Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Analysis ID: 1539814
MD5: 88219c96c3a3b4953d1ef76002f82282
SHA1: e47ef493cc3ffeaa638f31ae6635b0f73420fb22
SHA256: 0e451ce1db9f82077de2d8f16f2010e3273795cff50c64ca515e7f9f0401022d
Tags: exe
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe ReversingLabs: Detection: 28%
Yara detected FormBook
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: BazQ.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: Binary string: BazQ.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2167000791.000000000341A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.11.dr String found in binary or memory: http://upx.sf.net

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0042C4E3 NtClose, 8_2_0042C4E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22DF0 NtQuerySystemInformation,LdrInitializeThunk, 8_2_01B22DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B24340 NtSetContextThread, 8_2_01B24340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B24650 NtSuspendThread, 8_2_01B24650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22BA0 NtEnumerateValueKey, 8_2_01B22BA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22B80 NtQueryInformationFile, 8_2_01B22B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22BF0 NtAllocateVirtualMemory, 8_2_01B22BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22BE0 NtQueryValueKey, 8_2_01B22BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22B60 NtClose, 8_2_01B22B60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22AB0 NtWaitForSingleObject, 8_2_01B22AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22AF0 NtWriteFile, 8_2_01B22AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22AD0 NtReadFile, 8_2_01B22AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22DB0 NtEnumerateKey, 8_2_01B22DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22DD0 NtDelayExecution, 8_2_01B22DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22D30 NtUnmapViewOfSection, 8_2_01B22D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22D10 NtMapViewOfSection, 8_2_01B22D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22D00 NtSetInformationFile, 8_2_01B22D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22CA0 NtQueryInformationToken, 8_2_01B22CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22CF0 NtOpenProcess, 8_2_01B22CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22CC0 NtQueryVirtualMemory, 8_2_01B22CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22C00 NtQueryInformationProcess, 8_2_01B22C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22C70 NtFreeVirtualMemory, 8_2_01B22C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22C60 NtCreateKey, 8_2_01B22C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22FB0 NtResumeThread, 8_2_01B22FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22FA0 NtQuerySection, 8_2_01B22FA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22F90 NtProtectVirtualMemory, 8_2_01B22F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22FE0 NtCreateFile, 8_2_01B22FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22F30 NtCreateSection, 8_2_01B22F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22F60 NtCreateProcessEx, 8_2_01B22F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22EA0 NtAdjustPrivilegesToken, 8_2_01B22EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22E80 NtReadVirtualMemory, 8_2_01B22E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22EE0 NtQueueApcThread, 8_2_01B22EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22E30 NtWriteVirtualMemory, 8_2_01B22E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B23090 NtSetValueKey, 8_2_01B23090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B23010 NtOpenDirectoryObject, 8_2_01B23010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B235C0 NtCreateMutant, 8_2_01B235C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B239B0 NtGetContextThread, 8_2_01B239B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B23D10 NtOpenProcessToken, 8_2_01B23D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B23D70 NtOpenThread, 8_2_01B23D70
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_030FD57C 0_2_030FD57C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CAA598 0_2_05CAA598
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA14DF 0_2_05CA14DF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA14F0 0_2_05CA14F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA83E8 0_2_05CA83E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA1251 0_2_05CA1251
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA1260 0_2_05CA1260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA7FB0 0_2_05CA7FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA9BD8 0_2_05CA9BD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA9BE8 0_2_05CA9BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA7B78 0_2_05CA7B78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CA7B72 0_2_05CA7B72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0040284A 8_2_0040284A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_00402850 8_2_00402850
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_00410093 8_2_00410093
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_00403150 8_2_00403150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0040E113 8_2_0040E113
