fs:[00000030h]	4_2_36E1D7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1D7B0 mov eax, dword ptr fs:[00000030h]	4_2_36E1D7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E337B6 mov eax, dword ptr fs:[00000030h]	4_2_36E337B6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D7B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8D7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F78A mov eax, dword ptr fs:[00000030h]	4_2_36E1F78A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE97A9 mov eax, dword ptr fs:[00000030h]	4_2_36DE97A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73740 mov eax, dword ptr fs:[00000030h]	4_2_36D73740
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73740 mov eax, dword ptr fs:[00000030h]	4_2_36D73740
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73740 mov eax, dword ptr fs:[00000030h]	4_2_36D73740
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33749 mov eax, dword ptr fs:[00000030h]	4_2_36E33749
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9F71F mov eax, dword ptr fs:[00000030h]	4_2_36D9F71F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9F71F mov eax, dword ptr fs:[00000030h]	4_2_36D9F71F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2972B mov eax, dword ptr fs:[00000030h]	4_2_36E2972B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F72E mov eax, dword ptr fs:[00000030h]	4_2_36E1F72E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D65702 mov eax, dword ptr fs:[00000030h]	4_2_36D65702
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D65702 mov eax, dword ptr fs:[00000030h]	4_2_36D65702
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67703 mov eax, dword ptr fs:[00000030h]	4_2_36D67703
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59730 mov eax, dword ptr fs:[00000030h]	4_2_36D59730
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59730 mov eax, dword ptr fs:[00000030h]	4_2_36D59730
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6973A mov eax, dword ptr fs:[00000030h]	4_2_36D6973A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6973A mov eax, dword ptr fs:[00000030h]	4_2_36D6973A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D95734 mov eax, dword ptr fs:[00000030h]	4_2_36D95734
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63720 mov eax, dword ptr fs:[00000030h]	4_2_36D63720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F720 mov eax, dword ptr fs:[00000030h]	4_2_36D7F720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F720 mov eax, dword ptr fs:[00000030h]	4_2_36D7F720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F720 mov eax, dword ptr fs:[00000030h]	4_2_36D7F720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E094E0 mov eax, dword ptr fs:[00000030h]	4_2_36E094E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E354DB mov eax, dword ptr fs:[00000030h]	4_2_36E354DB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D69486 mov eax, dword ptr fs:[00000030h]	4_2_36D69486
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D69486 mov eax, dword ptr fs:[00000030h]	4_2_36D69486
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E074B0 mov eax, dword ptr fs:[00000030h]	4_2_36E074B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B480 mov eax, dword ptr fs:[00000030h]	4_2_36D5B480
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D574B0 mov eax, dword ptr fs:[00000030h]	4_2_36D574B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D574B0 mov eax, dword ptr fs:[00000030h]	4_2_36D574B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D934B0 mov eax, dword ptr fs:[00000030h]	4_2_36D934B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3547F mov eax, dword ptr fs:[00000030h]	4_2_36E3547F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F453 mov eax, dword ptr fs:[00000030h]	4_2_36E1F453
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE7410 mov eax, dword ptr fs:[00000030h]	4_2_36DE7410
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8340D mov eax, dword ptr fs:[00000030h]	4_2_36D8340D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D895DA mov eax, dword ptr fs:[00000030h]	4_2_36D895DA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD5D0 mov eax, dword ptr fs:[00000030h]	4_2_36DDD5D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD5D0 mov ecx, dword ptr fs:[00000030h]	4_2_36DDD5D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D955C0 mov eax, dword ptr fs:[00000030h]	4_2_36D955C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E355C9 mov eax, dword ptr fs:[00000030h]	4_2_36E355C9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335D7 mov eax, dword ptr fs:[00000030h]	4_2_36E335D7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335D7 mov eax, dword ptr fs:[00000030h]	4_2_36E335D7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335D7 mov eax, dword ptr fs:[00000030h]	4_2_36E335D7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEB594 mov eax, dword ptr fs:[00000030h]	4_2_36DEB594
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEB594 mov eax, dword ptr fs:[00000030h]	4_2_36DEB594
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335B6 mov eax, dword ptr fs:[00000030h]	4_2_36E335B6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5758F mov eax, dword ptr fs:[00000030h]	4_2_36D5758F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5758F mov eax, dword ptr fs:[00000030h]	4_2_36D5758F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5758F mov eax, dword ptr fs:[00000030h]	4_2_36D5758F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F5BE mov eax, dword ptr fs:[00000030h]	4_2_36E1F5BE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DFD5B0 mov eax, dword ptr fs:[00000030h]	4_2_36DFD5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DFD5B0 mov eax, dword ptr fs:[00000030h]	4_2_36DFD5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9B570 mov eax, dword ptr fs:[00000030h]	4_2_36D9B570
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9B570 mov eax, dword ptr fs:[00000030h]	4_2_36D9B570
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B550 mov eax, dword ptr fs:[00000030h]	4_2_36E0B550
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B550 mov eax, dword ptr fs:[00000030h]	4_2_36E0B550
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B550 mov eax, dword ptr fs:[00000030h]	4_2_36E0B550
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B562 mov eax, dword ptr fs:[00000030h]	4_2_36D5B562
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B52F mov eax, dword ptr fs:[00000030h]	4_2_36E1B52F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35537 mov eax, dword ptr fs:[00000030h]	4_2_36E35537
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97505 mov eax, dword ptr fs:[00000030h]	4_2_36D97505
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97505 mov ecx, dword ptr fs:[00000030h]	4_2_36D97505
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D530 mov eax, dword ptr fs:[00000030h]	4_2_36D9D530
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D530 mov eax, dword ptr fs:[00000030h]	4_2_36D9D530
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E352E2 mov eax, dword ptr fs:[00000030h]	4_2_36E352E2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B2D3 mov eax, dword ptr fs:[00000030h]	4_2_36D5B2D3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B2D3 mov eax, dword ptr fs:[00000030h]	4_2_36D5B2D3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B2D3 mov eax, dword ptr fs:[00000030h]	4_2_36D5B2D3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F2D0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F2D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F2D0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F2D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B2F0 mov eax, dword ptr fs:[00000030h]	4_2_36E0B2F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B2F0 mov eax, dword ptr fs:[00000030h]	4_2_36E0B2F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D692C5 mov eax, dword ptr fs:[00000030h]	4_2_36D692C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D692C5 mov eax, dword ptr fs:[00000030h]	4_2_36D692C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F2F8 mov eax, dword ptr fs:[00000030h]	4_2_36E1F2F8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D592FF mov eax, dword ptr fs:[00000030h]	4_2_36D592FF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9329E mov eax, dword ptr fs:[00000030h]	4_2_36D9329E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9329E mov eax, dword ptr fs:[00000030h]	4_2_36D9329E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35283 mov eax, dword ptr fs:[00000030h]	4_2_36E35283
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov eax, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov eax, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov ecx, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov ecx, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF72A0 mov eax, dword ptr fs:[00000030h]	4_2_36DF72A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF72A0 mov eax, dword ptr fs:[00000030h]	4_2_36DF72A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2D26B mov eax, dword ptr fs:[00000030h]	4_2_36E2D26B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2D26B mov eax, dword ptr fs:[00000030h]	4_2_36E2D26B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9724D mov eax, dword ptr fs:[00000030h]	4_2_36D9724D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59240 mov eax, dword ptr fs:[00000030h]	4_2_36D59240
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59240 mov eax, dword ptr fs:[00000030h]	4_2_36D59240
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA1270 mov eax, dword ptr fs:[00000030h]	4_2_36DA1270
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA1270 mov eax, dword ptr fs:[00000030h]	4_2_36DA1270
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D89274 mov eax, dword ptr fs:[00000030h]	4_2_36D89274
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B256 mov eax, dword ptr fs:[00000030h]	4_2_36E1B256
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B256 mov eax, dword ptr fs:[00000030h]	4_2_36E1B256
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35227 mov eax, dword ptr fs:[00000030h]	4_2_36E35227
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97208 mov eax, dword ptr fs:[00000030h]	4_2_36D97208
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97208 mov eax, dword ptr fs:[00000030h]	4_2_36D97208
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F3E6 mov eax, dword ptr fs:[00000030h]	4_2_36E1F3E6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E353FC mov eax, dword ptr fs:[00000030h]	4_2_36E353FC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B3D0 mov ecx, dword ptr fs:[00000030h]	4_2_36E1B3D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB739A mov eax, dword ptr fs:[00000030h]	4_2_36DB739A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB739A mov eax, dword ptr fs:[00000030h]	4_2_36DB739A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E013B9 mov eax, dword ptr fs:[00000030h]	4_2_36E013B9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E013B9 mov eax, dword ptr fs:[00000030h]	4_2_36E013B9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E013B9 mov eax, dword ptr fs:[00000030h]	4_2_36E013B9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D933A0 mov eax, dword ptr fs:[00000030h]	4_2_36D933A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D933A0 mov eax, dword ptr fs:[00000030h]	4_2_36D933A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D833A5 mov eax, dword ptr fs:[00000030h]	4_2_36D833A5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3539D mov eax, dword ptr fs:[00000030h]	4_2_36E3539D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59353 mov eax, dword ptr fs:[00000030h]	4_2_36D59353
