Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Analysis ID: 1465503
MD5: 1bf19b9cf38e2316c53af9ecfdf2142b
SHA1: 1fcae3591288df36927b66fcb3422e14ba12b234
SHA256: a2f6bbeb5c2756cfd0a71196e98f0b4f71e58101b3e39342015aad98d70d0f31
Tags: exe
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe ReversingLabs: Detection: 28%
Yara detected FormBook
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.2026512273.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000004.00000002.2027035047.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000004.00000002.2027035047.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1787571267.0000000002F31000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.8.dr String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe String found in binary or memory: http://www.opcom.ro/rapoarte/export_csv_raportPIPsiVolumTranzactionat_PI.php?zi=
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe String found in binary or memory: http://www.opcom.ro/rapoarte/export_xml_PIPsiVolTranPI.php?zi=
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1799217462.0000000006FB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.2026512273.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.2026512273.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0042B313 NtClose, 4_2_0042B313
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040A7CF NtReadFile, 4_2_0040A7CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040A7ED NtReadFile, 4_2_0040A7ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042DF0 NtQuerySystemInformation,LdrInitializeThunk, 4_2_01042DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01044340 NtSetContextThread, 4_2_01044340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01044650 NtSuspendThread, 4_2_01044650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042B60 NtClose, 4_2_01042B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042B80 NtQueryInformationFile, 4_2_01042B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042BA0 NtEnumerateValueKey, 4_2_01042BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042BE0 NtQueryValueKey, 4_2_01042BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042BF0 NtAllocateVirtualMemory, 4_2_01042BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042AB0 NtWaitForSingleObject, 4_2_01042AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042AD0 NtReadFile, 4_2_01042AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042AF0 NtWriteFile, 4_2_01042AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042D00 NtSetInformationFile, 4_2_01042D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042D10 NtMapViewOfSection, 4_2_01042D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042D30 NtUnmapViewOfSection, 4_2_01042D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042DB0 NtEnumerateKey, 4_2_01042DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042DD0 NtDelayExecution, 4_2_01042DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042C00 NtQueryInformationProcess, 4_2_01042C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042C60 NtCreateKey, 4_2_01042C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042C70 NtFreeVirtualMemory, 4_2_01042C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042CA0 NtQueryInformationToken, 4_2_01042CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042CC0 NtQueryVirtualMemory, 4_2_01042CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042CF0 NtOpenProcess, 4_2_01042CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042F30 NtCreateSection, 4_2_01042F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042F60 NtCreateProcessEx, 4_2_01042F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042F90 NtProtectVirtualMemory, 4_2_01042F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042FA0 NtQuerySection, 4_2_01042FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042FB0 NtResumeThread, 4_2_01042FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042FE0 NtCreateFile, 4_2_01042FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042E30 NtWriteVirtualMemory, 4_2_01042E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042E80 NtReadVirtualMemory, 4_2_01042E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042EA0 NtAdjustPrivilegesToken, 4_2_01042EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042EE0 NtQueueApcThread, 4_2_01042EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01043010 NtOpenDirectoryObject, 4_2_01043010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01043090 NtSetValueKey, 4_2_01043090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010435C0 NtCreateMutant, 4_2_010435C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010439B0 NtGetContextThread, 4_2_010439B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01043D10 NtOpenProcessToken, 4_2_01043D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01043D70 NtOpenThread, 4_2_01043D70
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 0_2_02C749BB 0_2_02C749BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 0_2_02C70040 0_2_02C70040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 0_2_02C70007 0_2_02C70007
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 0_2_02C76978 0_2_02C76978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040E043 4_2_0040E043
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00403067 4_2_00403067
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004010F0 4_2_004010F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004030B0 4_2_004030B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004012A0 4_2_004012A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00402540 4_2_00402540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040FD9A 4_2_0040FD9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040FDA3 4_2_0040FDA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00416753 4_2_00416753
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0042D773 4_2_0042D773
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040FFC3 4_2_0040FFC3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000100 4_2_01000100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AA118 4_2_010AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01098158 4_2_01098158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D01AA 4_2_010D01AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C41A2 4_2_010C41A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C81CC 4_2_010C81CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CA352 4_2_010CA352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D03E6 4_2_010D03E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E3F0 4_2_0101E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010902C0 4_2_010902C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D0591 4_2_010D0591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B4420 4_2_010B4420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C2446 4_2_010C2446
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BE4F6 4_2_010BE4F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01034750 4_2_01034750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100C7C0 4_2_0100C7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102C6E0 4_2_0102C6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF68B8 4_2_00FF68B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01026962 4_2_01026962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010DA9A6 4_2_010DA9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101A840 4_2_0101A840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01012840 4_2_01012840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E8F0 4_2_0103E8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CAB40 4_2_010CAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C6BD7 4_2_010C6BD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101AD00 4_2_0101AD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010ACD1F 4_2_010ACD1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01028DBF 4_2_01028DBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100ADE0 4_2_0100ADE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010C00 4_2_01010C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0CB5 4_2_010B0CB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000CF2 4_2_01000CF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01052F28 4_2_01052F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01030F30 4_2_01030F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B2F30 4_2_010B2F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01084F40 4_2_01084F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108EFA0 4_2_0108EFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01002FC8 4_2_01002FC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CEE26 4_2_010CEE26
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010E59 4_2_01010E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022E90 4_2_01022E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CCE93 4_2_010CCE93