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0042EB03 8_2_0042EB03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0040FE6E 8_2_0040FE6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0040FE73 8_2_0040FE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_00416733 8_2_00416733
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB01AA 8_2_01BB01AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA41A2 8_2_01BA41A2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA81CC 8_2_01BA81CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8A118 8_2_01B8A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0100 8_2_01AE0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B78158 8_2_01B78158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB03E6 8_2_01BB03E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE3F0 8_2_01AFE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAA352 8_2_01BAA352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B702C0 8_2_01B702C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB0591 8_2_01BB0591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9E4F6 8_2_01B9E4F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B94420 8_2_01B94420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA2446 8_2_01BA2446
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEC7C0 8_2_01AEC7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B14750 8_2_01B14750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0C6E0 8_2_01B0C6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BBA9A6 8_2_01BBA9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B06962 8_2_01B06962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD68B8 8_2_01AD68B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E8F0 8_2_01B1E8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF2840 8_2_01AF2840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFA840 8_2_01AFA840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA6BD7 8_2_01BA6BD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAAB40 8_2_01BAAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B08DBF 8_2_01B08DBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEADE0 8_2_01AEADE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8CD1F 8_2_01B8CD1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFAD00 8_2_01AFAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90CB5 8_2_01B90CB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0CF2 8_2_01AE0CF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0C00 8_2_01AF0C00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6EFA0 8_2_01B6EFA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFCFE0 8_2_01AFCFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE2FC8 8_2_01AE2FC8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B10F30 8_2_01B10F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B92F30 8_2_01B92F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B32F28 8_2_01B32F28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B64F40 8_2_01B64F40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02E90 8_2_01B02E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BACE93 8_2_01BACE93
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAEEDB 8_2_01BAEEDB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAEE26 8_2_01BAEE26
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0E59 8_2_01AF0E59
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFB1B0 8_2_01AFB1B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BBB16B 8_2_01BBB16B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2516C 8_2_01B2516C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADF172 8_2_01ADF172
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA70E9 8_2_01BA70E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAF0E0 8_2_01BAF0E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF70C0 8_2_01AF70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9F0CC 8_2_01B9F0CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B3739A 8_2_01B3739A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA132D 8_2_01BA132D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADD34C 8_2_01ADD34C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF52A0 8_2_01AF52A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B912ED 8_2_01B912ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0B2C0 8_2_01B0B2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8D5B0 8_2_01B8D5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB95C3 8_2_01BB95C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA7571 8_2_01BA7571
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAF43F 8_2_01BAF43F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE1460 8_2_01AE1460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAF7B0 8_2_01BAF7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA16CC 8_2_01BA16CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B35630 8_2_01B35630
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B85910 8_2_01B85910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0B950 8_2_01B0B950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF9950 8_2_01AF9950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF38E0 8_2_01AF38E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5D800 8_2_01B5D800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0FB80 8_2_01B0FB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B65BF0 8_2_01B65BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2DBF9 8_2_01B2DBF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAFB76 8_2_01BAFB76