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59353 mov eax, dword ptr fs:[00000030h]	4_2_36D59353
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F367 mov eax, dword ptr fs:[00000030h]	4_2_36E1F367
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E03370 mov eax, dword ptr fs:[00000030h]	4_2_36E03370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D34C mov eax, dword ptr fs:[00000030h]	4_2_36D5D34C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D34C mov eax, dword ptr fs:[00000030h]	4_2_36D5D34C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35341 mov eax, dword ptr fs:[00000030h]	4_2_36E35341
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67370 mov eax, dword ptr fs:[00000030h]	4_2_36D67370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67370 mov eax, dword ptr fs:[00000030h]	4_2_36D67370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67370 mov eax, dword ptr fs:[00000030h]	4_2_36D67370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2132D mov eax, dword ptr fs:[00000030h]	4_2_36E2132D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2132D mov eax, dword ptr fs:[00000030h]	4_2_36E2132D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE930B mov eax, dword ptr fs:[00000030h]	4_2_36DE930B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE930B mov eax, dword ptr fs:[00000030h]	4_2_36DE930B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE930B mov eax, dword ptr fs:[00000030h]	4_2_36DE930B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D57330 mov eax, dword ptr fs:[00000030h]	4_2_36D57330
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F32A mov eax, dword ptr fs:[00000030h]	4_2_36D8F32A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D890DB mov eax, dword ptr fs:[00000030h]	4_2_36D890DB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD0C0 mov eax, dword ptr fs:[00000030h]	4_2_36DDD0C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD0C0 mov eax, dword ptr fs:[00000030h]	4_2_36DDD0C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E350D9 mov eax, dword ptr fs:[00000030h]	4_2_36E350D9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D850E4 mov eax, dword ptr fs:[00000030h]	4_2_36D850E4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D850E4 mov ecx, dword ptr fs:[00000030h]	4_2_36D850E4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D65096 mov eax, dword ptr fs:[00000030h]	4_2_36D65096
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9909C mov eax, dword ptr fs:[00000030h]	4_2_36D9909C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D090 mov eax, dword ptr fs:[00000030h]	4_2_36D8D090
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D090 mov eax, dword ptr fs:[00000030h]	4_2_36D8D090
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D08D mov eax, dword ptr fs:[00000030h]	4_2_36D5D08D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DED080 mov eax, dword ptr fs:[00000030h]	4_2_36DED080
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DED080 mov eax, dword ptr fs:[00000030h]	4_2_36DED080
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35060 mov eax, dword ptr fs:[00000030h]	4_2_36E35060
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B052 mov eax, dword ptr fs:[00000030h]	4_2_36D8B052
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov ecx, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD070 mov ecx, dword ptr fs:[00000030h]	4_2_36DDD070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE106E mov eax, dword ptr fs:[00000030h]	4_2_36DE106E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0705E mov ebx, dword ptr fs:[00000030h]	4_2_36E0705E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0705E mov eax, dword ptr fs:[00000030h]	4_2_36E0705E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E331E1 mov eax, dword ptr fs:[00000030h]	4_2_36E331E1
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D1D0 mov eax, dword ptr fs:[00000030h]	4_2_36D9D1D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D1D0 mov ecx, dword ptr fs:[00000030h]	4_2_36D9D1D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E071F9 mov esi, dword ptr fs:[00000030h]	4_2_36E071F9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E351CB mov eax, dword ptr fs:[00000030h]	4_2_36E351CB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D651ED mov eax, dword ptr fs:[00000030h]	4_2_36D651ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB7190 mov eax, dword ptr fs:[00000030h]	4_2_36DB7190
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E15180 mov eax, dword ptr fs:[00000030h]	4_2_36E15180
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E15180 mov eax, dword ptr fs:[00000030h]	4_2_36E15180
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7B1B0 mov eax, dword ptr fs:[00000030h]	4_2_36D7B1B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67152 mov eax, dword ptr fs:[00000030h]	4_2_36D67152
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF3140 mov eax, dword ptr fs:[00000030h]	4_2_36DF3140
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF3140 mov eax, dword ptr fs:[00000030h]	4_2_36DF3140
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF3140 mov eax, dword ptr fs:[00000030h]	4_2_36DF3140
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF9179 mov eax, dword ptr fs:[00000030h]	4_2_36DF9179
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35152 mov eax, dword ptr fs:[00000030h]	4_2_36E35152
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E37120 mov eax, dword ptr fs:[00000030h]	4_2_36E37120
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61131 mov eax, dword ptr fs:[00000030h]	4_2_36D61131
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61131 mov eax, dword ptr fs:[00000030h]	4_2_36D61131
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D5BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D5BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8FEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D8FEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEFEC5 mov eax, dword ptr fs:[00000030h]	4_2_36DEFEC5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EF4 mov eax, dword ptr fs:[00000030h]	4_2_36D63EF4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EF4 mov eax, dword ptr fs:[00000030h]	4_2_36D63EF4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EF4 mov eax, dword ptr fs:[00000030h]	4_2_36D63EF4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93EEB mov ecx, dword ptr fs:[00000030h]	4_2_36D93EEB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93EEB mov eax, dword ptr fs:[00000030h]	4_2_36D93EEB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93EEB mov eax, dword ptr fs:[00000030h]	4_2_36D93EEB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EE1 mov eax, dword ptr fs:[00000030h]	4_2_36D63EE1
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E19EDF mov eax, dword ptr fs:[00000030h]	4_2_36E19EDF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E19EDF mov eax, dword ptr fs:[00000030h]	4_2_36E19EDF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67E96 mov eax, dword ptr fs:[00000030h]	4_2_36D67E96
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEDE9B mov eax, dword ptr fs:[00000030h]	4_2_36DEDE9B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov ecx, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E1DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93E8F mov eax, dword ptr fs:[00000030h]	4_2_36D93E8F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5DEA5 mov eax, dword ptr fs:[00000030h]	4_2_36D5DEA5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5DEA5 mov ecx, dword ptr fs:[00000030h]	4_2_36D5DEA5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEDEAA mov eax, dword ptr fs:[00000030h]	4_2_36DEDEAA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5FEA0 mov eax, dword ptr fs:[00000030h]	4_2_36D5FEA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BE51 mov eax, dword ptr fs:[00000030h]	4_2_36D9BE51
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BE51 mov eax, dword ptr fs:[00000030h]	4_2_36D9BE51
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D75E40 mov eax, dword ptr fs:[00000030h]	4_2_36D75E40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1DE46 mov eax, dword ptr fs:[00000030h]	4_2_36E1DE46
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BE78 mov ecx, dword ptr fs:[00000030h]	4_2_36D5BE78
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E09E56 mov ecx, dword ptr fs:[00000030h]	4_2_36E09E56
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5DE10 mov eax, dword ptr fs:[00000030h]	4_2_36D5DE10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BE17 mov eax, dword ptr fs:[00000030h]	4_2_36D9BE17
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35E37 mov eax, dword ptr fs:[00000030h]	4_2_36E35E37
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35E37 mov eax, dword ptr fs:[00000030h]	4_2_36E35E37
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35E37 mov eax, dword ptr fs:[00000030h]	4_2_36E35E37
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61E30 mov eax, dword ptr fs:[00000030h]	4_2_36D61E30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61E30 mov eax, dword ptr fs:[00000030h]	4_2_36D61E30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33E10 mov eax, dword ptr fs:[00000030h]	4_2_36E33E10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33E10 mov eax, dword ptr fs:[00000030h]	4_2_36E33E10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7DE2D mov eax, dword ptr fs:[00000030h]	4_2_36D7DE2D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7DE2D mov eax, dword ptr fs:[00000030h]	4_2_36D7DE2D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7DE2D mov eax, dword ptr fs:[00000030h]	4_2_36D7DE2D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BFD0 mov eax, dword ptr fs:[00000030h]	4_2_36D5BFD0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE3FD7 mov eax, dword ptr fs:[00000030h]	4_2_36DE3FD7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91FCD mov eax, dword ptr fs:[00000030h]	4_2_36D91FCD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91FCD mov eax, dword ptr fs:[00000030h]	4_2_36D91FCD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91FCD mov eax, dword ptr fs:[00000030h]	4_2_36D91FCD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63FC2 mov eax, dword ptr fs:[00000030h]	4_2_36D63FC2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1BFC0 mov ecx, dword ptr fs:[00000030h]	4_2_36E1BFC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1BFC0 mov eax, dword ptr fs:[00000030h]	4_2_36E1BFC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33FC0 mov eax, dword ptr fs:[00000030h]	4_2_36E33FC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFEC mov eax, dword ptr fs:[00000030h]	4_2_36D9BFEC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFEC mov eax, dword ptr fs:[00000030h]	4_2_36D9BFEC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFEC mov eax, dword ptr fs:[00000030h]	4_2_36D9BFEC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5FF90 mov edi, dword ptr fs:[00000030h]	4_2_36D5FF90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA1FB8 mov eax, dword ptr fs:[00000030h]	4_2_36DA1FB8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFB0 mov eax, dword ptr fs:[00000030h]	4_2_36D9BFB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E03F90 mov eax, dword ptr fs:[00000030h]	4_2_36E03F90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E03F90 mov eax, dword ptr fs:[00000030h]	4_2_36E03F90