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CEEDB 4_2_010CEEDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010DB16B 4_2_010DB16B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104516C 4_2_0104516C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101B1B0 4_2_0101B1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFF172 4_2_00FFF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010170C0 4_2_010170C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BF0CC 4_2_010BF0CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C70E9 4_2_010C70E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CF0E0 4_2_010CF0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C132D 4_2_010C132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0105739A 4_2_0105739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010152A0 4_2_010152A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFD34C 4_2_00FFD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102B2C0 4_2_0102B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B12ED 4_2_010B12ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C7571 4_2_010C7571
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AD5B0 4_2_010AD5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D95C3 4_2_010D95C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CF43F 4_2_010CF43F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01001460 4_2_01001460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CF7B0 4_2_010CF7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01055630 4_2_01055630
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C16CC 4_2_010C16CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A5910 4_2_010A5910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01019950 4_2_01019950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102B950 4_2_0102B950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107D800 4_2_0107D800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010138E0 4_2_010138E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CFB76 4_2_010CFB76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102FB80 4_2_0102FB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01085BF0 4_2_01085BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104DBF9 4_2_0104DBF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CFA49 4_2_010CFA49
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C7A46 4_2_010C7A46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01083A6C 4_2_01083A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01055AA0 4_2_01055AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010ADAAC 4_2_010ADAAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B1AA3 4_2_010B1AA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BDAC6 4_2_010BDAC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01013D40 4_2_01013D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C1D5A 4_2_010C1D5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C7D73 4_2_010C7D73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102FDC0 4_2_0102FDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01089C32 4_2_01089C32
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CFCF2 4_2_010CFCF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CFF09 4_2_010CFF09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01011F92 4_2_01011F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CFFB1 4_2_010CFFB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FD3FD5 4_2_00FD3FD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FD3FD2 4_2_00FD3FD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01019EB0 4_2_01019EB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: String function: 01045130 appears 58 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: String function: 0108F290 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: String function: 00FFB970 appears 265 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: String function: 0107EA12 appears 86 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: String function: 01057E54 appears 108 times
One or more processes crash
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 196
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1810235337.0000000007E28000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePowerShell.EXEj% vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1786338803.00000000010EE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000000.1766836867.0000000000A08000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameQxkB.exe, vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1800962300.0000000007740000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1787571267.0000000002F81000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameRT.dll. vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1789720390.000000000410E000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000000.00000002.1810824811.0000000007F00000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameRT.dll. vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000004.00000002.2027035047.00000000010FD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Binary or memory string: OriginalFilenameQxkB.exe, vs SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.2026512273.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, z4LpfGv01ne7UPQfiZ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, z4LpfGv01ne7UPQfiZ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, YYbExWCfH0l9s2xqMN.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, z4LpfGv01ne7UPQfiZ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.30f46e8.0.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.73a0000.7.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.31158b8.1.raw.unpack, ReactionVessel.cs Suspicious method names: .ReactionVessel.Inject
Source: classification engine Classification label: mal100.troj.evad.winEXE@8/11@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.log Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6724:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7092
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1cv3okj0.b1b.ps1 Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe ReversingLabs: Detection: 28%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 196
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: microsoft.management.infrastructure.native.unmanaged.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wmidcom.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: fastprox.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: ncobjapi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mpclient.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wmitomi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000004.00000002.2027035047.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, 00000004.00000002.2027035047.0000000000FD0000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe, OptionsWindow.cs .Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, YYbExWCfH0l9s2xqMN.cs .Net Code: NOmpDKKDCJ System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, YYbExWCfH0l9s2xqMN.cs .Net Code: NOmpDKKDCJ System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, YYbExWCfH0l9s2xqMN.cs .Net Code: NOmpDKKDCJ System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00401898 push ebp; ret 4_2_0040189E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004018A5 push esi; ret 4_2_004018A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004018AF push edi; ret 4_2_004018B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040D1F8 pushad ; retf 4_2_0040D1BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0040D188 pushad ; retf 4_2_0040D1BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0041428B push 56DD2A11h; retf 4_2_00414290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00403360 push eax; ret 4_2_00403362
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00413B98 push edx; iretd 4_2_00413BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004164ED push edi; ret 4_2_004164FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004164F3 push edi; ret 4_2_004164FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00406CF7 pushad ; retf 4_2_00406D01
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00407549 pushfd ; iretd 4_2_0040754A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004185DD pushad ; ret 4_2_004185E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_004165F0 push es; iretd 4_2_004165FC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00404E73 pushad ; retf 4_2_00404E75
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00418701 push edi; ret 4_2_0041870C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00418703 push edi; ret 4_2_0041870C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00401734 push cs; iretd 4_2_00401735
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FD225F pushad ; ret 4_2_00FD27F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FD27FA pushad ; ret 4_2_00FD27F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010009AD push ecx; mov dword ptr [esp], ecx 4_2_010009B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FD283D push eax; iretd 4_2_00FD2858
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FD1368 push eax; iretd 4_2_00FD1369
Source: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Static PE information: section name: .text entropy: 7.968605701945629