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B35AA0 8_2_01B35AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8DAAC 8_2_01B8DAAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B91AA3 8_2_01B91AA3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9DAC6 8_2_01B9DAC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B63A6C 8_2_01B63A6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAFA49 8_2_01BAFA49
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA7A46 8_2_01BA7A46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0FDC0 8_2_01B0FDC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA7D73 8_2_01BA7D73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA1D5A 8_2_01BA1D5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF3D40 8_2_01AF3D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAFCF2 8_2_01BAFCF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B69C32 8_2_01B69C32
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAFFB1 8_2_01BAFFB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF1F92 8_2_01AF1F92
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AB3FD2 8_2_01AB3FD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AB3FD5 8_2_01AB3FD5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAFF09 8_2_01BAFF09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF9EB0 8_2_01AF9EB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: String function: 01ADB970 appears 280 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: String function: 01B37E54 appears 111 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: String function: 01B6F290 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: String function: 01B5EA12 appears 86 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: String function: 01B25130 appears 58 times
One or more processes crash
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 200
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2179622007.0000000007B70000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2164933520.00000000014FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000000.2138764690.0000000000E22000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameBazQ.exeF vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001BDD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Binary or memory string: OriginalFilenameBazQ.exeF vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, bromSDmMgmk7NjA8Wh.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, bromSDmMgmk7NjA8Wh.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, bromSDmMgmk7NjA8Wh.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal100.troj.evad.winEXE@14/11@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.log Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2156
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f53wo0an.uor.ps1 Jump to behavior
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe ReversingLabs: Detection: 28%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 200
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: microsoft.management.infrastructure.native.unmanaged.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wmidcom.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: fastprox.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: ncobjapi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mpclient.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wmitomi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: BazQ.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Source: Binary string: BazQ.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.cs .Net Code: eOxsMhAa2w System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.cs .Net Code: eOxsMhAa2w System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.cs .Net Code: eOxsMhAa2w System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.5a70000.2.raw.unpack, Uo.cs .Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CAD212 push esp; ret 0_2_05CAD219
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 0_2_05CACE8E push cs; retf 0_2_05CACE8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0041F0D1 push ebp; iretd 8_2_0041F0DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_004118F3 push esp; iretd 8_2_00411926
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_004118B0 push esp; iretd 8_2_00411926
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_00415A79 push eax; retf 8_2_00415A83
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0041B2EA pushfd ; retf 8_2_0041B2ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_004033D0 push eax; ret 8_2_004033D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0040BCC7 push C1009F53h; ret 8_2_0040BCCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_00406567 push edx; iretd 8_2_00406568
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_004165BD pushfd ; retf 8_2_004165C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0040863B push ebx; iretd 8_2_0040863C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_0041E74B push ds; iretd 8_2_0041E74C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AB225F pushad ; ret 8_2_01AB27F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AB27FA pushad ; ret 8_2_01AB27F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE09AD push ecx; mov dword ptr [esp], ecx 8_2_01AE09B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AB283D push eax; iretd 8_2_01AB2858
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AB1368 push eax; iretd 8_2_01AB1369
Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Static PE information: section name: .text entropy: 7.725761342234378