Source: C:\Users\user\Desktop\3507071243740008011.exe

0_2_00403373

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.107.36.30	alfacen.com	Bulgaria		201200	SUPERHOSTING_ASBG	false

Contacted Domains

Name	IP	Active
alfacen.com	193.107.36.30	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://alfacen.com/jFhxxDhhDcCKVgiwlWM221.bin	false		unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 3507071243740008011.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 3507071243740008011.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Uses 32bit PE files

Source: 3507071243740008011.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 193.107.36.30:443 -> 192.168.2.4:49839 version: TLS 1.2

Source: 3507071243740008011.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3507071243740008011.exe, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_004065C5 FindFirstFileW,FindClose,	0_2_004065C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405990
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00402862 FindFirstFileW,	0_2_00402862

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /jFhxxDhhDcCKVgiwlWM221.bin HTTP/1.1User-Agent: 5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: alfacen.comCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: alfacen.com

Source: 3507071243740008011.exe, 00000000.00000002.2444086680.000000000040A000.00000004.00000001.01000000.00000003.sdmp, 3507071243740008011.exe, 00000000.00000000.1654398706.000000000040A000.00000008.00000001.01000000.00000003.sdmp, 3507071243740008011.exe, 00000004.00000000.2441682476.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.00000000005F2000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: 3507071243740008011.exe, 00000004.00000003.2727628175.0000000006B43000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2767646001.0000000006B34000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727893517.0000000006B43000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2767716944.0000000006B45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://alfacen.com/
Source: 3507071243740008011.exe, 00000004.00000002.2767646001.0000000006B34000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791020426.0000000036160000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://alfacen.com/jFhxxDhhDcCKVgiwlWM221.bin
Source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214

Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839

Source: unknown

HTTPS traffic detected: 193.107.36.30:443 -> 192.168.2.4:49839 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\3507071243740008011.exe

0_2_00405425

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\3507071243740008011.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA35C0 NtCreateMutant,LdrInitializeThunk,	4_2_36DA35C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2DF0 NtQuerySystemInformation,LdrInitializeThunk,	4_2_36DA2DF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3090 NtSetValueKey,	4_2_36DA3090
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3010 NtOpenDirectoryObject,	4_2_36DA3010
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3D70 NtOpenThread,	4_2_36DA3D70
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA3D10 NtOpenProcessToken,	4_2_36DA3D10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA39B0 NtGetContextThread,	4_2_36DA39B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA4650 NtSuspendThread,	4_2_36DA4650
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA4340 NtSetContextThread,	4_2_36DA4340
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2EE0 NtQueueApcThread,	4_2_36DA2EE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2E80 NtReadVirtualMemory,	4_2_36DA2E80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2EA0 NtAdjustPrivilegesToken,	4_2_36DA2EA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2E30 NtWriteVirtualMemory,	4_2_36DA2E30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2FE0 NtCreateFile,	4_2_36DA2FE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2F90 NtProtectVirtualMemory,	4_2_36DA2F90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2FB0 NtResumeThread,	4_2_36DA2FB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2FA0 NtQuerySection,	4_2_36DA2FA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2F60 NtCreateProcessEx,	4_2_36DA2F60
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2F30 NtCreateSection,	4_2_36DA2F30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2CC0 NtQueryVirtualMemory,	4_2_36DA2CC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2CF0 NtOpenProcess,	4_2_36DA2CF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2CA0 NtQueryInformationToken,	4_2_36DA2CA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2C70 NtFreeVirtualMemory,	4_2_36DA2C70
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2C60 NtCreateKey,	4_2_36DA2C60
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2C00 NtQueryInformationProcess,	4_2_36DA2C00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2DD0 NtDelayExecution,	4_2_36DA2DD0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2DB0 NtEnumerateKey,	4_2_36DA2DB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2D10 NtMapViewOfSection,	4_2_36DA2D10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2D00 NtSetInformationFile,	4_2_36DA2D00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2D30 NtUnmapViewOfSection,	4_2_36DA2D30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2AD0 NtReadFile,	4_2_36DA2AD0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2AF0 NtWriteFile,	4_2_36DA2AF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2AB0 NtWaitForSingleObject,	4_2_36DA2AB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2BF0 NtAllocateVirtualMemory,	4_2_36DA2BF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2BE0 NtQueryValueKey,	4_2_36DA2BE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2B80 NtQueryInformationFile,	4_2_36DA2B80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2BA0 NtEnumerateValueKey,	4_2_36DA2BA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA2B60 NtClose,	4_2_36DA2B60