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, XHy2YHxYFy24G9efMi.cs High entropy of concatenated method names: 'xAdOBjWEQf', 'DjGObeq7aB', 'DgFO9fDKEP', 'oMnOUMn6of', 'KDNOmgM1oW', 'pfH9GQWxHl', 'u4M90gIvjc', 'fAo9yPqNuy', 'qCw9K8HSy8', 'XpG9FbCn3V'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, HG7aVPjV0Xm5cb5HsE.cs High entropy of concatenated method names: 'NXAejqyAda', 'reneWxh1jK', 'cc0eppsCN3', 'L59eTkdA7W', 'AHtebcVQCN', 'nxse9EshRP', 'OMfeOf6rfu', 'ar0ZyoKQSw', 'IkoZKiZswZ', 'dv7ZFJYYSQ'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, UuH2s48SCWJNtdlBDd.cs High entropy of concatenated method names: 'VYHVxiibqB', 'BCHVrQesBD', 'A0WVXK7RFM', 'PbRVi7JTkv', 'qd9Vq2Mwxo', 'eQKV6tsXX2', 'PKEVw4mh0o', 'FdsVZpySBn', 'kAZVexuRdi', 'TouVoOCVMS'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, z4LpfGv01ne7UPQfiZ.cs High entropy of concatenated method names: 'a3YbQXLgxw', 'oLybSlBow7', 'D5mbsHg0lq', 'x2gbgcW3ox', 'OIlbGg4QYy', 'y8Gb0ml0Hb', 'Jhobylv1om', 'OafbKmZVhg', 'EBPbFmec0b', 'vWnbILm4p9'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, c9x0sbzteSxca5gh7D.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T9deM7ALKp', 'YY1eqtQUdj', 'PuMe6TNliW', 'eEFewcq1x6', 'ANgeZw5VGM', 'QiaeegxpW4', 'TP5eoEgUAl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, mRKblgOsAnWsdNmVw6R.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'piBoQt1Dgq', 'MdCoS3MTLi', 'PFaosBFjXd', 'sHxogW7LgK', 'FNcoGlhorJ', 'bIKo0ObT5a', 'ul0oyumqJR'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, MY4KpsIamSgHxeAJnH.cs High entropy of concatenated method names: 'Qa3jUySfP9', 'wCDjmHU7YG', 'JE8jf0avAd', 'tlejabO7jM', 'a4tjqiy4Qm', 'fDtj6WxI2K', 'k1TRAUGGd2NpGs9a62', 'L1EqBeXUVYRn6WxWKt', 'AGyjj1dkGR', 'wE4jWd37OK'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, wZstEDOOdO8UStShk9K.cs High entropy of concatenated method names: 'ToString', 'Rm3oW8L5UJ', 'dv7opPvxwC', 'BKXoB2o3si', 'auUoTqxQ5D', 't4Iob3vMmK', 'C16oVuZZKi', 'uDyo9nichX', 'eWyfyLk8Jd2obMaibEl', 'BL3rQEkYSASUksrauWf'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, VvEVcgOJbUS9KqyvNFG.cs High entropy of concatenated method names: 'mhjeRoAfAN', 'G02e4REZTV', 'FSEeDQ4q8f', 'LAmexpWcO6', 'wUReLhtt04', 'AOxerkiTIN', 'H0leHaIgPU', 'nHGeXiRrF5', 'k1geiZkvG0', 'iHUedV3rIX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, BqkP0k5ZX0aNudYmmI.cs High entropy of concatenated method names: 'RtmqJ3uRAO', 'MxxqA0pLws', 'x8LqQcT9mw', 'xE5qSINixH', 'to7qks9d9n', 'bLtq2wenpO', 'VnOqPp85Hx', 'EQgqYlyN7E', 'dUOqhWNc6y', 'rZTqvdVM5T'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, YYbExWCfH0l9s2xqMN.cs High entropy of concatenated method names: 'H0cWBdvuuO', 'hj5WTm6ahE', 'FBEWbLfHV8', 'HmJWVA3JLr', 'bL8W9cS6GJ', 'JOaWOmWSH8', 'dw5WUDUidf', 'I4HWmiH1eR', 'SfRWlhJHyH', 'x4PWflcjUa'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, MwdYqBQb52Up6ZsPIH.cs High entropy of concatenated method names: 'R4o9LBIgdk', 'D3Z9HmPOg9', 'uJFV2Ewt3E', 'tBkVP1wx8G', 'x0oVY4Asoe', 'SDSVh3nYMU', 'DryVvL8NGj', 'iuoVErxgpQ', 'SC1VtSHjVW', 'wnlVJ5y5DT'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, K8DvWO0OQ0y0P2HYYP.cs High entropy of concatenated method names: 'WCRDFyV5i', 'b00xNKIqj', 'HPArcxWQu', 'EsiHQfkVA', 'm3MiKb2al', 'P4nd7Sjnf', 'FZI1BIiunDI5WHZHSD', 'AX1DWQJby4SDJa1C0f', 'UPOZPBeuv', 's5doqMJdU'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, D4xcGkbLla45hKFYJW.cs High entropy of concatenated method names: 'GQxUR2OqsH', 'Tw6U4Z7KiY', 'JbDUD59yQO', 'cY7Uxi9jvr', 'nbSULNVMIQ', 'McDUrvPYHe', 'NuXUH7S5be', 'tfgUXgTxuV', 'eOEUilFxv1', 'xbTUdDK6qF'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, HxDMCrXANoRhtpQhBW.cs High entropy of concatenated method names: 'ejyZTTNqaP', 'RpXZbwPIni', 'qReZVpcsjj', 'KqKZ9EdB5i', 'FDEZOCwcqG', 'UjPZUlS4kM', 'eqjZmLOAN9', 'T4kZlK0Jk4', 'M2FZflq9Ye', 'wArZaLr05a'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, IeUPqcO0nZapYk52TTu.cs High entropy of concatenated method names: 'qhZoRcKfHO', 'eeVo479tjL', 'u3JoDy7mV4', 'zUtR7MkzGT34Y9N90Zk', 'hxdwqpUyh0umHb05kjn', 'V1ixAHUqUignrTgC59G', 'LFEtJCUfO9PR2GTQ6bX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, SsMTLe7AVnYmeASBrl.cs High entropy of concatenated method names: 'vp6UTgMEe0', 'i3ZUVLHbeT', 'sEUUOWHJr5', 'v2XOIx5XMG', 'OwgOznESdQ', 'E7XUc11cbf', 'zBfUj2vhYt', 'Vj0UuAdc1l', 'mDIUWoNXbs', 'X1YUpnK3mp'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, PxjwFjHAKrLliCyxoA.cs High entropy of concatenated method names: 'Dispose', 'BqFjFJl0B6', 'CGpukGbtjd', 'yV988Gti4L', 'JPljIyDkOg', 'k1Zjzg4fiA', 'ProcessDialogKey', 'ck5uc7njui', 'q7mujyFePO', 'z35uu0LHEl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, agkHnU2eDnE8C5Pykt.cs High entropy of concatenated method names: 'IH5ZNw2Vsg', 'WChZkQKa6v', 'OJVZ2jStQI', 'rAkZPPECYQ', 'sf6ZQntUjE', 'fpvZY4Kf6L', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, IN7jgBLcbwBerHgPAZ.cs High entropy of concatenated method names: 'vPkwKRQfcY', 'wqXwIX6xw4', 'OUgZcYHRlj', 'lsDZjIoyQ3', 'W2kwnJuinT', 'LlBwAOZS3v', 'W6bw5fp7in', 'NBFwQpZqQT', 'bj1wSnMkvn', 'zsJwso5BdV'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.42b0cc0.6.raw.unpack, Iuy6ipwaqnEwp9u50e.cs High entropy of concatenated method names: 'BBwMX0I5BJ', 'dfwMiB6jpT', 'WbbMNBUeeP', 'gGZMkVJNP0', 'hM8MPQ5FOm', 'SHqMYUtALJ', 'sXJMvVv2a9', 'midME7wleJ', 'AdgMJg7bnu', 'PsIMnfyFyl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, XHy2YHxYFy24G9efMi.cs High entropy of concatenated method names: 'xAdOBjWEQf', 'DjGObeq7aB', 'DgFO9fDKEP', 'oMnOUMn6of', 'KDNOmgM1oW', 'pfH9GQWxHl', 'u4M90gIvjc', 'fAo9yPqNuy', 'qCw9K8HSy8', 'XpG9FbCn3V'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, HG7aVPjV0Xm5cb5HsE.cs High entropy of concatenated method names: 'NXAejqyAda', 'reneWxh1jK', 'cc0eppsCN3', 'L59eTkdA7W', 'AHtebcVQCN', 'nxse9EshRP', 'OMfeOf6rfu', 'ar0ZyoKQSw', 'IkoZKiZswZ', 'dv7ZFJYYSQ'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, UuH2s48SCWJNtdlBDd.cs High entropy of concatenated method names: 'VYHVxiibqB', 'BCHVrQesBD', 'A0WVXK7RFM', 'PbRVi7JTkv', 'qd9Vq2Mwxo', 'eQKV6tsXX2', 'PKEVw4mh0o', 'FdsVZpySBn', 'kAZVexuRdi', 'TouVoOCVMS'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, z4LpfGv01ne7UPQfiZ.cs High entropy of concatenated method names: 'a3YbQXLgxw', 'oLybSlBow7', 'D5mbsHg0lq', 'x2gbgcW3ox', 'OIlbGg4QYy', 'y8Gb0ml0Hb', 'Jhobylv1om', 'OafbKmZVhg', 'EBPbFmec0b', 'vWnbILm4p9'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, c9x0sbzteSxca5gh7D.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T9deM7ALKp', 'YY1eqtQUdj', 'PuMe6TNliW', 'eEFewcq1x6', 'ANgeZw5VGM', 'QiaeegxpW4', 'TP5eoEgUAl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, mRKblgOsAnWsdNmVw6R.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'piBoQt1Dgq', 'MdCoS3MTLi', 'PFaosBFjXd', 'sHxogW7LgK', 'FNcoGlhorJ', 'bIKo0ObT5a', 'ul0oyumqJR'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, MY4KpsIamSgHxeAJnH.cs High entropy of concatenated method names: 'Qa3jUySfP9', 'wCDjmHU7YG', 'JE8jf0avAd', 'tlejabO7jM', 'a4tjqiy4Qm', 'fDtj6WxI2K', 'k1TRAUGGd2NpGs9a62', 'L1EqBeXUVYRn6WxWKt', 'AGyjj1dkGR', 'wE4jWd37OK'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, wZstEDOOdO8UStShk9K.cs High entropy of concatenated method names: 'ToString', 'Rm3oW8L5UJ', 'dv7opPvxwC', 'BKXoB2o3si', 'auUoTqxQ5D', 't4Iob3vMmK', 'C16oVuZZKi', 'uDyo9nichX', 'eWyfyLk8Jd2obMaibEl', 'BL3rQEkYSASUksrauWf'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, VvEVcgOJbUS9KqyvNFG.cs High entropy of concatenated method names: 'mhjeRoAfAN', 'G02e4REZTV', 'FSEeDQ4q8f', 'LAmexpWcO6', 'wUReLhtt04', 'AOxerkiTIN', 'H0leHaIgPU', 'nHGeXiRrF5', 'k1geiZkvG0', 'iHUedV3rIX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, BqkP0k5ZX0aNudYmmI.cs High entropy of concatenated method names: 'RtmqJ3uRAO', 'MxxqA0pLws', 'x8LqQcT9mw', 'xE5qSINixH', 'to7qks9d9n', 'bLtq2wenpO', 'VnOqPp85Hx', 'EQgqYlyN7E', 'dUOqhWNc6y', 'rZTqvdVM5T'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, YYbExWCfH0l9s2xqMN.cs High entropy of concatenated method names: 'H0cWBdvuuO', 'hj5WTm6ahE', 'FBEWbLfHV8', 'HmJWVA3JLr', 'bL8W9cS6GJ', 'JOaWOmWSH8', 'dw5WUDUidf', 'I4HWmiH1eR', 'SfRWlhJHyH', 'x4PWflcjUa'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, MwdYqBQb52Up6ZsPIH.cs High entropy of concatenated method names: 'R4o9LBIgdk', 'D3Z9HmPOg9', 'uJFV2Ewt3E', 'tBkVP1wx8G', 'x0oVY4Asoe', 'SDSVh3nYMU', 'DryVvL8NGj', 'iuoVErxgpQ', 'SC1VtSHjVW', 'wnlVJ5y5DT'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, K8DvWO0OQ0y0P2HYYP.cs High entropy of concatenated method names: 'WCRDFyV5i', 'b00xNKIqj', 'HPArcxWQu', 'EsiHQfkVA', 'm3MiKb2al', 'P4nd7Sjnf', 'FZI1BIiunDI5WHZHSD', 'AX1DWQJby4SDJa1C0f', 'UPOZPBeuv', 's5doqMJdU'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, D4xcGkbLla45hKFYJW.cs High entropy of concatenated method names: 'GQxUR2OqsH', 'Tw6U4Z7KiY', 'JbDUD59yQO', 'cY7Uxi9jvr', 'nbSULNVMIQ', 'McDUrvPYHe', 'NuXUH7S5be', 'tfgUXgTxuV', 'eOEUilFxv1', 'xbTUdDK6qF'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, HxDMCrXANoRhtpQhBW.cs High entropy of concatenated method names: 'ejyZTTNqaP', 'RpXZbwPIni', 'qReZVpcsjj', 'KqKZ9EdB5i', 'FDEZOCwcqG', 'UjPZUlS4kM', 'eqjZmLOAN9', 'T4kZlK0Jk4', 'M2FZflq9Ye', 'wArZaLr05a'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, IeUPqcO0nZapYk52TTu.cs High entropy of concatenated method names: 'qhZoRcKfHO', 'eeVo479tjL', 'u3JoDy7mV4', 'zUtR7MkzGT34Y9N90Zk', 'hxdwqpUyh0umHb05kjn', 'V1ixAHUqUignrTgC59G', 'LFEtJCUfO9PR2GTQ6bX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, SsMTLe7AVnYmeASBrl.cs High entropy of concatenated method names: 'vp6UTgMEe0', 'i3ZUVLHbeT', 'sEUUOWHJr5', 'v2XOIx5XMG', 'OwgOznESdQ', 'E7XUc11cbf', 'zBfUj2vhYt', 'Vj0UuAdc1l', 'mDIUWoNXbs', 'X1YUpnK3mp'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, PxjwFjHAKrLliCyxoA.cs High entropy of concatenated method names: 'Dispose', 'BqFjFJl0B6', 'CGpukGbtjd', 'yV988Gti4L', 'JPljIyDkOg', 'k1Zjzg4fiA', 'ProcessDialogKey', 'ck5uc7njui', 'q7mujyFePO', 'z35uu0LHEl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, agkHnU2eDnE8C5Pykt.cs High entropy of concatenated method names: 'IH5ZNw2Vsg', 'WChZkQKa6v', 'OJVZ2jStQI', 'rAkZPPECYQ', 'sf6ZQntUjE', 'fpvZY4Kf6L', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, IN7jgBLcbwBerHgPAZ.cs High