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, Jibr8sVvmBM5igK2sn.cs High entropy of concatenated method names: 'DRmQvCg6u8', 'RipQCTFJOc', 'QUZQm31eBJ', 'agYQVwTZSF', 'MaYQiEPxLE', 'efyQqZEVpV', 'KfnQbIUdNv', 'wJcQknWU1c', 'CNtQG0krdg', 'xf3QjWFMkd'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, BN78daOGGwb84epHLl.cs High entropy of concatenated method names: 'VIpi2pNPTc', 'bSHihpoleu', 'CRsiOPeWxJ', 'dv5iFSZXWf', 'ilwiNqaP7W', 'E8Li8d7J8q', 'dHCi9MaT1E', 'FDNiyybUx3', 'bfXi7H12PL', 'Wxpiof1Jmp'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, jXNpgMcmSNGyrfQRfT.cs High entropy of concatenated method names: 'QKeMqCuZv', 'KPSvlIYeY', 'OpsCDMTJt', 'eNx3BGmnN', 'dbxVyCpND', 'nVwTmaPiu', 'gb6UQKXeSo27JDYeKY', 'LFV3HjaP6VCU9KbIdU', 'aPskOyflI', 'ClXjFFdlX'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, vSh5VDQHd7EuIYgL72.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'qhkcu8ARZK', 'DXecPu2qZj', 'm7lczZAFUR', 'zoOJtmWfRb', 'eXOJw81xwV', 's4vJcDTwMj', 'HLuJJ5vVGP', 'd77whYHdeP3o1qIYb8y'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, Psg6cixEAN10YiZ8WR.cs High entropy of concatenated method names: 'd8DbWhXAmB', 'zngbHCEP1c', 'ToString', 'lXgbXrKm1p', 'dLgbrydoOm', 'MMmbQ4PNto', 'RDCbgpU2hP', 'mHPb04PFYo', 'eYNbDcQcfu', 'SZdbZisUEQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P8JmvjlvVYqKKZwfL3.cs High entropy of concatenated method names: 'lvp0SISJtx', 'LLq0rvkY4D', 'XcM0gqOBCr', 'JbX0DFsNb0', 'Fby0ZyOVuS', 'YMsgIROy8a', 'rBpgaPMb1q', 'blagAfBWlG', 'qwHgdBqRol', 'rUsgu8oAf2'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, o3sjhQat5G5fJsTtJF.cs High entropy of concatenated method names: 'FG7bd9oiWD', 'BfNbPEuBsA', 'QPhktnO9Cj', 'VoJkw7c0IH', 'bhbb16CrDE', 'T9GbhtCou6', 'h20bUuYl86', 'pLYbO1HdHJ', 'HgabFb9crk', 'Tn5bBgCxUV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, sNAd1ewJ5pgvIPCkKMM.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BOajOYvjX4', 'c8DjFV4WhP', 'P4sjBYPTGt', 'eq3jxCmpoe', 'axIjIRjnUy', 'K5pjamXnbA', 'NqWjApMGD0'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, AXs1S5p2lJaAdpMlX9.cs High entropy of concatenated method names: 'rKvDYX6gsc', 'HOBDn3AToL', 'luKDMlN578', 'cm6Dv4y13m', 'yqPD6yMdCG', 'XSXDCK9Ba7', 'luyD3Y1GNY', 'LE1DmN7xE2', 'EB6DVB626u', 'g6vDTBK7Kj'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, kRehDSUdr7R8Z36WOj.cs High entropy of concatenated method names: 'jTJEmJm3sg', 'tH1EVYb9kL', 'eZSElhSQmp', 'pbeENWymQ9', 'AWmE9bSmKK', 'bgdEyxhWqq', 'FXFEoYtvtc', 'xvXEephaFe', 'bW2E2UoORg', 'A1tE1F5CCQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, bromSDmMgmk7NjA8Wh.cs High entropy of concatenated method names: 'eoKrO60tWh', 'twnrFRE03a', 'UvyrBQwsYm', 'Hktrx9SfGm', 'DvXrIURveH', 'mwqraGmttO', 'PiKrAVwQqP', 'wOCrd4jrd0', 'jQpruoPQe6', 'l3UrPDM8eI'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, CnmMe2TQp9PLCNDy2Q.cs High entropy of concatenated method names: 'c6fg6ZbihG', 'j81g3u4xxg', 'wyYQ8CtSIk', 'pjaQ9eGRMu', 'J4KQyoEEPC', 'e3YQ7ojm1g', 'cnQQo66mJ4', 'PduQeWwaji', 'e0uQplYnXb', 'm5OQ2gxrkA'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, xCeuh7PDBGX7g80MJL.cs High entropy of concatenated method names: 'lttGwGsbQy', 'UZyGJX4XLx', 'gffGsjwHuW', 'CRFGXGIfJb', 'IgGGr4jPGL', 'UcZGg372L1', 'FSdG0M6iCI', 'YITkAASwc6', 'ypSkdFfxNy', 'mTtkumMOUr'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, wnZUCPd5hq2eCVbC9X.cs High entropy of concatenated method names: 'fGZkXlvn3F', 'KRIkrrLDZI', 'stfkQW7Fyp', 'XZvkg08MaZ', 'GrBk0K6mr5', 'iU1kDlfQdw', 'uh1kZht6Fi', 'XELkKvJJnX', 'RvEkWEhYcH', 'rlPkHofGT5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, bu4lvbz2toDMF6YCEb.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kQAGEsZq5D', 'FLvGiq87VU', 'l6KGq8b3nV', 'KtKGbASUce', 'b2mGkBfbtX', 'xXYGGcFP1q', 'TpJGjaJ7Yx'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, xm2huPwtjajO1yCxlcB.cs High entropy of concatenated method names: 'nYsGYZ1iSr', 'UolGnZHhDp', 'TbjGMvHYEt', 'uwaGvX2G4s', 'Ic9G6G4VD8', 'rp6GCEl7Ce', 'jjaG3m0VHu', 'WedGmQQEYg', 'ijlGVX1rVr', 'DQbGTc3sUr'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, poUqntoNQ9bV9OFe16.cs High entropy of concatenated method names: 'wgkDXypMQ8', 'IEoDQwRFOS', 'dRhD0c8VuP', 'wKg0PfB1f7', 'eI80zQ3hbE', 'AYfDtCO2jL', 'u3GDwKRLqf', 'ionDc3WJRm', 'Kk1DJy7dS9', 'oRqDs1lh3F'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.cs High entropy of concatenated method names: 'DaOJSYZF3s', 'CRsJX77ox6', 'O20JrdsTVn', 'GqRJQ0pQEL', 'bKFJgv4Apc', 'QGdJ0kiKxy', 'FthJD5B8fA', 'WhCJZyHk7D', 'BH3JKMeKx1', 'BsaJWkCk2o'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, qHYeOWsYPPnd4RYjGu.cs High entropy of concatenated method names: 'E6cwDromSD', 'zgmwZk7NjA', 'dvmwWBM5ig', 'l2swHnCnmM', 'GDywi2Qh8J', 'DvjwqvVYqK', 'gYEQRasZuXtyBniQFF', 'IZB6kYJtaO42uPILWj', 'KjhwwLdHks', 'eP7wJhyxMe'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, j8hj9arRDNoh4P6tNU.cs High entropy of concatenated method names: 'Dispose', 'Ylcwu5kxpe', 'yIacNpHQok', 'Wqassk2KGc', 'dRnwPZUCP5', 'Pq2wzeCVbC', 'ProcessDialogKey', 'IXcctqkmNq', 'KtycwNem6d', 'EQLccYCeuh'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, XkcIsLNj1Z3WMhtLtd.cs High entropy of concatenated method names: 'AxJCK221EYEqsTlWcI7', 'Xmp72T26EF1f5iUWG3H', 'btP0kNdmow', 'oXn0GDh8wT', 'CSi0jsRpF6', 'j0JCal2uNZoMiSiOZm0', 'BNyKPG2hbGkLYJeI3gQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, cqkmNqu7tyNem6dVQL.cs High entropy of concatenated method names: 'o7vkl91N50', 'GwLkNW9Px5', 'VH8k8PW3EL', 