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\3507071243740008011.exe

0_2_00403373

Detected potential crypto function

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00404C62	0_2_00404C62
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00406ADD	0_2_00406ADD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_004072B4	0_2_004072B4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB5630	4_2_36DB5630
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2F7B0	4_2_36E2F7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2F43F	4_2_36E2F43F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E395C3	4_2_36E395C3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0D5B0	4_2_36E0D5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E27571	4_2_36E27571
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D2F0	4_2_36D8D2F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB739A	4_2_36DB739A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D34C	4_2_36D5D34C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2132D	4_2_36E2132D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2F0E0	4_2_36E2F0E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E270E9	4_2_36E270E9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F0CC	4_2_36E1F0CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7B1B0	4_2_36D7B1B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B16B	4_2_36E3B16B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA516C	4_2_36DA516C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D79EB0	4_2_36D79EB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D33FD2	4_2_36D33FD2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D33FD5	4_2_36D33FD5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FFB1	4_2_36E2FFB1
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FF09	4_2_36E2FF09
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FCF2	4_2_36E2FCF2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE9C32	4_2_36DE9C32
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8FDC0	4_2_36D8FDC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E27D73	4_2_36E27D73
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73D40	4_2_36D73D40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E21D5A	4_2_36E21D5A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1DAC6	4_2_36E1DAC6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E11AA3	4_2_36E11AA3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DAAC	4_2_36E0DAAC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB5AA0	4_2_36DB5AA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E27A46	4_2_36E27A46
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FA49	4_2_36E2FA49
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE3A6C	4_2_36DE3A6C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DADBF9	4_2_36DADBF9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE5BF0	4_2_36DE5BF0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8FB80	4_2_36D8FB80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2FB76	4_2_36E2FB76
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D738E0	4_2_36D738E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD800	4_2_36DDD800
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D79950	4_2_36D79950
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B950	4_2_36D8B950
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E05910	4_2_36E05910
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8C6E0	4_2_36D8C6E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6C7C0	4_2_36D6C7C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D94750	4_2_36D94750
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70770	4_2_36D70770
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1E4F6	4_2_36E1E4F6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E22446	4_2_36E22446
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E14420	4_2_36E14420
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E30591	4_2_36E30591
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70535	4_2_36D70535
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF02C0	4_2_36DF02C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E10274	4_2_36E10274
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E303E6	4_2_36E303E6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7E3F0	4_2_36D7E3F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2A352	4_2_36E2A352
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E02000	4_2_36E02000
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E281CC	4_2_36E281CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E241A2	4_2_36E241A2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E301AA	4_2_36E301AA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF8158	4_2_36DF8158
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D60100	4_2_36D60100
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0A118	4_2_36E0A118
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2EEDB	4_2_36E2EEDB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D82E90	4_2_36D82E90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2CE93	4_2_36E2CE93
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70E59	4_2_36D70E59
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2EE26	4_2_36E2EE26
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D62FC8	4_2_36D62FC8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7CFE0	4_2_36D7CFE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEEFA0	4_2_36DEEFA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE4F40	4_2_36DE4F40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E12F30	4_2_36E12F30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D90F30	4_2_36D90F30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB2F28	4_2_36DB2F28
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D60CF2	4_2_36D60CF2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E10CB5	4_2_36E10CB5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D70C00	4_2_36D70C00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6ADE0	4_2_36D6ADE0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D88DBF	4_2_36D88DBF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7AD00	4_2_36D7AD00
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0CD1F	4_2_36E0CD1F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6EA80	4_2_36D6EA80
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E26BD7	4_2_36E26BD7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2AB40	4_2_36E2AB40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9E8F0	4_2_36D9E8F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D568B8	4_2_36D568B8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D72840	4_2_36D72840
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7A840	4_2_36D7A840
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3A9A6	4_2_36E3A9A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D729A0	4_2_36D729A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D86962	4_2_36D86962

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36D5B970 appears 262 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DDEA12 appears 86 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DA5130 appears 58 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DEF290 appears 105 times
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: String function: 36DB7E54 appears 108 times

PE file contains executable resources (Code or Archives)

Source: 3507071243740008011.exe

Sample file is different than original file name gathered from version info

Source: 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036E5D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 3507071243740008011.exe
Source: 3507071243740008011.exe, 00000004.00000003.2727268386.0000000036AE9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 3507071243740008011.exe

Uses 32bit PE files

Source: 3507071243740008011.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal80.troj.evad.winEXE@2/8@1/1

Source: C:\Users\user\Desktop\3507071243740008011.exe

0_2_00403373

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_004046E6 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004046E6

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_004020FE CoCreateInstance,

0_2_004020FE

Source: C:\Users\user\Desktop\3507071243740008011.exe

File created: C:\Users\user\AppData\Roaming\pechay

Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe

File created: C:\Users\user\AppData\Local\Temp\nslD521.tmp

Jump to behavior

Source: 3507071243740008011.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\3507071243740008011.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 3507071243740008011.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\3507071243740008011.exe

File read: C:\Users\user\Desktop\3507071243740008011.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\3507071243740008011.exe "C:\Users\user\Desktop\3507071243740008011.exe"
Source: C:\Users\user\Desktop\3507071243740008011.exe	Process created: C:\Users\user\Desktop\3507071243740008011.exe "C:\Users\user\Desktop\3507071243740008011.exe"

Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: 3507071243740008011.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: wntdll.pdbUGP source: 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 3507071243740008011.exe, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036ECE000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727268386.00000000369C6000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000002.2791404664.0000000036D30000.00000040.00001000.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2729820928.0000000036B7C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: 3507071243740008011.exe, 00000004.00000001.2443890580.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.2445417513.0000000005438000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_10001B18

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_10002DE0 push eax; ret	0_2_10002E0E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D3135D push eax; iretd	4_2_36D31369
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D327FA pushad ; ret	4_2_36D327F9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D3225F pushad ; ret	4_2_36D327F9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D3283D push eax; iretd	4_2_36D32858
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D609AD push ecx; mov dword ptr [esp], ecx	4_2_36D609B6