entropy of concatenated method names: 'vPkwKRQfcY', 'wqXwIX6xw4', 'OUgZcYHRlj', 'lsDZjIoyQ3', 'W2kwnJuinT', 'LlBwAOZS3v', 'W6bw5fp7in', 'NBFwQpZqQT', 'bj1wSnMkvn', 'zsJwso5BdV'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.7740000.8.raw.unpack, Iuy6ipwaqnEwp9u50e.cs High entropy of concatenated method names: 'BBwMX0I5BJ', 'dfwMiB6jpT', 'WbbMNBUeeP', 'gGZMkVJNP0', 'hM8MPQ5FOm', 'SHqMYUtALJ', 'sXJMvVv2a9', 'midME7wleJ', 'AdgMJg7bnu', 'PsIMnfyFyl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, XHy2YHxYFy24G9efMi.cs High entropy of concatenated method names: 'xAdOBjWEQf', 'DjGObeq7aB', 'DgFO9fDKEP', 'oMnOUMn6of', 'KDNOmgM1oW', 'pfH9GQWxHl', 'u4M90gIvjc', 'fAo9yPqNuy', 'qCw9K8HSy8', 'XpG9FbCn3V'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, HG7aVPjV0Xm5cb5HsE.cs High entropy of concatenated method names: 'NXAejqyAda', 'reneWxh1jK', 'cc0eppsCN3', 'L59eTkdA7W', 'AHtebcVQCN', 'nxse9EshRP', 'OMfeOf6rfu', 'ar0ZyoKQSw', 'IkoZKiZswZ', 'dv7ZFJYYSQ'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, UuH2s48SCWJNtdlBDd.cs High entropy of concatenated method names: 'VYHVxiibqB', 'BCHVrQesBD', 'A0WVXK7RFM', 'PbRVi7JTkv', 'qd9Vq2Mwxo', 'eQKV6tsXX2', 'PKEVw4mh0o', 'FdsVZpySBn', 'kAZVexuRdi', 'TouVoOCVMS'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, z4LpfGv01ne7UPQfiZ.cs High entropy of concatenated method names: 'a3YbQXLgxw', 'oLybSlBow7', 'D5mbsHg0lq', 'x2gbgcW3ox', 'OIlbGg4QYy', 'y8Gb0ml0Hb', 'Jhobylv1om', 'OafbKmZVhg', 'EBPbFmec0b', 'vWnbILm4p9'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, c9x0sbzteSxca5gh7D.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'T9deM7ALKp', 'YY1eqtQUdj', 'PuMe6TNliW', 'eEFewcq1x6', 'ANgeZw5VGM', 'QiaeegxpW4', 'TP5eoEgUAl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, mRKblgOsAnWsdNmVw6R.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'piBoQt1Dgq', 'MdCoS3MTLi', 'PFaosBFjXd', 'sHxogW7LgK', 'FNcoGlhorJ', 'bIKo0ObT5a', 'ul0oyumqJR'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, MY4KpsIamSgHxeAJnH.cs High entropy of concatenated method names: 'Qa3jUySfP9', 'wCDjmHU7YG', 'JE8jf0avAd', 'tlejabO7jM', 'a4tjqiy4Qm', 'fDtj6WxI2K', 'k1TRAUGGd2NpGs9a62', 'L1EqBeXUVYRn6WxWKt', 'AGyjj1dkGR', 'wE4jWd37OK'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, wZstEDOOdO8UStShk9K.cs High entropy of concatenated method names: 'ToString', 'Rm3oW8L5UJ', 'dv7opPvxwC', 'BKXoB2o3si', 'auUoTqxQ5D', 't4Iob3vMmK', 'C16oVuZZKi', 'uDyo9nichX', 'eWyfyLk8Jd2obMaibEl', 'BL3rQEkYSASUksrauWf'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, VvEVcgOJbUS9KqyvNFG.cs High entropy of concatenated method names: 'mhjeRoAfAN', 'G02e4REZTV', 'FSEeDQ4q8f', 'LAmexpWcO6', 'wUReLhtt04', 'AOxerkiTIN', 'H0leHaIgPU', 'nHGeXiRrF5', 'k1geiZkvG0', 'iHUedV3rIX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, BqkP0k5ZX0aNudYmmI.cs High entropy of concatenated method names: 'RtmqJ3uRAO', 'MxxqA0pLws', 'x8LqQcT9mw', 'xE5qSINixH', 'to7qks9d9n', 'bLtq2wenpO', 'VnOqPp85Hx', 'EQgqYlyN7E', 'dUOqhWNc6y', 'rZTqvdVM5T'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, YYbExWCfH0l9s2xqMN.cs High entropy of concatenated method names: 'H0cWBdvuuO', 'hj5WTm6ahE', 'FBEWbLfHV8', 'HmJWVA3JLr', 'bL8W9cS6GJ', 'JOaWOmWSH8', 'dw5WUDUidf', 'I4HWmiH1eR', 'SfRWlhJHyH', 'x4PWflcjUa'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, MwdYqBQb52Up6ZsPIH.cs High entropy of concatenated method names: 'R4o9LBIgdk', 'D3Z9HmPOg9', 'uJFV2Ewt3E', 'tBkVP1wx8G', 'x0oVY4Asoe', 'SDSVh3nYMU', 'DryVvL8NGj', 'iuoVErxgpQ', 'SC1VtSHjVW', 'wnlVJ5y5DT'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, K8DvWO0OQ0y0P2HYYP.cs High entropy of concatenated method names: 'WCRDFyV5i', 'b00xNKIqj', 'HPArcxWQu', 'EsiHQfkVA', 'm3MiKb2al', 'P4nd7Sjnf', 'FZI1BIiunDI5WHZHSD', 'AX1DWQJby4SDJa1C0f', 'UPOZPBeuv', 's5doqMJdU'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, D4xcGkbLla45hKFYJW.cs High entropy of concatenated method names: 'GQxUR2OqsH', 'Tw6U4Z7KiY', 'JbDUD59yQO', 'cY7Uxi9jvr', 'nbSULNVMIQ', 'McDUrvPYHe', 'NuXUH7S5be', 'tfgUXgTxuV', 'eOEUilFxv1', 'xbTUdDK6qF'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, HxDMCrXANoRhtpQhBW.cs High entropy of concatenated method names: 'ejyZTTNqaP', 'RpXZbwPIni', 'qReZVpcsjj', 'KqKZ9EdB5i', 'FDEZOCwcqG', 'UjPZUlS4kM', 'eqjZmLOAN9', 'T4kZlK0Jk4', 'M2FZflq9Ye', 'wArZaLr05a'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, IeUPqcO0nZapYk52TTu.cs High entropy of concatenated method names: 'qhZoRcKfHO', 'eeVo479tjL', 'u3JoDy7mV4', 'zUtR7MkzGT34Y9N90Zk', 'hxdwqpUyh0umHb05kjn', 'V1ixAHUqUignrTgC59G', 'LFEtJCUfO9PR2GTQ6bX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, SsMTLe7AVnYmeASBrl.cs High entropy of concatenated method names: 'vp6UTgMEe0', 'i3ZUVLHbeT', 'sEUUOWHJr5', 'v2XOIx5XMG', 'OwgOznESdQ', 'E7XUc11cbf', 'zBfUj2vhYt', 'Vj0UuAdc1l', 'mDIUWoNXbs', 'X1YUpnK3mp'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, PxjwFjHAKrLliCyxoA.cs High entropy of concatenated method names: 'Dispose', 'BqFjFJl0B6', 'CGpukGbtjd', 'yV988Gti4L', 'JPljIyDkOg', 'k1Zjzg4fiA', 'ProcessDialogKey', 'ck5uc7njui', 'q7mujyFePO', 'z35uu0LHEl'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, agkHnU2eDnE8C5Pykt.cs High entropy of concatenated method names: 'IH5ZNw2Vsg', 'WChZkQKa6v', 'OJVZ2jStQI', 'rAkZPPECYQ', 'sf6ZQntUjE', 'fpvZY4Kf6L', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, IN7jgBLcbwBerHgPAZ.cs High entropy of concatenated method names: 'vPkwKRQfcY', 'wqXwIX6xw4', 'OUgZcYHRlj', 'lsDZjIoyQ3', 'W2kwnJuinT', 'LlBwAOZS3v', 'W6bw5fp7in', 'NBFwQpZqQT', 'bj1wSnMkvn', 'zsJwso5BdV'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.4334ce0.5.raw.unpack, Iuy6ipwaqnEwp9u50e.cs High entropy of concatenated method names: 'BBwMX0I5BJ', 'dfwMiB6jpT', 'WbbMNBUeeP', 'gGZMkVJNP0', 'hM8MPQ5FOm', 'SHqMYUtALJ', 'sXJMvVv2a9', 'midME7wleJ', 'AdgMJg7bnu', 'PsIMnfyFyl'

Hooking and other Techniques for Hiding and Protection
barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe PID: 6580, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: 2C10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: 2F30000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: 2C10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: 7F10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: 8F10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: 91C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: A1C0000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104096E rdtsc 4_2_0104096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 5570 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 1461 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe API coverage: 0.3 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe TID: 6660 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7236 Thread sleep time: -6456360425798339s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7224 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: Amcache.hve.8.dr Binary or memory string: VMware
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.8.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.8.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.dr Binary or memory string: vmci.sys
Source: Amcache.hve.8.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.8.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.8.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.dr Binary or memory string: VMware20,1
Source: Amcache.hve.8.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104096E rdtsc 4_2_0104096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042DF0 NtQuerySystemInformation,LdrInitializeThunk, 4_2_01042DF0
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov eax, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov ecx, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov eax, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov eax, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov ecx, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov eax, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov eax, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov ecx, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov eax, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE10E mov ecx, dword ptr fs:[00000030h] 4_2_010AE10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFC0F0 mov eax, dword ptr fs:[00000030h] 4_2_00FFC0F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AA118 mov ecx, dword ptr fs:[00000030h] 4_2_010AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AA118 mov eax, dword ptr fs:[00000030h] 4_2_010AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AA118 mov eax, dword ptr fs:[00000030h] 4_2_010AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AA118 mov eax, dword ptr fs:[00000030h] 4_2_010AA118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C0115 mov eax, dword ptr fs:[00000030h] 4_2_010C0115
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFA0E3 mov ecx, dword ptr fs:[00000030h] 4_2_00FFA0E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01030124 mov eax, dword ptr fs:[00000030h] 4_2_01030124