'sVJk9up6at', 'EtLkOlvO5X', 'h0BkyJAA8P', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, Jibr8sVvmBM5igK2sn.cs High entropy of concatenated method names: 'DRmQvCg6u8', 'RipQCTFJOc', 'QUZQm31eBJ', 'agYQVwTZSF', 'MaYQiEPxLE', 'efyQqZEVpV', 'KfnQbIUdNv', 'wJcQknWU1c', 'CNtQG0krdg', 'xf3QjWFMkd'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, BN78daOGGwb84epHLl.cs High entropy of concatenated method names: 'VIpi2pNPTc', 'bSHihpoleu', 'CRsiOPeWxJ', 'dv5iFSZXWf', 'ilwiNqaP7W', 'E8Li8d7J8q', 'dHCi9MaT1E', 'FDNiyybUx3', 'bfXi7H12PL', 'Wxpiof1Jmp'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, jXNpgMcmSNGyrfQRfT.cs High entropy of concatenated method names: 'QKeMqCuZv', 'KPSvlIYeY', 'OpsCDMTJt', 'eNx3BGmnN', 'dbxVyCpND', 'nVwTmaPiu', 'gb6UQKXeSo27JDYeKY', 'LFV3HjaP6VCU9KbIdU', 'aPskOyflI', 'ClXjFFdlX'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, vSh5VDQHd7EuIYgL72.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'qhkcu8ARZK', 'DXecPu2qZj', 'm7lczZAFUR', 'zoOJtmWfRb', 'eXOJw81xwV', 's4vJcDTwMj', 'HLuJJ5vVGP', 'd77whYHdeP3o1qIYb8y'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, Psg6cixEAN10YiZ8WR.cs High entropy of concatenated method names: 'd8DbWhXAmB', 'zngbHCEP1c', 'ToString', 'lXgbXrKm1p', 'dLgbrydoOm', 'MMmbQ4PNto', 'RDCbgpU2hP', 'mHPb04PFYo', 'eYNbDcQcfu', 'SZdbZisUEQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P8JmvjlvVYqKKZwfL3.cs High entropy of concatenated method names: 'lvp0SISJtx', 'LLq0rvkY4D', 'XcM0gqOBCr', 'JbX0DFsNb0', 'Fby0ZyOVuS', 'YMsgIROy8a', 'rBpgaPMb1q', 'blagAfBWlG', 'qwHgdBqRol', 'rUsgu8oAf2'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, o3sjhQat5G5fJsTtJF.cs High entropy of concatenated method names: 'FG7bd9oiWD', 'BfNbPEuBsA', 'QPhktnO9Cj', 'VoJkw7c0IH', 'bhbb16CrDE', 'T9GbhtCou6', 'h20bUuYl86', 'pLYbO1HdHJ', 'HgabFb9crk', 'Tn5bBgCxUV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, sNAd1ewJ5pgvIPCkKMM.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BOajOYvjX4', 'c8DjFV4WhP', 'P4sjBYPTGt', 'eq3jxCmpoe', 'axIjIRjnUy', 'K5pjamXnbA', 'NqWjApMGD0'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, AXs1S5p2lJaAdpMlX9.cs High entropy of concatenated method names: 'rKvDYX6gsc', 'HOBDn3AToL', 'luKDMlN578', 'cm6Dv4y13m', 'yqPD6yMdCG', 'XSXDCK9Ba7', 'luyD3Y1GNY', 'LE1DmN7xE2', 'EB6DVB626u', 'g6vDTBK7Kj'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, kRehDSUdr7R8Z36WOj.cs High entropy of concatenated method names: 'jTJEmJm3sg', 'tH1EVYb9kL', 'eZSElhSQmp', 'pbeENWymQ9', 'AWmE9bSmKK', 'bgdEyxhWqq', 'FXFEoYtvtc', 'xvXEephaFe', 'bW2E2UoORg', 'A1tE1F5CCQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, bromSDmMgmk7NjA8Wh.cs High entropy of concatenated method names: 'eoKrO60tWh', 'twnrFRE03a', 'UvyrBQwsYm', 'Hktrx9SfGm', 'DvXrIURveH', 'mwqraGmttO', 'PiKrAVwQqP', 'wOCrd4jrd0', 'jQpruoPQe6', 'l3UrPDM8eI'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, CnmMe2TQp9PLCNDy2Q.cs High entropy of concatenated method names: 'c6fg6ZbihG', 'j81g3u4xxg', 'wyYQ8CtSIk', 'pjaQ9eGRMu', 'J4KQyoEEPC', 'e3YQ7ojm1g', 'cnQQo66mJ4', 'PduQeWwaji', 'e0uQplYnXb', 'm5OQ2gxrkA'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, xCeuh7PDBGX7g80MJL.cs High entropy of concatenated method names: 'lttGwGsbQy', 'UZyGJX4XLx', 'gffGsjwHuW', 'CRFGXGIfJb', 'IgGGr4jPGL', 'UcZGg372L1', 'FSdG0M6iCI', 'YITkAASwc6', 'ypSkdFfxNy', 'mTtkumMOUr'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, wnZUCPd5hq2eCVbC9X.cs High entropy of concatenated method names: 'fGZkXlvn3F', 'KRIkrrLDZI', 'stfkQW7Fyp', 'XZvkg08MaZ', 'GrBk0K6mr5', 'iU1kDlfQdw', 'uh1kZht6Fi', 'XELkKvJJnX', 'RvEkWEhYcH', 'rlPkHofGT5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, bu4lvbz2toDMF6YCEb.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kQAGEsZq5D', 'FLvGiq87VU', 'l6KGq8b3nV', 'KtKGbASUce', 'b2mGkBfbtX', 'xXYGGcFP1q', 'TpJGjaJ7Yx'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, xm2huPwtjajO1yCxlcB.cs High entropy of concatenated method names: 'nYsGYZ1iSr', 'UolGnZHhDp', 'TbjGMvHYEt', 'uwaGvX2G4s', 'Ic9G6G4VD8', 'rp6GCEl7Ce', 'jjaG3m0VHu', 'WedGmQQEYg', 'ijlGVX1rVr', 'DQbGTc3sUr'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, poUqntoNQ9bV9OFe16.cs High entropy of concatenated method names: 'wgkDXypMQ8', 'IEoDQwRFOS', 'dRhD0c8VuP', 'wKg0PfB1f7', 'eI80zQ3hbE', 'AYfDtCO2jL', 'u3GDwKRLqf', 'ionDc3WJRm', 'Kk1DJy7dS9', 'oRqDs1lh3F'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.cs High entropy of concatenated method names: 'DaOJSYZF3s', 'CRsJX77ox6', 'O20JrdsTVn', 'GqRJQ0pQEL', 'bKFJgv4Apc', 'QGdJ0kiKxy', 'FthJD5B8fA', 'WhCJZyHk7D', 'BH3JKMeKx1', 'BsaJWkCk2o'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, qHYeOWsYPPnd4RYjGu.cs High entropy of concatenated method names: 'E6cwDromSD', 'zgmwZk7NjA', 'dvmwWBM5ig', 'l2swHnCnmM', 'GDywi2Qh8J', 'DvjwqvVYqK', 'gYEQRasZuXtyBniQFF', 'IZB6kYJtaO42uPILWj', 'KjhwwLdHks', 'eP7wJhyxMe'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, j8hj9arRDNoh4P6tNU.cs High entropy of concatenated method names: 'Dispose', 'Ylcwu5kxpe', 'yIacNpHQok', 'Wqassk2KGc', 'dRnwPZUCP5', 'Pq2wzeCVbC', 'ProcessDialogKey', 'IXcctqkmNq', 'KtycwNem6d', 'EQLccYCeuh'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, XkcIsLNj1Z3WMhtLtd.cs High entropy of concatenated method names: 'AxJCK221EYEqsTlWcI7', 'Xmp72T26EF1f5iUWG3H', 'btP0kNdmow', 'oXn0GDh8wT', 'CSi0jsRpF6', 'j0JCal2uNZoMiSiOZm0', 'BNyKPG2hbGkLYJeI3gQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, cqkmNqu7tyNem6dVQL.cs High entropy of concatenated method names: 'o7vkl91N50', 'GwLkNW9Px5', 