Windows Analysis Report
16770075581.zip

Overview

General Information

Sample name:	16770075581.zip
Analysis ID:	1431511
MD5:	0531a38f0874c57a473f615b1608609e
SHA1:	2f70912946681142433683d58e0db1d3eba27e75
SHA256:	6b796b7bd4247c7c56976940fae8292cb633a1924ea940c5cd973fe8db4fb1ae
Infos:

Detection

AgentTesla, PureLog Stealer

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Yara detected AgentTesla

Yara detected PureLog Stealer

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Suspicious Outbound SMTP Connections

Uses SMTP (mail sending)

Yara detected Credential Stealer

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Signatures

AV Detection

Multi AV Scanner detection for domain / URL

Source: confirmyourinfo.com

Virustotal: Detection: 10%

Perma Link

Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49729 version: TLS 1.2

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.17:49725 -> 148.251.133.229:587

May check the online IP address of the machine

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Uses SMTP (mail sending)

Source: global traffic

TCP traffic: 192.168.2.17:49725 -> 148.251.133.229:587

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: confirmyourinfo.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: mail.seatech.co.ke

Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49729 version: TLS 1.2

Source: classification engine

Classification label: mal88.troj.spyw.evad.winZIP@7/0@3/19

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: unknown	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dpapi.dll

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0000000F.00000002.1854317165.0000000006320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2060893027.0000000007431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2060893027.00000000074D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2AE0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2C10000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 4C10000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 6C80000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 6470000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2B90000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2D60000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2BB0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 1A70000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 34C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 33D0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 73E0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 6BD0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: E20000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2810000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2620000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Window / User API: threadDelayed 9862
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Window / User API: threadDelayed 7780

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 4144	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1740	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99888s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6196	Thread sleep count: 9862 > 30
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99776s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99664s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99552s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99424s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99281s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99169s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99057s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98945s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98833s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98705s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98577s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98465s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98353s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98241s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98130s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98002s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97874s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97763s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97651s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97539s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97427s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97299s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97171s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97060s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96948s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96836s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96724s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96596s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96468s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96356s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96244s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96132s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96020s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95892s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95764s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95652s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95540s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95428s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95300s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95173s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95029s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94917s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94805s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94694s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94582s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94455s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94327s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94216s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6564	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 3964	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -200000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99872s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 2028	Thread sleep count: 7780 > 30
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99760s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99648s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99536s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99409s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99282s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99170s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99058s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98946s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98834s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98706s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98562s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98450s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98338s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98226s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98114s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97986s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97858s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97746s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97635s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97524s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97412s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97284s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97156s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97044s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96932s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96820s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96708s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96580s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96452s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99888s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99776s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99664s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99553s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99426s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99314s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99186s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99074s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98962s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98850s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98738s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98626s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98498s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98386s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98274s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98162s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98034s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97922s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99888
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99776
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99664
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99552
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99424
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99281
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99169
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99057
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98945
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98833
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98705
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98577
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98465
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98353
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98241
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98130
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98002
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97874
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97763
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97651
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97539
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97427
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97299
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97171
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97060
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96948
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96836
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96724
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96596
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96468
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96356
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96244
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96132
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96020
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95892
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95764
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95652
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95540
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95428
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95300
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95173
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95029
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94917
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94805
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94694
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94582
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94455
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94327
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94216
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99872
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99760
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99648
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99536
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99409
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99282
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99170
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99058
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98946
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98834
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98706
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98562
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98450
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98338
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98226
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98114
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97986
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97858
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97746
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97635
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97524
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97412
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97284
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97156
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97044
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96932
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96820
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96708
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96580
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96452
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99888
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99776
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99664
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99553
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99426
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99314
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99186
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99074
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98962
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98850
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98738
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98626
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98498
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98386
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98274
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98162
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98034
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97922

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Memory allocated: page read and write | page guard

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 0000000F.00000002.1841875926.0000000004A6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2037601987.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000037D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.00000000028A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.000000000288B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0000000F.00000002.1841875926.00000000046FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1849874481.0000000005E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1841875926.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

File opened: C:\FTP Navigator\Ftplist.txt

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini

Yara detected Credential Stealer

Source: Yara match	File source: 0000000F.00000002.1841875926.0000000004A6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2037601987.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000037D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 0000000F.00000002.1841875926.0000000004A6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2037601987.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000037D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.00000000028A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.000000000288B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0000000F.00000002.1841875926.00000000046FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1849874481.0000000005E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1841875926.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
142.202.136.11	confirmyourinfo.com	Reserved	52284	PanamaservercomPA	true
148.251.133.229	seatech.co.ke	Germany	24940	HETZNER-ASDE	false

Contacted Domains

Name	IP	Active
seatech.co.ke	148.251.133.229	true
confirmyourinfo.com	142.202.136.11	true
api.ipify.org	104.26.12.205	true
mail.seatech.co.ke	unknown	unknown