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01094144 mov eax, dword ptr fs:[00000030h] 4_2_01094144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01094144 mov eax, dword ptr fs:[00000030h] 4_2_01094144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01094144 mov ecx, dword ptr fs:[00000030h] 4_2_01094144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01094144 mov eax, dword ptr fs:[00000030h] 4_2_01094144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01094144 mov eax, dword ptr fs:[00000030h] 4_2_01094144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01098158 mov eax, dword ptr fs:[00000030h] 4_2_01098158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006154 mov eax, dword ptr fs:[00000030h] 4_2_01006154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006154 mov eax, dword ptr fs:[00000030h] 4_2_01006154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF80A0 mov eax, dword ptr fs:[00000030h] 4_2_00FF80A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4164 mov eax, dword ptr fs:[00000030h] 4_2_010D4164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4164 mov eax, dword ptr fs:[00000030h] 4_2_010D4164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01040185 mov eax, dword ptr fs:[00000030h] 4_2_01040185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BC188 mov eax, dword ptr fs:[00000030h] 4_2_010BC188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BC188 mov eax, dword ptr fs:[00000030h] 4_2_010BC188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A4180 mov eax, dword ptr fs:[00000030h] 4_2_010A4180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A4180 mov eax, dword ptr fs:[00000030h] 4_2_010A4180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108019F mov eax, dword ptr fs:[00000030h] 4_2_0108019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108019F mov eax, dword ptr fs:[00000030h] 4_2_0108019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108019F mov eax, dword ptr fs:[00000030h] 4_2_0108019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108019F mov eax, dword ptr fs:[00000030h] 4_2_0108019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C61C3 mov eax, dword ptr fs:[00000030h] 4_2_010C61C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C61C3 mov eax, dword ptr fs:[00000030h] 4_2_010C61C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E1D0 mov eax, dword ptr fs:[00000030h] 4_2_0107E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E1D0 mov eax, dword ptr fs:[00000030h] 4_2_0107E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E1D0 mov ecx, dword ptr fs:[00000030h] 4_2_0107E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E1D0 mov eax, dword ptr fs:[00000030h] 4_2_0107E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E1D0 mov eax, dword ptr fs:[00000030h] 4_2_0107E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFA020 mov eax, dword ptr fs:[00000030h] 4_2_00FFA020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFC020 mov eax, dword ptr fs:[00000030h] 4_2_00FFC020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D61E5 mov eax, dword ptr fs:[00000030h] 4_2_010D61E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010301F8 mov eax, dword ptr fs:[00000030h] 4_2_010301F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01084000 mov ecx, dword ptr fs:[00000030h] 4_2_01084000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A2000 mov eax, dword ptr fs:[00000030h] 4_2_010A2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E016 mov eax, dword ptr fs:[00000030h] 4_2_0101E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E016 mov eax, dword ptr fs:[00000030h] 4_2_0101E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E016 mov eax, dword ptr fs:[00000030h] 4_2_0101E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E016 mov eax, dword ptr fs:[00000030h] 4_2_0101E016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01096030 mov eax, dword ptr fs:[00000030h] 4_2_01096030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01002050 mov eax, dword ptr fs:[00000030h] 4_2_01002050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086050 mov eax, dword ptr fs:[00000030h] 4_2_01086050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFA197 mov eax, dword ptr fs:[00000030h] 4_2_00FFA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFA197 mov eax, dword ptr fs:[00000030h] 4_2_00FFA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFA197 mov eax, dword ptr fs:[00000030h] 4_2_00FFA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102C073 mov eax, dword ptr fs:[00000030h] 4_2_0102C073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100208A mov eax, dword ptr fs:[00000030h] 4_2_0100208A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010980A8 mov eax, dword ptr fs:[00000030h] 4_2_010980A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFC156 mov eax, dword ptr fs:[00000030h] 4_2_00FFC156
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C60B8 mov eax, dword ptr fs:[00000030h] 4_2_010C60B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C60B8 mov ecx, dword ptr fs:[00000030h] 4_2_010C60B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010820DE mov eax, dword ptr fs:[00000030h] 4_2_010820DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010860E0 mov eax, dword ptr fs:[00000030h] 4_2_010860E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010080E9 mov eax, dword ptr fs:[00000030h] 4_2_010080E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010420F0 mov ecx, dword ptr fs:[00000030h] 4_2_010420F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A30B mov eax, dword ptr fs:[00000030h] 4_2_0103A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A30B mov eax, dword ptr fs:[00000030h] 4_2_0103A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A30B mov eax, dword ptr fs:[00000030h] 4_2_0103A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01020310 mov ecx, dword ptr fs:[00000030h] 4_2_01020310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D8324 mov eax, dword ptr fs:[00000030h] 4_2_010D8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D8324 mov ecx, dword ptr fs:[00000030h] 4_2_010D8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D8324 mov eax, dword ptr fs:[00000030h] 4_2_010D8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D8324 mov eax, dword ptr fs:[00000030h] 4_2_010D8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01082349 mov eax, dword ptr fs:[00000030h] 4_2_01082349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D634F mov eax, dword ptr fs:[00000030h] 4_2_010D634F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108035C mov eax, dword ptr fs:[00000030h] 4_2_0108035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108035C mov eax, dword ptr fs:[00000030h] 4_2_0108035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108035C mov eax, dword ptr fs:[00000030h] 4_2_0108035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108035C mov ecx, dword ptr fs:[00000030h] 4_2_0108035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108035C mov eax, dword ptr fs:[00000030h] 4_2_0108035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108035C mov eax, dword ptr fs:[00000030h] 4_2_0108035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A8350 mov ecx, dword ptr fs:[00000030h] 4_2_010A8350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CA352 mov eax, dword ptr fs:[00000030h] 4_2_010CA352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A437C mov eax, dword ptr fs:[00000030h] 4_2_010A437C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102438F mov eax, dword ptr fs:[00000030h] 4_2_0102438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102438F mov eax, dword ptr fs:[00000030h] 4_2_0102438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF826B mov eax, dword ptr fs:[00000030h] 4_2_00FF826B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFA250 mov eax, dword ptr fs:[00000030h] 4_2_00FFA250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0100A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0100A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0100A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0100A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0100A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0100A3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010083C0 mov eax, dword ptr fs:[00000030h] 4_2_010083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010083C0 mov eax, dword ptr fs:[00000030h] 4_2_010083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010083C0 mov eax, dword ptr fs:[00000030h] 4_2_010083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010083C0 mov eax, dword ptr fs:[00000030h] 4_2_010083C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF823B mov eax, dword ptr fs:[00000030h] 4_2_00FF823B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BC3CD mov eax, dword ptr fs:[00000030h] 4_2_010BC3CD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010863C0 mov eax, dword ptr fs:[00000030h] 4_2_010863C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE3DB mov eax, dword ptr fs:[00000030h] 4_2_010AE3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE3DB mov eax, dword ptr fs:[00000030h] 4_2_010AE3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE3DB mov ecx, dword ptr fs:[00000030h] 4_2_010AE3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AE3DB mov eax, dword ptr fs:[00000030h] 4_2_010AE3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A43D4 mov eax, dword ptr fs:[00000030h] 4_2_010A43D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A43D4 mov eax, dword ptr fs:[00000030h] 4_2_010A43D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010103E9 mov eax, dword ptr fs:[00000030h] 4_2_010103E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E3F0 mov eax, dword ptr fs:[00000030h] 4_2_0101E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E3F0 mov eax, dword ptr fs:[00000030h] 4_2_0101E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E3F0 mov eax, dword ptr fs:[00000030h] 4_2_0101E3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010363FF mov eax, dword ptr fs:[00000030h] 4_2_010363FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01088243 mov eax, dword ptr fs:[00000030h] 4_2_01088243