Drops PE files

Source: C:\Users\user\Desktop\3507071243740008011.exe

File created: C:\Users\user\AppData\Local\Temp\nsaD5CD.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\3507071243740008011.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\3507071243740008011.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Opens the same file many times (likely Sandbox evasion)

Source: C:\Users\user\Desktop\3507071243740008011.exe

File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Saddukisk233\centerleder.ini count: 45722

Jump to behavior

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\3507071243740008011.exe	API/Special instruction interceptor: Address: 59AA0FB
Source: C:\Users\user\Desktop\3507071243740008011.exe	API/Special instruction interceptor: Address: 458A0FB

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\3507071243740008011.exe	RDTSC instruction interceptor: First address: 596FD31 second address: 596FD31 instructions: 0x00000000 rdtsc 0x00000002 test cx, cx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007FF06CB84AC7h 0x00000009 inc ebp 0x0000000a inc ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\3507071243740008011.exe	RDTSC instruction interceptor: First address: 454FD31 second address: 454FD31 instructions: 0x00000000 rdtsc 0x00000002 test cx, cx 0x00000005 cmp ebx, ecx 0x00000007 jc 00007FF06CCEEEF7h 0x00000009 inc ebp 0x0000000a inc ebx 0x0000000b rdtsc

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 4_2_36DDD1C0 rdtsc

4_2_36DDD1C0

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\3507071243740008011.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaD5CD.tmp\System.dll

Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\3507071243740008011.exe

API coverage: 0.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\3507071243740008011.exe TID: 2496

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_004065C5 FindFirstFileW,FindClose,	0_2_004065C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405990
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 0_2_00402862 FindFirstFileW,	0_2_00402862

Source: 3507071243740008011.exe, 00000004.00000002.2767716944.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727628175.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWy
Source: 3507071243740008011.exe, 00000004.00000002.2767716944.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp, 3507071243740008011.exe, 00000004.00000003.2727628175.0000000006B4B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\3507071243740008011.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\3507071243740008011.exe	API call chain: ExitProcess graph end node

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 4_2_36DDD1C0 rdtsc

4_2_36DDD1C0

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 4_2_36DA35C0 NtCreateMutant,LdrInitializeThunk,

4_2_36DA35C0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\3507071243740008011.exe