AV Detection

Multi AV Scanner detection for domain / URL

Source: confirmyourinfo.com

Virustotal: Detection: 10%

Perma Link

Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49729 version: TLS 1.2

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.17:49725 -> 148.251.133.229:587

May check the online IP address of the machine

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Uses SMTP (mail sending)

Source: global traffic

TCP traffic: 192.168.2.17:49725 -> 148.251.133.229:587

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: confirmyourinfo.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: mail.seatech.co.ke

Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.202.136.11:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.17:49729 version: TLS 1.2

Source: classification engine

Classification label: mal88.troj.spyw.evad.winZIP@7/0@3/19

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: unknown	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: amsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Section loaded: dpapi.dll

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0000000F.00000002.1854317165.0000000006320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002E39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2060893027.0000000007431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2060893027.00000000074D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2AE0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2C10000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 4C10000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 6C80000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 6470000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2B90000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2D60000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2BB0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 1A70000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 34C0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 33D0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 73E0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 6BD0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: E20000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2810000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Memory allocated: 2620000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Window / User API: threadDelayed 9862
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Window / User API: threadDelayed 7780

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 4144	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1740	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99888s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6196	Thread sleep count: 9862 > 30
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99776s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99664s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99552s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99424s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99281s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99169s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -99057s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98945s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98833s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98705s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98577s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98465s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98353s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98241s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98130s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -98002s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97874s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97763s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97651s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97539s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97427s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97299s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97171s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -97060s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96948s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96836s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96724s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96596s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96468s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96356s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96244s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96132s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -96020s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95892s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95764s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95652s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95540s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95428s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95300s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95173s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -95029s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94917s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94805s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94694s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94582s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94455s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94327s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6204	Thread sleep time: -94216s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 6564	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 3964	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -200000s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99872s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 2028	Thread sleep count: 7780 > 30
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99760s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99648s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99536s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99409s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99282s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99170s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99058s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98946s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98834s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98706s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98562s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98450s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98338s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98226s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98114s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97986s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97858s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97746s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97635s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97524s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97412s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97284s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97156s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97044s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96932s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96820s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96708s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96580s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -96452s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99888s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99776s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99664s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99553s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99426s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99314s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99186s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -99074s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98962s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98850s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98738s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98626s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98498s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98386s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98274s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98162s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -98034s >= -30000s
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe TID: 1044	Thread sleep time: -97922s >= -30000s

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99888
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99776
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99664
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99552
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99424
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99281
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99169
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99057
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98945
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98833
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98705
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98577
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98465
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98353
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98241
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98130
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98002
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97874
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97763
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97651
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97539
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97427
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97299
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97171
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97060
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96948
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96836
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96724
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96596
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96468
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96356
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96244
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96132
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96020
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95892
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95764
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95652
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95540
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95428
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95300
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95173
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 95029
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94917
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94805
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94694
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94582
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94455
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94327
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 94216
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99872
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99760
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99648
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99536
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99409
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99282
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99170
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99058
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98946
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98834
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98706
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98562
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98450
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98338
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98226
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98114
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97986
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97858
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97746
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97635
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97524
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97412
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97284
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97156
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97044
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96932
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96820
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96708
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96580
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 96452
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99888
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99776
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99664
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99553
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99426
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99314
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99186
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 99074
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98962
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98850
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98738
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98626
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98498
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98386
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98274
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98162
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 98034
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Thread delayed: delay time: 97922

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Memory allocated: page read and write | page guard

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Process created: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe "C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe"

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 0000000F.00000002.1841875926.0000000004A6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2037601987.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000037D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.00000000028A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.000000000288B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0000000F.00000002.1841875926.00000000046FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1849874481.0000000005E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1841875926.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe

File opened: C:\FTP Navigator\Ftplist.txt

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\Desktop\a0611257eaad7ff0528e4305d35a8929fc4cf268b0d7201e417ce0458040a9fa.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini

Yara detected Credential Stealer

Source: Yara match	File source: 0000000F.00000002.1841875926.0000000004A6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2037601987.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000037D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 0000000F.00000002.1841875926.0000000004A6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1855204335.0000000006C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1839140970.0000000002F2B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DDB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2037601987.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2040197303.00000000037D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2041946472.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.00000000028A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.000000000288B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2439032914.0000000002861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0000000F.00000002.1841875926.00000000046FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1849874481.0000000005E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.1841875926.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

ID:	1431511
Product:	CloudBasic
Start time:	11:17:54
Start date:	25.04.2024
Sample:	16770075581.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	0531a38f0874c57a473f615b1608609e
SHA1:	2f70912946681142433683d58e0db1d3eba27e75
SHA256:	6b796b7bd4247c7c56976940fae8292cb633a1924ea940c5cd973fe8db4fb1ae
Filetype:	ZIP compressed archive (8000/1) 99.91%

Windows Analysis Report
16770075581.zip

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report 16770075581.zip

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
16770075581.zip

Malware Threat Intel
Provided by