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01088243 mov ecx, dword ptr fs:[00000030h] 4_2_01088243
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D625D mov eax, dword ptr fs:[00000030h] 4_2_010D625D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006259 mov eax, dword ptr fs:[00000030h] 4_2_01006259
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BA250 mov eax, dword ptr fs:[00000030h] 4_2_010BA250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BA250 mov eax, dword ptr fs:[00000030h] 4_2_010BA250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004260 mov eax, dword ptr fs:[00000030h] 4_2_01004260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004260 mov eax, dword ptr fs:[00000030h] 4_2_01004260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004260 mov eax, dword ptr fs:[00000030h] 4_2_01004260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF8397 mov eax, dword ptr fs:[00000030h] 4_2_00FF8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF8397 mov eax, dword ptr fs:[00000030h] 4_2_00FF8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF8397 mov eax, dword ptr fs:[00000030h] 4_2_00FF8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFE388 mov eax, dword ptr fs:[00000030h] 4_2_00FFE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFE388 mov eax, dword ptr fs:[00000030h] 4_2_00FFE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFE388 mov eax, dword ptr fs:[00000030h] 4_2_00FFE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B0274 mov eax, dword ptr fs:[00000030h] 4_2_010B0274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E284 mov eax, dword ptr fs:[00000030h] 4_2_0103E284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E284 mov eax, dword ptr fs:[00000030h] 4_2_0103E284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01080283 mov eax, dword ptr fs:[00000030h] 4_2_01080283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01080283 mov eax, dword ptr fs:[00000030h] 4_2_01080283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01080283 mov eax, dword ptr fs:[00000030h] 4_2_01080283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010102A0 mov eax, dword ptr fs:[00000030h] 4_2_010102A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010102A0 mov eax, dword ptr fs:[00000030h] 4_2_010102A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010962A0 mov eax, dword ptr fs:[00000030h] 4_2_010962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010962A0 mov ecx, dword ptr fs:[00000030h] 4_2_010962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010962A0 mov eax, dword ptr fs:[00000030h] 4_2_010962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010962A0 mov eax, dword ptr fs:[00000030h] 4_2_010962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010962A0 mov eax, dword ptr fs:[00000030h] 4_2_010962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010962A0 mov eax, dword ptr fs:[00000030h] 4_2_010962A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0100A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0100A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0100A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0100A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0100A2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D62D6 mov eax, dword ptr fs:[00000030h] 4_2_010D62D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010102E1 mov eax, dword ptr fs:[00000030h] 4_2_010102E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010102E1 mov eax, dword ptr fs:[00000030h] 4_2_010102E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010102E1 mov eax, dword ptr fs:[00000030h] 4_2_010102E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFC310 mov ecx, dword ptr fs:[00000030h] 4_2_00FFC310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01096500 mov eax, dword ptr fs:[00000030h] 4_2_01096500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4500 mov eax, dword ptr fs:[00000030h] 4_2_010D4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 mov eax, dword ptr fs:[00000030h] 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 mov eax, dword ptr fs:[00000030h] 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 mov eax, dword ptr fs:[00000030h] 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 mov eax, dword ptr fs:[00000030h] 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 mov eax, dword ptr fs:[00000030h] 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010535 mov eax, dword ptr fs:[00000030h] 4_2_01010535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E53E mov eax, dword ptr fs:[00000030h] 4_2_0102E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E53E mov eax, dword ptr fs:[00000030h] 4_2_0102E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E53E mov eax, dword ptr fs:[00000030h] 4_2_0102E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E53E mov eax, dword ptr fs:[00000030h] 4_2_0102E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E53E mov eax, dword ptr fs:[00000030h] 4_2_0102E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008550 mov eax, dword ptr fs:[00000030h] 4_2_01008550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008550 mov eax, dword ptr fs:[00000030h] 4_2_01008550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103656A mov eax, dword ptr fs:[00000030h] 4_2_0103656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103656A mov eax, dword ptr fs:[00000030h] 4_2_0103656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103656A mov eax, dword ptr fs:[00000030h] 4_2_0103656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01002582 mov eax, dword ptr fs:[00000030h] 4_2_01002582
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01002582 mov ecx, dword ptr fs:[00000030h] 4_2_01002582
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01034588 mov eax, dword ptr fs:[00000030h] 4_2_01034588
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E59C mov eax, dword ptr fs:[00000030h] 4_2_0103E59C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF645D mov eax, dword ptr fs:[00000030h] 4_2_00FF645D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010805A7 mov eax, dword ptr fs:[00000030h] 4_2_010805A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010805A7 mov eax, dword ptr fs:[00000030h] 4_2_010805A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010805A7 mov eax, dword ptr fs:[00000030h] 4_2_010805A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010245B1 mov eax, dword ptr fs:[00000030h] 4_2_010245B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010245B1 mov eax, dword ptr fs:[00000030h] 4_2_010245B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E5CF mov eax, dword ptr fs:[00000030h] 4_2_0103E5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E5CF mov eax, dword ptr fs:[00000030h] 4_2_0103E5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010065D0 mov eax, dword ptr fs:[00000030h] 4_2_010065D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A5D0 mov eax, dword ptr fs:[00000030h] 4_2_0103A5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A5D0 mov eax, dword ptr fs:[00000030h] 4_2_0103A5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFC427 mov eax, dword ptr fs:[00000030h] 4_2_00FFC427
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFE420 mov eax, dword ptr fs:[00000030h] 4_2_00FFE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFE420 mov eax, dword ptr fs:[00000030h] 4_2_00FFE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFE420 mov eax, dword ptr fs:[00000030h] 4_2_00FFE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010025E0 mov eax, dword ptr fs:[00000030h] 4_2_010025E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0102E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C5ED mov eax, dword ptr fs:[00000030h] 4_2_0103C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C5ED mov eax, dword ptr fs:[00000030h] 4_2_0103C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01038402 mov eax, dword ptr fs:[00000030h] 4_2_01038402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01038402 mov eax, dword ptr fs:[00000030h] 4_2_01038402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01038402 mov eax, dword ptr fs:[00000030h] 4_2_01038402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01086420 mov eax, dword ptr fs:[00000030h] 4_2_01086420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A430 mov eax, dword ptr fs:[00000030h] 4_2_0103A430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103E443 mov eax, dword ptr fs:[00000030h] 4_2_0103E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102245A mov eax, dword ptr fs:[00000030h] 4_2_0102245A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BA456 mov eax, dword ptr fs:[00000030h] 4_2_010BA456