Code function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

0_2_10001B18

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1D6F0 mov eax, dword ptr fs:[00000030h]	4_2_36E1D6F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D916CF mov eax, dword ptr fs:[00000030h]	4_2_36D916CF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B6C0 mov eax, dword ptr fs:[00000030h]	4_2_36D6B6C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F6C7 mov eax, dword ptr fs:[00000030h]	4_2_36E1F6C7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E216CC mov eax, dword ptr fs:[00000030h]	4_2_36E216CC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF36EE mov eax, dword ptr fs:[00000030h]	4_2_36DF36EE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D6E0 mov eax, dword ptr fs:[00000030h]	4_2_36D8D6E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D6E0 mov eax, dword ptr fs:[00000030h]	4_2_36D8D6E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE368C mov eax, dword ptr fs:[00000030h]	4_2_36DE368C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D576B2 mov eax, dword ptr fs:[00000030h]	4_2_36D576B2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D576B2 mov eax, dword ptr fs:[00000030h]	4_2_36D576B2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D576B2 mov eax, dword ptr fs:[00000030h]	4_2_36D576B2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D6AA mov eax, dword ptr fs:[00000030h]	4_2_36D5D6AA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D6AA mov eax, dword ptr fs:[00000030h]	4_2_36D5D6AA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D99660 mov eax, dword ptr fs:[00000030h]	4_2_36D99660
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D99660 mov eax, dword ptr fs:[00000030h]	4_2_36D99660
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DFD660 mov eax, dword ptr fs:[00000030h]	4_2_36DFD660
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63616 mov eax, dword ptr fs:[00000030h]	4_2_36D63616
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63616 mov eax, dword ptr fs:[00000030h]	4_2_36D63616
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35636 mov eax, dword ptr fs:[00000030h]	4_2_36E35636
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9F603 mov eax, dword ptr fs:[00000030h]	4_2_36D9F603
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91607 mov eax, dword ptr fs:[00000030h]	4_2_36D91607
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F626 mov eax, dword ptr fs:[00000030h]	4_2_36D5F626
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D657C0 mov eax, dword ptr fs:[00000030h]	4_2_36D657C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D657C0 mov eax, dword ptr fs:[00000030h]	4_2_36D657C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D657C0 mov eax, dword ptr fs:[00000030h]	4_2_36D657C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D7E0 mov ecx, dword ptr fs:[00000030h]	4_2_36D6D7E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1D7B0 mov eax, dword ptr fs:[00000030h]	4_2_36E1D7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1D7B0 mov eax, dword ptr fs:[00000030h]	4_2_36E1D7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E337B6 mov eax, dword ptr fs:[00000030h]	4_2_36E337B6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D7B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8D7B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F78A mov eax, dword ptr fs:[00000030h]	4_2_36E1F78A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F7BA mov eax, dword ptr fs:[00000030h]	4_2_36D5F7BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEF7AF mov eax, dword ptr fs:[00000030h]	4_2_36DEF7AF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE97A9 mov eax, dword ptr fs:[00000030h]	4_2_36DE97A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73740 mov eax, dword ptr fs:[00000030h]	4_2_36D73740
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73740 mov eax, dword ptr fs:[00000030h]	4_2_36D73740
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D73740 mov eax, dword ptr fs:[00000030h]	4_2_36D73740
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33749 mov eax, dword ptr fs:[00000030h]	4_2_36E33749
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B765 mov eax, dword ptr fs:[00000030h]	4_2_36D5B765
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0375F mov eax, dword ptr fs:[00000030h]	4_2_36E0375F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9F71F mov eax, dword ptr fs:[00000030h]	4_2_36D9F71F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9F71F mov eax, dword ptr fs:[00000030h]	4_2_36D9F71F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2972B mov eax, dword ptr fs:[00000030h]	4_2_36E2972B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F72E mov eax, dword ptr fs:[00000030h]	4_2_36E1F72E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D65702 mov eax, dword ptr fs:[00000030h]	4_2_36D65702
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D65702 mov eax, dword ptr fs:[00000030h]	4_2_36D65702
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67703 mov eax, dword ptr fs:[00000030h]	4_2_36D67703
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3B73C mov eax, dword ptr fs:[00000030h]	4_2_36E3B73C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59730 mov eax, dword ptr fs:[00000030h]	4_2_36D59730
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59730 mov eax, dword ptr fs:[00000030h]	4_2_36D59730
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6973A mov eax, dword ptr fs:[00000030h]	4_2_36D6973A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6973A mov eax, dword ptr fs:[00000030h]	4_2_36D6973A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D95734 mov eax, dword ptr fs:[00000030h]	4_2_36D95734
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63720 mov eax, dword ptr fs:[00000030h]	4_2_36D63720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F720 mov eax, dword ptr fs:[00000030h]	4_2_36D7F720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F720 mov eax, dword ptr fs:[00000030h]	4_2_36D7F720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F720 mov eax, dword ptr fs:[00000030h]	4_2_36D7F720
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E094E0 mov eax, dword ptr fs:[00000030h]	4_2_36E094E0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E354DB mov eax, dword ptr fs:[00000030h]	4_2_36E354DB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D69486 mov eax, dword ptr fs:[00000030h]	4_2_36D69486
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D69486 mov eax, dword ptr fs:[00000030h]	4_2_36D69486
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E074B0 mov eax, dword ptr fs:[00000030h]	4_2_36E074B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B480 mov eax, dword ptr fs:[00000030h]	4_2_36D5B480
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D574B0 mov eax, dword ptr fs:[00000030h]	4_2_36D574B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D574B0 mov eax, dword ptr fs:[00000030h]	4_2_36D574B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D934B0 mov eax, dword ptr fs:[00000030h]	4_2_36D934B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6B440 mov eax, dword ptr fs:[00000030h]	4_2_36D6B440
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3547F mov eax, dword ptr fs:[00000030h]	4_2_36E3547F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B450 mov eax, dword ptr fs:[00000030h]	4_2_36E0B450
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F453 mov eax, dword ptr fs:[00000030h]	4_2_36E1F453
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61460 mov eax, dword ptr fs:[00000030h]	4_2_36D61460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7F460 mov eax, dword ptr fs:[00000030h]	4_2_36D7F460
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE7410 mov eax, dword ptr fs:[00000030h]	4_2_36DE7410
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8340D mov eax, dword ptr fs:[00000030h]	4_2_36D8340D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D895DA mov eax, dword ptr fs:[00000030h]	4_2_36D895DA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD5D0 mov eax, dword ptr fs:[00000030h]	4_2_36DDD5D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD5D0 mov ecx, dword ptr fs:[00000030h]	4_2_36DDD5D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D955C0 mov eax, dword ptr fs:[00000030h]	4_2_36D955C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E355C9 mov eax, dword ptr fs:[00000030h]	4_2_36E355C9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815F4 mov eax, dword ptr fs:[00000030h]	4_2_36D815F4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335D7 mov eax, dword ptr fs:[00000030h]	4_2_36E335D7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335D7 mov eax, dword ptr fs:[00000030h]	4_2_36E335D7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335D7 mov eax, dword ptr fs:[00000030h]	4_2_36E335D7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEB594 mov eax, dword ptr fs:[00000030h]	4_2_36DEB594
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEB594 mov eax, dword ptr fs:[00000030h]	4_2_36DEB594
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E335B6 mov eax, dword ptr fs:[00000030h]	4_2_36E335B6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5758F mov eax, dword ptr fs:[00000030h]	4_2_36D5758F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5758F mov eax, dword ptr fs:[00000030h]	4_2_36D5758F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5758F mov eax, dword ptr fs:[00000030h]	4_2_36D5758F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F5BE mov eax, dword ptr fs:[00000030h]	4_2_36E1F5BE
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF35BA mov eax, dword ptr fs:[00000030h]	4_2_36DF35BA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F5B0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DFD5B0 mov eax, dword ptr fs:[00000030h]	4_2_36DFD5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DFD5B0 mov eax, dword ptr fs:[00000030h]	4_2_36DFD5B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D815A9 mov eax, dword ptr fs:[00000030h]	4_2_36D815A9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9B570 mov eax, dword ptr fs:[00000030h]	4_2_36D9B570
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9B570 mov eax, dword ptr fs:[00000030h]	4_2_36D9B570
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B550 mov eax, dword ptr fs:[00000030h]	4_2_36E0B550
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B550 mov eax, dword ptr fs:[00000030h]	4_2_36E0B550
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B550 mov eax, dword ptr fs:[00000030h]	4_2_36E0B550
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B562 mov eax, dword ptr fs:[00000030h]	4_2_36D5B562
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0F525 mov eax, dword ptr fs:[00000030h]	4_2_36E0F525
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B52F mov eax, dword ptr fs:[00000030h]	4_2_36E1B52F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35537 mov eax, dword ptr fs:[00000030h]	4_2_36E35537
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97505 mov eax, dword ptr fs:[00000030h]	4_2_36D97505
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97505 mov ecx, dword ptr fs:[00000030h]	4_2_36D97505
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6D534 mov eax, dword ptr fs:[00000030h]	4_2_36D6D534
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D530 mov eax, dword ptr fs:[00000030h]	4_2_36D9D530
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D530 mov eax, dword ptr fs:[00000030h]	4_2_36D9D530
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E352E2 mov eax, dword ptr fs:[00000030h]	4_2_36E352E2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B2D3 mov eax, dword ptr fs:[00000030h]	4_2_36D5B2D3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B2D3 mov eax, dword ptr fs:[00000030h]	4_2_36D5B2D3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B2D3 mov eax, dword ptr fs:[00000030h]	4_2_36D5B2D3
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F2D0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F2D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F2D0 mov eax, dword ptr fs:[00000030h]	4_2_36D8F2D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E112ED mov eax, dword ptr fs:[00000030h]	4_2_36E112ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B2F0 mov eax, dword ptr fs:[00000030h]	4_2_36E0B2F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0B2F0 mov eax, dword ptr fs:[00000030h]	4_2_36E0B2F0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D692C5 mov eax, dword ptr fs:[00000030h]	4_2_36D692C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D692C5 mov eax, dword ptr fs:[00000030h]	4_2_36D692C5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B2C0 mov eax, dword ptr fs:[00000030h]	4_2_36D8B2C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F2F8 mov eax, dword ptr fs:[00000030h]	4_2_36E1F2F8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D592FF mov eax, dword ptr fs:[00000030h]	4_2_36D592FF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E292A6 mov eax, dword ptr fs:[00000030h]	4_2_36E292A6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9329E mov eax, dword ptr fs:[00000030h]	4_2_36D9329E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9329E mov eax, dword ptr fs:[00000030h]	4_2_36D9329E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35283 mov eax, dword ptr fs:[00000030h]	4_2_36E35283
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov eax, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov eax, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov ecx, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE92BC mov ecx, dword ptr fs:[00000030h]	4_2_36DE92BC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D752A0 mov eax, dword ptr fs:[00000030h]	4_2_36D752A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF72A0 mov eax, dword ptr fs:[00000030h]	4_2_36DF72A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF72A0 mov eax, dword ptr fs:[00000030h]	4_2_36DF72A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2D26B mov eax, dword ptr fs:[00000030h]	4_2_36E2D26B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2D26B mov eax, dword ptr fs:[00000030h]	4_2_36E2D26B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9724D mov eax, dword ptr fs:[00000030h]	4_2_36D9724D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59240 mov eax, dword ptr fs:[00000030h]	4_2_36D59240
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59240 mov eax, dword ptr fs:[00000030h]	4_2_36D59240
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA1270 mov eax, dword ptr fs:[00000030h]	4_2_36DA1270
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA1270 mov eax, dword ptr fs:[00000030h]	4_2_36DA1270
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D89274 mov eax, dword ptr fs:[00000030h]	4_2_36D89274