'VH8k8PW3EL', 'sVJk9up6at', 'EtLkOlvO5X', 'h0BkyJAA8P', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, Jibr8sVvmBM5igK2sn.cs High entropy of concatenated method names: 'DRmQvCg6u8', 'RipQCTFJOc', 'QUZQm31eBJ', 'agYQVwTZSF', 'MaYQiEPxLE', 'efyQqZEVpV', 'KfnQbIUdNv', 'wJcQknWU1c', 'CNtQG0krdg', 'xf3QjWFMkd'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, BN78daOGGwb84epHLl.cs High entropy of concatenated method names: 'VIpi2pNPTc', 'bSHihpoleu', 'CRsiOPeWxJ', 'dv5iFSZXWf', 'ilwiNqaP7W', 'E8Li8d7J8q', 'dHCi9MaT1E', 'FDNiyybUx3', 'bfXi7H12PL', 'Wxpiof1Jmp'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, jXNpgMcmSNGyrfQRfT.cs High entropy of concatenated method names: 'QKeMqCuZv', 'KPSvlIYeY', 'OpsCDMTJt', 'eNx3BGmnN', 'dbxVyCpND', 'nVwTmaPiu', 'gb6UQKXeSo27JDYeKY', 'LFV3HjaP6VCU9KbIdU', 'aPskOyflI', 'ClXjFFdlX'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, vSh5VDQHd7EuIYgL72.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'qhkcu8ARZK', 'DXecPu2qZj', 'm7lczZAFUR', 'zoOJtmWfRb', 'eXOJw81xwV', 's4vJcDTwMj', 'HLuJJ5vVGP', 'd77whYHdeP3o1qIYb8y'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, Psg6cixEAN10YiZ8WR.cs High entropy of concatenated method names: 'd8DbWhXAmB', 'zngbHCEP1c', 'ToString', 'lXgbXrKm1p', 'dLgbrydoOm', 'MMmbQ4PNto', 'RDCbgpU2hP', 'mHPb04PFYo', 'eYNbDcQcfu', 'SZdbZisUEQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P8JmvjlvVYqKKZwfL3.cs High entropy of concatenated method names: 'lvp0SISJtx', 'LLq0rvkY4D', 'XcM0gqOBCr', 'JbX0DFsNb0', 'Fby0ZyOVuS', 'YMsgIROy8a', 'rBpgaPMb1q', 'blagAfBWlG', 'qwHgdBqRol', 'rUsgu8oAf2'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, o3sjhQat5G5fJsTtJF.cs High entropy of concatenated method names: 'FG7bd9oiWD', 'BfNbPEuBsA', 'QPhktnO9Cj', 'VoJkw7c0IH', 'bhbb16CrDE', 'T9GbhtCou6', 'h20bUuYl86', 'pLYbO1HdHJ', 'HgabFb9crk', 'Tn5bBgCxUV'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, sNAd1ewJ5pgvIPCkKMM.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BOajOYvjX4', 'c8DjFV4WhP', 'P4sjBYPTGt', 'eq3jxCmpoe', 'axIjIRjnUy', 'K5pjamXnbA', 'NqWjApMGD0'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, AXs1S5p2lJaAdpMlX9.cs High entropy of concatenated method names: 'rKvDYX6gsc', 'HOBDn3AToL', 'luKDMlN578', 'cm6Dv4y13m', 'yqPD6yMdCG', 'XSXDCK9Ba7', 'luyD3Y1GNY', 'LE1DmN7xE2', 'EB6DVB626u', 'g6vDTBK7Kj'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, kRehDSUdr7R8Z36WOj.cs High entropy of concatenated method names: 'jTJEmJm3sg', 'tH1EVYb9kL', 'eZSElhSQmp', 'pbeENWymQ9', 'AWmE9bSmKK', 'bgdEyxhWqq', 'FXFEoYtvtc', 'xvXEephaFe', 'bW2E2UoORg', 'A1tE1F5CCQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, bromSDmMgmk7NjA8Wh.cs High entropy of concatenated method names: 'eoKrO60tWh', 'twnrFRE03a', 'UvyrBQwsYm', 'Hktrx9SfGm', 'DvXrIURveH', 'mwqraGmttO', 'PiKrAVwQqP', 'wOCrd4jrd0', 'jQpruoPQe6', 'l3UrPDM8eI'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, CnmMe2TQp9PLCNDy2Q.cs High entropy of concatenated method names: 'c6fg6ZbihG', 'j81g3u4xxg', 'wyYQ8CtSIk', 'pjaQ9eGRMu', 'J4KQyoEEPC', 'e3YQ7ojm1g', 'cnQQo66mJ4', 'PduQeWwaji', 'e0uQplYnXb', 'm5OQ2gxrkA'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, xCeuh7PDBGX7g80MJL.cs High entropy of concatenated method names: 'lttGwGsbQy', 'UZyGJX4XLx', 'gffGsjwHuW', 'CRFGXGIfJb', 'IgGGr4jPGL', 'UcZGg372L1', 'FSdG0M6iCI', 'YITkAASwc6', 'ypSkdFfxNy', 'mTtkumMOUr'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, wnZUCPd5hq2eCVbC9X.cs High entropy of concatenated method names: 'fGZkXlvn3F', 'KRIkrrLDZI', 'stfkQW7Fyp', 'XZvkg08MaZ', 'GrBk0K6mr5', 'iU1kDlfQdw', 'uh1kZht6Fi', 'XELkKvJJnX', 'RvEkWEhYcH', 'rlPkHofGT5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, bu4lvbz2toDMF6YCEb.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kQAGEsZq5D', 'FLvGiq87VU', 'l6KGq8b3nV', 'KtKGbASUce', 'b2mGkBfbtX', 'xXYGGcFP1q', 'TpJGjaJ7Yx'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, xm2huPwtjajO1yCxlcB.cs High entropy of concatenated method names: 'nYsGYZ1iSr', 'UolGnZHhDp', 'TbjGMvHYEt', 'uwaGvX2G4s', 'Ic9G6G4VD8', 'rp6GCEl7Ce', 'jjaG3m0VHu', 'WedGmQQEYg', 'ijlGVX1rVr', 'DQbGTc3sUr'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, poUqntoNQ9bV9OFe16.cs High entropy of concatenated method names: 'wgkDXypMQ8', 'IEoDQwRFOS', 'dRhD0c8VuP', 'wKg0PfB1f7', 'eI80zQ3hbE', 'AYfDtCO2jL', 'u3GDwKRLqf', 'ionDc3WJRm', 'Kk1DJy7dS9', 'oRqDs1lh3F'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.cs High entropy of concatenated method names: 'DaOJSYZF3s', 'CRsJX77ox6', 'O20JrdsTVn', 'GqRJQ0pQEL', 'bKFJgv4Apc', 'QGdJ0kiKxy', 'FthJD5B8fA', 'WhCJZyHk7D', 'BH3JKMeKx1', 'BsaJWkCk2o'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, qHYeOWsYPPnd4RYjGu.cs High entropy of concatenated method names: 'E6cwDromSD', 'zgmwZk7NjA', 'dvmwWBM5ig', 'l2swHnCnmM', 'GDywi2Qh8J', 'DvjwqvVYqK', 'gYEQRasZuXtyBniQFF', 'IZB6kYJtaO42uPILWj', 'KjhwwLdHks', 'eP7wJhyxMe'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, j8hj9arRDNoh4P6tNU.cs High entropy of concatenated method names: 'Dispose', 'Ylcwu5kxpe', 'yIacNpHQok', 'Wqassk2KGc', 'dRnwPZUCP5', 'Pq2wzeCVbC', 'ProcessDialogKey', 'IXcctqkmNq', 'KtycwNem6d', 'EQLccYCeuh'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, XkcIsLNj1Z3WMhtLtd.cs High entropy of concatenated method names: 'AxJCK221EYEqsTlWcI7', 'Xmp72T26EF1f5iUWG3H', 'btP0kNdmow', 'oXn0GDh8wT', 'CSi0jsRpF6', 'j0JCal2uNZoMiSiOZm0', 'BNyKPG2hbGkLYJeI3gQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, cqkmNqu7tyNem6dVQL.cs High entropy of concatenated method names: 'o7vkl91N50', 'GwLkNW9Px5', 'VH8k8PW3EL', 'sVJk9up6at', 'EtLkOlvO5X', 'h0BkyJAA8P', 'Next', 'Next', 'Next', 'NextBytes'