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108C460 mov ecx, dword ptr fs:[00000030h] 4_2_0108C460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102A470 mov eax, dword ptr fs:[00000030h] 4_2_0102A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102A470 mov eax, dword ptr fs:[00000030h] 4_2_0102A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102A470 mov eax, dword ptr fs:[00000030h] 4_2_0102A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010BA49A mov eax, dword ptr fs:[00000030h] 4_2_010BA49A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010064AB mov eax, dword ptr fs:[00000030h] 4_2_010064AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010344B0 mov ecx, dword ptr fs:[00000030h] 4_2_010344B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108A4B0 mov eax, dword ptr fs:[00000030h] 4_2_0108A4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010004E5 mov ecx, dword ptr fs:[00000030h] 4_2_010004E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C700 mov eax, dword ptr fs:[00000030h] 4_2_0103C700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000710 mov eax, dword ptr fs:[00000030h] 4_2_01000710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01030710 mov eax, dword ptr fs:[00000030h] 4_2_01030710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C720 mov eax, dword ptr fs:[00000030h] 4_2_0103C720
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C720 mov eax, dword ptr fs:[00000030h] 4_2_0103C720
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107C730 mov eax, dword ptr fs:[00000030h] 4_2_0107C730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103273C mov eax, dword ptr fs:[00000030h] 4_2_0103273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103273C mov ecx, dword ptr fs:[00000030h] 4_2_0103273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103273C mov eax, dword ptr fs:[00000030h] 4_2_0103273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103674D mov esi, dword ptr fs:[00000030h] 4_2_0103674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103674D mov eax, dword ptr fs:[00000030h] 4_2_0103674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103674D mov eax, dword ptr fs:[00000030h] 4_2_0103674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000750 mov eax, dword ptr fs:[00000030h] 4_2_01000750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042750 mov eax, dword ptr fs:[00000030h] 4_2_01042750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042750 mov eax, dword ptr fs:[00000030h] 4_2_01042750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108E75D mov eax, dword ptr fs:[00000030h] 4_2_0108E75D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01084755 mov eax, dword ptr fs:[00000030h] 4_2_01084755
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008770 mov eax, dword ptr fs:[00000030h] 4_2_01008770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010770 mov eax, dword ptr fs:[00000030h] 4_2_01010770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A678E mov eax, dword ptr fs:[00000030h] 4_2_010A678E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B47A0 mov eax, dword ptr fs:[00000030h] 4_2_010B47A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010007AF mov eax, dword ptr fs:[00000030h] 4_2_010007AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100C7C0 mov eax, dword ptr fs:[00000030h] 4_2_0100C7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010807C3 mov eax, dword ptr fs:[00000030h] 4_2_010807C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108E7E1 mov eax, dword ptr fs:[00000030h] 4_2_0108E7E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010227ED mov eax, dword ptr fs:[00000030h] 4_2_010227ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010227ED mov eax, dword ptr fs:[00000030h] 4_2_010227ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010227ED mov eax, dword ptr fs:[00000030h] 4_2_010227ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010047FB mov eax, dword ptr fs:[00000030h] 4_2_010047FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010047FB mov eax, dword ptr fs:[00000030h] 4_2_010047FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101260B mov eax, dword ptr fs:[00000030h] 4_2_0101260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E609 mov eax, dword ptr fs:[00000030h] 4_2_0107E609
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01042619 mov eax, dword ptr fs:[00000030h] 4_2_01042619
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01036620 mov eax, dword ptr fs:[00000030h] 4_2_01036620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01038620 mov eax, dword ptr fs:[00000030h] 4_2_01038620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101E627 mov eax, dword ptr fs:[00000030h] 4_2_0101E627
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100262C mov eax, dword ptr fs:[00000030h] 4_2_0100262C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0101C640 mov eax, dword ptr fs:[00000030h] 4_2_0101C640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C866E mov eax, dword ptr fs:[00000030h] 4_2_010C866E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C866E mov eax, dword ptr fs:[00000030h] 4_2_010C866E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A660 mov eax, dword ptr fs:[00000030h] 4_2_0103A660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A660 mov eax, dword ptr fs:[00000030h] 4_2_0103A660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01032674 mov eax, dword ptr fs:[00000030h] 4_2_01032674
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004690 mov eax, dword ptr fs:[00000030h] 4_2_01004690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004690 mov eax, dword ptr fs:[00000030h] 4_2_01004690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C6A6 mov eax, dword ptr fs:[00000030h] 4_2_0103C6A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010366B0 mov eax, dword ptr fs:[00000030h] 4_2_010366B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A6C7 mov ebx, dword ptr fs:[00000030h] 4_2_0103A6C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A6C7 mov eax, dword ptr fs:[00000030h] 4_2_0103A6C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E6F2 mov eax, dword ptr fs:[00000030h] 4_2_0107E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E6F2 mov eax, dword ptr fs:[00000030h] 4_2_0107E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E6F2 mov eax, dword ptr fs:[00000030h] 4_2_0107E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E6F2 mov eax, dword ptr fs:[00000030h] 4_2_0107E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010806F1 mov eax, dword ptr fs:[00000030h] 4_2_010806F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010806F1 mov eax, dword ptr fs:[00000030h] 4_2_010806F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E908 mov eax, dword ptr fs:[00000030h] 4_2_0107E908
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107E908 mov eax, dword ptr fs:[00000030h] 4_2_0107E908
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108C912 mov eax, dword ptr fs:[00000030h] 4_2_0108C912
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108892A mov eax, dword ptr fs:[00000030h] 4_2_0108892A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0109892B mov eax, dword ptr fs:[00000030h] 4_2_0109892B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4940 mov eax, dword ptr fs:[00000030h] 4_2_010D4940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01080946 mov eax, dword ptr fs:[00000030h] 4_2_01080946
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01026962 mov eax, dword ptr fs:[00000030h] 4_2_01026962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01026962 mov eax, dword ptr fs:[00000030h] 4_2_01026962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01026962 mov eax, dword ptr fs:[00000030h] 4_2_01026962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104096E mov eax, dword ptr fs:[00000030h] 4_2_0104096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104096E mov edx, dword ptr fs:[00000030h] 4_2_0104096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0104096E mov eax, dword ptr fs:[00000030h] 4_2_0104096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A4978 mov eax, dword ptr fs:[00000030h] 4_2_010A4978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A4978 mov eax, dword ptr fs:[00000030h] 4_2_010A4978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108C97C mov eax, dword ptr fs:[00000030h] 4_2_0108C97C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010129A0 mov eax, dword ptr fs:[00000030h] 4_2_010129A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010009AD mov eax, dword ptr fs:[00000030h] 4_2_010009AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010009AD mov eax, dword ptr fs:[00000030h] 4_2_010009AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010889B3 mov esi, dword ptr fs:[00000030h] 4_2_010889B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010889B3 mov eax, dword ptr fs:[00000030h] 4_2_010889B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010889B3 mov eax, dword ptr fs:[00000030h] 4_2_010889B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010969C0 mov eax, dword ptr fs:[00000030h] 4_2_010969C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0100A9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0100A9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0100A9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0100A9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0100A9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0100A9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010349D0 mov eax, dword ptr fs:[00000030h] 4_2_010349D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CA9D3 mov eax, dword ptr fs:[00000030h] 4_2_010CA9D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108E9E0 mov eax, dword ptr fs:[00000030h] 4_2_0108E9E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010329F9 mov eax, dword ptr fs:[00000030h] 4_2_010329F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010329F9 mov eax, dword ptr fs:[00000030h] 4_2_010329F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108C810 mov eax, dword ptr fs:[00000030h] 4_2_0108C810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A483A mov eax, dword ptr fs:[00000030h] 4_2_010A483A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A483A mov eax, dword ptr fs:[00000030h] 4_2_010A483A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103A830 mov eax, dword ptr fs:[00000030h] 4_2_0103A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022835 mov eax, dword ptr fs:[00000030h] 4_2_01022835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022835 mov eax, dword ptr fs:[00000030h] 4_2_01022835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022835 mov eax, dword ptr fs:[00000030h] 4_2_01022835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022835 mov ecx, dword ptr fs:[00000030h] 4_2_01022835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022835 mov eax, dword ptr fs:[00000030h] 4_2_01022835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01022835 mov eax, dword ptr fs:[00000030h] 4_2_01022835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01012840 mov ecx, dword ptr fs:[00000030h] 4_2_01012840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01030854 mov eax, dword ptr fs:[00000030h] 4_2_01030854