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B256 mov eax, dword ptr fs:[00000030h]	4_2_36E1B256
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B256 mov eax, dword ptr fs:[00000030h]	4_2_36E1B256
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35227 mov eax, dword ptr fs:[00000030h]	4_2_36E35227
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97208 mov eax, dword ptr fs:[00000030h]	4_2_36D97208
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D97208 mov eax, dword ptr fs:[00000030h]	4_2_36D97208
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F3E6 mov eax, dword ptr fs:[00000030h]	4_2_36E1F3E6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E353FC mov eax, dword ptr fs:[00000030h]	4_2_36E353FC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1B3D0 mov ecx, dword ptr fs:[00000030h]	4_2_36E1B3D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB739A mov eax, dword ptr fs:[00000030h]	4_2_36DB739A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB739A mov eax, dword ptr fs:[00000030h]	4_2_36DB739A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E013B9 mov eax, dword ptr fs:[00000030h]	4_2_36E013B9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E013B9 mov eax, dword ptr fs:[00000030h]	4_2_36E013B9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E013B9 mov eax, dword ptr fs:[00000030h]	4_2_36E013B9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D933A0 mov eax, dword ptr fs:[00000030h]	4_2_36D933A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D933A0 mov eax, dword ptr fs:[00000030h]	4_2_36D933A0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D833A5 mov eax, dword ptr fs:[00000030h]	4_2_36D833A5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E3539D mov eax, dword ptr fs:[00000030h]	4_2_36E3539D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59353 mov eax, dword ptr fs:[00000030h]	4_2_36D59353
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59353 mov eax, dword ptr fs:[00000030h]	4_2_36D59353
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1F367 mov eax, dword ptr fs:[00000030h]	4_2_36E1F367
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E03370 mov eax, dword ptr fs:[00000030h]	4_2_36E03370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D34C mov eax, dword ptr fs:[00000030h]	4_2_36D5D34C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D34C mov eax, dword ptr fs:[00000030h]	4_2_36D5D34C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35341 mov eax, dword ptr fs:[00000030h]	4_2_36E35341
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67370 mov eax, dword ptr fs:[00000030h]	4_2_36D67370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67370 mov eax, dword ptr fs:[00000030h]	4_2_36D67370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67370 mov eax, dword ptr fs:[00000030h]	4_2_36D67370
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2132D mov eax, dword ptr fs:[00000030h]	4_2_36E2132D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2132D mov eax, dword ptr fs:[00000030h]	4_2_36E2132D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE930B mov eax, dword ptr fs:[00000030h]	4_2_36DE930B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE930B mov eax, dword ptr fs:[00000030h]	4_2_36DE930B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE930B mov eax, dword ptr fs:[00000030h]	4_2_36DE930B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D57330 mov eax, dword ptr fs:[00000030h]	4_2_36D57330
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8F32A mov eax, dword ptr fs:[00000030h]	4_2_36D8F32A
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D890DB mov eax, dword ptr fs:[00000030h]	4_2_36D890DB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov ecx, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D770C0 mov eax, dword ptr fs:[00000030h]	4_2_36D770C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD0C0 mov eax, dword ptr fs:[00000030h]	4_2_36DDD0C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD0C0 mov eax, dword ptr fs:[00000030h]	4_2_36DDD0C0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E350D9 mov eax, dword ptr fs:[00000030h]	4_2_36E350D9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D850E4 mov eax, dword ptr fs:[00000030h]	4_2_36D850E4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D850E4 mov ecx, dword ptr fs:[00000030h]	4_2_36D850E4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D65096 mov eax, dword ptr fs:[00000030h]	4_2_36D65096
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9909C mov eax, dword ptr fs:[00000030h]	4_2_36D9909C
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D090 mov eax, dword ptr fs:[00000030h]	4_2_36D8D090
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8D090 mov eax, dword ptr fs:[00000030h]	4_2_36D8D090
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5D08D mov eax, dword ptr fs:[00000030h]	4_2_36D5D08D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DED080 mov eax, dword ptr fs:[00000030h]	4_2_36DED080
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DED080 mov eax, dword ptr fs:[00000030h]	4_2_36DED080
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35060 mov eax, dword ptr fs:[00000030h]	4_2_36E35060
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8B052 mov eax, dword ptr fs:[00000030h]	4_2_36D8B052
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov ecx, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71070 mov eax, dword ptr fs:[00000030h]	4_2_36D71070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DDD070 mov ecx, dword ptr fs:[00000030h]	4_2_36DDD070
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE106E mov eax, dword ptr fs:[00000030h]	4_2_36DE106E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0705E mov ebx, dword ptr fs:[00000030h]	4_2_36E0705E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0705E mov eax, dword ptr fs:[00000030h]	4_2_36E0705E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2903E mov eax, dword ptr fs:[00000030h]	4_2_36E2903E
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E331E1 mov eax, dword ptr fs:[00000030h]	4_2_36E331E1
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D1D0 mov eax, dword ptr fs:[00000030h]	4_2_36D9D1D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9D1D0 mov ecx, dword ptr fs:[00000030h]	4_2_36D9D1D0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E071F9 mov esi, dword ptr fs:[00000030h]	4_2_36E071F9
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E351CB mov eax, dword ptr fs:[00000030h]	4_2_36E351CB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D851EF mov eax, dword ptr fs:[00000030h]	4_2_36D851EF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D651ED mov eax, dword ptr fs:[00000030h]	4_2_36D651ED
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E111A4 mov eax, dword ptr fs:[00000030h]	4_2_36E111A4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DB7190 mov eax, dword ptr fs:[00000030h]	4_2_36DB7190
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E15180 mov eax, dword ptr fs:[00000030h]	4_2_36E15180
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E15180 mov eax, dword ptr fs:[00000030h]	4_2_36E15180
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7B1B0 mov eax, dword ptr fs:[00000030h]	4_2_36D7B1B0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67152 mov eax, dword ptr fs:[00000030h]	4_2_36D67152
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D59148 mov eax, dword ptr fs:[00000030h]	4_2_36D59148
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF3140 mov eax, dword ptr fs:[00000030h]	4_2_36DF3140
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF3140 mov eax, dword ptr fs:[00000030h]	4_2_36DF3140
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF3140 mov eax, dword ptr fs:[00000030h]	4_2_36DF3140
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DF9179 mov eax, dword ptr fs:[00000030h]	4_2_36DF9179
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5F172 mov eax, dword ptr fs:[00000030h]	4_2_36D5F172
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35152 mov eax, dword ptr fs:[00000030h]	4_2_36E35152
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E37120 mov eax, dword ptr fs:[00000030h]	4_2_36E37120
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5B136 mov eax, dword ptr fs:[00000030h]	4_2_36D5B136
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61131 mov eax, dword ptr fs:[00000030h]	4_2_36D61131
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61131 mov eax, dword ptr fs:[00000030h]	4_2_36D61131
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E2BEE6 mov eax, dword ptr fs:[00000030h]	4_2_36E2BEE6
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D5BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D5BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D6BEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D6BEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D8FEC0 mov eax, dword ptr fs:[00000030h]	4_2_36D8FEC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEFEC5 mov eax, dword ptr fs:[00000030h]	4_2_36DEFEC5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EF4 mov eax, dword ptr fs:[00000030h]	4_2_36D63EF4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EF4 mov eax, dword ptr fs:[00000030h]	4_2_36D63EF4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EF4 mov eax, dword ptr fs:[00000030h]	4_2_36D63EF4
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93EEB mov ecx, dword ptr fs:[00000030h]	4_2_36D93EEB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93EEB mov eax, dword ptr fs:[00000030h]	4_2_36D93EEB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93EEB mov eax, dword ptr fs:[00000030h]	4_2_36D93EEB
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63EE1 mov eax, dword ptr fs:[00000030h]	4_2_36D63EE1
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E19EDF mov eax, dword ptr fs:[00000030h]	4_2_36E19EDF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E19EDF mov eax, dword ptr fs:[00000030h]	4_2_36E19EDF
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D67E96 mov eax, dword ptr fs:[00000030h]	4_2_36D67E96
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEDE9B mov eax, dword ptr fs:[00000030h]	4_2_36DEDE9B
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov ecx, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E0DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E0DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1DEB0 mov eax, dword ptr fs:[00000030h]	4_2_36E1DEB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D93E8F mov eax, dword ptr fs:[00000030h]	4_2_36D93E8F
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5DEA5 mov eax, dword ptr fs:[00000030h]	4_2_36D5DEA5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5DEA5 mov ecx, dword ptr fs:[00000030h]	4_2_36D5DEA5
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DEDEAA mov eax, dword ptr fs:[00000030h]	4_2_36DEDEAA
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5FEA0 mov eax, dword ptr fs:[00000030h]	4_2_36D5FEA0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BE51 mov eax, dword ptr fs:[00000030h]	4_2_36D9BE51
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BE51 mov eax, dword ptr fs:[00000030h]	4_2_36D9BE51
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D75E40 mov eax, dword ptr fs:[00000030h]	4_2_36D75E40
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1DE46 mov eax, dword ptr fs:[00000030h]	4_2_36E1DE46
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BE78 mov ecx, dword ptr fs:[00000030h]	4_2_36D5BE78
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E09E56 mov ecx, dword ptr fs:[00000030h]	4_2_36E09E56
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5DE10 mov eax, dword ptr fs:[00000030h]	4_2_36D5DE10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BE17 mov eax, dword ptr fs:[00000030h]	4_2_36D9BE17
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35E37 mov eax, dword ptr fs:[00000030h]	4_2_36E35E37
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35E37 mov eax, dword ptr fs:[00000030h]	4_2_36E35E37
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E35E37 mov eax, dword ptr fs:[00000030h]	4_2_36E35E37
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61E30 mov eax, dword ptr fs:[00000030h]	4_2_36D61E30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D61E30 mov eax, dword ptr fs:[00000030h]	4_2_36D61E30
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33E10 mov eax, dword ptr fs:[00000030h]	4_2_36E33E10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33E10 mov eax, dword ptr fs:[00000030h]	4_2_36E33E10
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7DE2D mov eax, dword ptr fs:[00000030h]	4_2_36D7DE2D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7DE2D mov eax, dword ptr fs:[00000030h]	4_2_36D7DE2D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D7DE2D mov eax, dword ptr fs:[00000030h]	4_2_36D7DE2D
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5BFD0 mov eax, dword ptr fs:[00000030h]	4_2_36D5BFD0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DE3FD7 mov eax, dword ptr fs:[00000030h]	4_2_36DE3FD7
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91FCD mov eax, dword ptr fs:[00000030h]	4_2_36D91FCD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91FCD mov eax, dword ptr fs:[00000030h]	4_2_36D91FCD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D91FCD mov eax, dword ptr fs:[00000030h]	4_2_36D91FCD
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D63FC2 mov eax, dword ptr fs:[00000030h]	4_2_36D63FC2
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1BFC0 mov ecx, dword ptr fs:[00000030h]	4_2_36E1BFC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E1BFC0 mov eax, dword ptr fs:[00000030h]	4_2_36E1BFC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E33FC0 mov eax, dword ptr fs:[00000030h]	4_2_36E33FC0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFEC mov eax, dword ptr fs:[00000030h]	4_2_36D9BFEC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFEC mov eax, dword ptr fs:[00000030h]	4_2_36D9BFEC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFEC mov eax, dword ptr fs:[00000030h]	4_2_36D9BFEC
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov ecx, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D71F92 mov eax, dword ptr fs:[00000030h]	4_2_36D71F92
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D5FF90 mov edi, dword ptr fs:[00000030h]	4_2_36D5FF90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36DA1FB8 mov eax, dword ptr fs:[00000030h]	4_2_36DA1FB8
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36D9BFB0 mov eax, dword ptr fs:[00000030h]	4_2_36D9BFB0
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E03F90 mov eax, dword ptr fs:[00000030h]	4_2_36E03F90
Source: C:\Users\user\Desktop\3507071243740008011.exe	Code function: 4_2_36E03F90 mov eax, dword ptr fs:[00000030h]	4_2_36E03F90