Hooking and other Techniques for Hiding and Protection
barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe PID: 3200, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: 30F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: 31A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: 51A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: 8210000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: 9210000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: 93D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: A3D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: A980000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: B980000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: C980000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2096E rdtsc 8_2_01B2096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 6427 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3170 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe API coverage: 0.3 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe TID: 1816 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4892 Thread sleep time: -9223372036854770s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: Amcache.hve.11.dr Binary or memory string: VMware
Source: Amcache.hve.11.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.11.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.11.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.11.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.11.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.11.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.11.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.11.dr Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: Amcache.hve.11.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.11.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.11.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.11.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.11.dr Binary or memory string: vmci.sys
Source: Amcache.hve.11.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.11.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.11.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.11.dr Binary or memory string: VMware20,1
Source: Amcache.hve.11.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.11.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.11.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.11.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.11.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.11.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.11.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.11.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.11.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.11.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.11.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2096E rdtsc 8_2_01B2096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22DF0 NtQuerySystemInformation,LdrInitializeThunk, 8_2_01B22DF0
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h] 8_2_01B6019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h] 8_2_01B6019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h] 8_2_01B6019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h] 8_2_01B6019F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9C188 mov eax, dword ptr fs:[00000030h] 8_2_01B9C188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9C188 mov eax, dword ptr fs:[00000030h] 8_2_01B9C188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B20185 mov eax, dword ptr fs:[00000030h] 8_2_01B20185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B84180 mov eax, dword ptr fs:[00000030h] 8_2_01B84180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B84180 mov eax, dword ptr fs:[00000030h] 8_2_01B84180
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADA197 mov eax, dword ptr fs:[00000030h] 8_2_01ADA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADA197 mov eax, dword ptr fs:[00000030h] 8_2_01ADA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADA197 mov eax, dword ptr fs:[00000030h] 8_2_01ADA197
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B101F8 mov eax, dword ptr fs:[00000030h] 8_2_01B101F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB61E5 mov eax, dword ptr fs:[00000030h] 8_2_01BB61E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h] 8_2_01B5E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h] 8_2_01B5E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E1D0 mov ecx, dword ptr fs:[00000030h] 8_2_01B5E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h] 8_2_01B5E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h] 8_2_01B5E1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA61C3 mov eax, dword ptr fs:[00000030h] 8_2_01BA61C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA61C3 mov eax, dword ptr fs:[00000030h] 8_2_01BA61C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B10124 mov eax, dword ptr fs:[00000030h] 8_2_01B10124
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8A118 mov ecx, dword ptr fs:[00000030h] 8_2_01B8A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8A118 mov eax, dword ptr fs:[00000030h] 8_2_01B8A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8A118 mov eax, dword ptr fs:[00000030h] 8_2_01B8A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8A118 mov eax, dword ptr fs:[00000030h] 8_2_01B8A118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA0115 mov eax, dword ptr fs:[00000030h] 8_2_01BA0115