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004859 mov eax, dword ptr fs:[00000030h] 4_2_01004859
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01004859 mov eax, dword ptr fs:[00000030h] 4_2_01004859
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01096870 mov eax, dword ptr fs:[00000030h] 4_2_01096870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01096870 mov eax, dword ptr fs:[00000030h] 4_2_01096870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108E872 mov eax, dword ptr fs:[00000030h] 4_2_0108E872
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108E872 mov eax, dword ptr fs:[00000030h] 4_2_0108E872
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000887 mov eax, dword ptr fs:[00000030h] 4_2_01000887
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108C89D mov eax, dword ptr fs:[00000030h] 4_2_0108C89D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102E8C0 mov eax, dword ptr fs:[00000030h] 4_2_0102E8C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D08C0 mov eax, dword ptr fs:[00000030h] 4_2_010D08C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF8918 mov eax, dword ptr fs:[00000030h] 4_2_00FF8918
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FF8918 mov eax, dword ptr fs:[00000030h] 4_2_00FF8918
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CA8E4 mov eax, dword ptr fs:[00000030h] 4_2_010CA8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C8F9 mov eax, dword ptr fs:[00000030h] 4_2_0103C8F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103C8F9 mov eax, dword ptr fs:[00000030h] 4_2_0103C8F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4B00 mov eax, dword ptr fs:[00000030h] 4_2_010D4B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107EB1D mov eax, dword ptr fs:[00000030h] 4_2_0107EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102EB20 mov eax, dword ptr fs:[00000030h] 4_2_0102EB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102EB20 mov eax, dword ptr fs:[00000030h] 4_2_0102EB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C8B28 mov eax, dword ptr fs:[00000030h] 4_2_010C8B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010C8B28 mov eax, dword ptr fs:[00000030h] 4_2_010C8B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B4B4B mov eax, dword ptr fs:[00000030h] 4_2_010B4B4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B4B4B mov eax, dword ptr fs:[00000030h] 4_2_010B4B4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010A8B42 mov eax, dword ptr fs:[00000030h] 4_2_010A8B42
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01096B40 mov eax, dword ptr fs:[00000030h] 4_2_01096B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01096B40 mov eax, dword ptr fs:[00000030h] 4_2_01096B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010CAB40 mov eax, dword ptr fs:[00000030h] 4_2_010CAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AEB50 mov eax, dword ptr fs:[00000030h] 4_2_010AEB50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D2B57 mov eax, dword ptr fs:[00000030h] 4_2_010D2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D2B57 mov eax, dword ptr fs:[00000030h] 4_2_010D2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D2B57 mov eax, dword ptr fs:[00000030h] 4_2_010D2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D2B57 mov eax, dword ptr fs:[00000030h] 4_2_010D2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B4BB0 mov eax, dword ptr fs:[00000030h] 4_2_010B4BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010B4BB0 mov eax, dword ptr fs:[00000030h] 4_2_010B4BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010BBE mov eax, dword ptr fs:[00000030h] 4_2_01010BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010BBE mov eax, dword ptr fs:[00000030h] 4_2_01010BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01020BCB mov eax, dword ptr fs:[00000030h] 4_2_01020BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01020BCB mov eax, dword ptr fs:[00000030h] 4_2_01020BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01020BCB mov eax, dword ptr fs:[00000030h] 4_2_01020BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000BCD mov eax, dword ptr fs:[00000030h] 4_2_01000BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000BCD mov eax, dword ptr fs:[00000030h] 4_2_01000BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01000BCD mov eax, dword ptr fs:[00000030h] 4_2_01000BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AEBD0 mov eax, dword ptr fs:[00000030h] 4_2_010AEBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008BF0 mov eax, dword ptr fs:[00000030h] 4_2_01008BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008BF0 mov eax, dword ptr fs:[00000030h] 4_2_01008BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008BF0 mov eax, dword ptr fs:[00000030h] 4_2_01008BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108CBF0 mov eax, dword ptr fs:[00000030h] 4_2_0108CBF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102EBFC mov eax, dword ptr fs:[00000030h] 4_2_0102EBFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0108CA11 mov eax, dword ptr fs:[00000030h] 4_2_0108CA11
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103CA24 mov eax, dword ptr fs:[00000030h] 4_2_0103CA24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0102EA2E mov eax, dword ptr fs:[00000030h] 4_2_0102EA2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01024A35 mov eax, dword ptr fs:[00000030h] 4_2_01024A35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01024A35 mov eax, dword ptr fs:[00000030h] 4_2_01024A35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103CA38 mov eax, dword ptr fs:[00000030h] 4_2_0103CA38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01006A50 mov eax, dword ptr fs:[00000030h] 4_2_01006A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010A5B mov eax, dword ptr fs:[00000030h] 4_2_01010A5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01010A5B mov eax, dword ptr fs:[00000030h] 4_2_01010A5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010AEA60 mov eax, dword ptr fs:[00000030h] 4_2_010AEA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103CA6F mov eax, dword ptr fs:[00000030h] 4_2_0103CA6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103CA6F mov eax, dword ptr fs:[00000030h] 4_2_0103CA6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0103CA6F mov eax, dword ptr fs:[00000030h] 4_2_0103CA6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107CA72 mov eax, dword ptr fs:[00000030h] 4_2_0107CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0107CA72 mov eax, dword ptr fs:[00000030h] 4_2_0107CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_0100EA80 mov eax, dword ptr fs:[00000030h] 4_2_0100EA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_00FFCB7E mov eax, dword ptr fs:[00000030h] 4_2_00FFCB7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_010D4A80 mov eax, dword ptr fs:[00000030h] 4_2_010D4A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01038A90 mov edx, dword ptr fs:[00000030h] 4_2_01038A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Code function: 4_2_01008AA0 mov eax, dword ptr fs:[00000030h] 4_2_01008AA0
Enables debug privileges
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe" Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.8.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.2026512273.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.2026512273.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1465503 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 01/07/2024 Architecture: WINDOWS Score: 100 24 Malicious sample detected (through community Yara rule) 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 6 other signatures 2->30 7 SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe 4 2->7         started        process3 file4 22 SecuriteInfo.com.W...16176.20864.exe.log, ASCII 7->22 dropped 32 Adds a directory exclusion to Windows Defender 7->32 34 Injects a PE file into a foreign processes 7->34 11 powershell.exe 23 7->11         started        14 SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe 7->14         started        signatures5 process6 signatures7 36 Loading BitLocker PowerShell Module 11->36 16 WmiPrvSE.exe 11->16         started        18 conhost.exe 11->18         started        20 WerFault.exe 21 16 14->20         started        process8
No contacted IP infos