Source: C:\Users\user\Desktop\3507071243740008011.exe

0_2_00403373

ID:	1538168
Product:	CloudBasic
Start time:	17:48:09
Start date:	20.10.2024
Sample:	3507071243740008011.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	300ffb3fd65eb4a84a14802828f91e38
SHA1:	937574595a8e68f7a77b95a7f99b530007f9fc5c
SHA256:	24beefbe74ccf89b245d50c7279c83803186566d4be4f89f875e203ec2f4edf9
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\nsaD5CD.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	9625D5B1754BC4FF29281D415D27A0FD	80E85AFC5CCCD4C0A3775EDBB90595A1A59F5CE0	C2F405D7402F815D0C3FADD9A50F0BBBB1BAB9AA38FE347823478A2587299448
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\Itchreed.Cur	data	E8245DB6B6E54F7C0D63D57E8EFAF894	1F00810AEF27A4018360E9104B1E58F75E713E28	70758486A5D02D9F560081520A6484D24AC0100BA38A66980CA6D618CE3DF224
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\Strobilation.Tru	data	87AC38D040E1207012CF6AD9A83C6530	59E5A1243DCB479A5F3361E38F62D3DE6BBF4C55	A5FE6A3AC0371EE8D3D089C3A69A68B25EBBB5F7362C469DF3EACBD2F627CB60
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\img-1.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 999x605, components 3	8C0739994C90303B65A05C6909A53B62	E43239AF385F8DED6EA2098D2A71A2AC9519E32B	7E1835782673A877C8A4FF9A4E9E88A23D8FA54077B6E7E1D70FBDE5F3A9D66B
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\nannie.tek	data	562A26D4A57C23D2AE8BD4DECE37E771	A9830E759E670EB8D4EFC5320A112E44ECB389BA	EDF2898EFF5E72AA11993272EB941C1CD992BB6243E4D2F5940BD88EDF9117CD
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\nonpendency.age	data	511E6E568EBCF13D5098054630C627AA	1B5AFC7023C138219737E23B00121C359BF8443F	204A44F0D3C3B63E36B3A4865C029552CCD8AC1EAD3507456BEC7886D724BA54
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\rimsmeds.txt	ASCII text, with CRLF line terminators	5D2F45598C5DAD8A461CECDA82CA550E	D594FFDAE11463E5E35170D27C611182F16E038C	65D3114548018688712A3B735E3B9BA63C2261A5DA9B6505D43378DE5E351B87
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\skreddene.spo	data	4ECFFF116FE03C56DAD5B0EAE0279D00	18525703697F059B03F7A1F093317E62BAD43004	593BF06B816C8CACBA83C6CCECD0C3F0F164C4D9CC7F9B4EA7BF2EA2F0CD7906

Windows Analysis Report
3507071243740008011.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report 3507071243740008011.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
3507071243740008011.exe

Malware Threat Intel
Provided by