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h] 8_2_01B8E10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4164 mov eax, dword ptr fs:[00000030h] 8_2_01BB4164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4164 mov eax, dword ptr fs:[00000030h] 8_2_01BB4164
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B78158 mov eax, dword ptr fs:[00000030h] 8_2_01B78158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h] 8_2_01B74144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h] 8_2_01B74144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B74144 mov ecx, dword ptr fs:[00000030h] 8_2_01B74144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h] 8_2_01B74144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h] 8_2_01B74144
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE6154 mov eax, dword ptr fs:[00000030h] 8_2_01AE6154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE6154 mov eax, dword ptr fs:[00000030h] 8_2_01AE6154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADC156 mov eax, dword ptr fs:[00000030h] 8_2_01ADC156
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA60B8 mov eax, dword ptr fs:[00000030h] 8_2_01BA60B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA60B8 mov ecx, dword ptr fs:[00000030h] 8_2_01BA60B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD80A0 mov eax, dword ptr fs:[00000030h] 8_2_01AD80A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B780A8 mov eax, dword ptr fs:[00000030h] 8_2_01B780A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE208A mov eax, dword ptr fs:[00000030h] 8_2_01AE208A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B220F0 mov ecx, dword ptr fs:[00000030h] 8_2_01B220F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE80E9 mov eax, dword ptr fs:[00000030h] 8_2_01AE80E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADA0E3 mov ecx, dword ptr fs:[00000030h] 8_2_01ADA0E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B660E0 mov eax, dword ptr fs:[00000030h] 8_2_01B660E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADC0F0 mov eax, dword ptr fs:[00000030h] 8_2_01ADC0F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B620DE mov eax, dword ptr fs:[00000030h] 8_2_01B620DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B76030 mov eax, dword ptr fs:[00000030h] 8_2_01B76030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADA020 mov eax, dword ptr fs:[00000030h] 8_2_01ADA020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADC020 mov eax, dword ptr fs:[00000030h] 8_2_01ADC020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B64000 mov ecx, dword ptr fs:[00000030h] 8_2_01B64000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h] 8_2_01B82000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h] 8_2_01AFE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h] 8_2_01AFE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h] 8_2_01AFE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h] 8_2_01AFE016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0C073 mov eax, dword ptr fs:[00000030h] 8_2_01B0C073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66050 mov eax, dword ptr fs:[00000030h] 8_2_01B66050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE2050 mov eax, dword ptr fs:[00000030h] 8_2_01AE2050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADE388 mov eax, dword ptr fs:[00000030h] 8_2_01ADE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADE388 mov eax, dword ptr fs:[00000030h] 8_2_01ADE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADE388 mov eax, dword ptr fs:[00000030h] 8_2_01ADE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD8397 mov eax, dword ptr fs:[00000030h] 8_2_01AD8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD8397 mov eax, dword ptr fs:[00000030h] 8_2_01AD8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD8397 mov eax, dword ptr fs:[00000030h] 8_2_01AD8397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0438F mov eax, dword ptr fs:[00000030h] 8_2_01B0438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0438F mov eax, dword ptr fs:[00000030h] 8_2_01B0438F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h] 8_2_01AF03E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B163FF mov eax, dword ptr fs:[00000030h] 8_2_01B163FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE3F0 mov eax, dword ptr fs:[00000030h] 8_2_01AFE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE3F0 mov eax, dword ptr fs:[00000030h] 8_2_01AFE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE3F0 mov eax, dword ptr fs:[00000030h] 8_2_01AFE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E3DB mov eax, dword ptr fs:[00000030h] 8_2_01B8E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E3DB mov eax, dword ptr fs:[00000030h] 8_2_01B8E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E3DB mov ecx, dword ptr fs:[00000030h] 8_2_01B8E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8E3DB mov eax, dword ptr fs:[00000030h] 8_2_01B8E3DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B843D4 mov eax, dword ptr fs:[00000030h] 8_2_01B843D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B843D4 mov eax, dword ptr fs:[00000030h] 8_2_01B843D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA3C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h] 8_2_01AE83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h] 8_2_01AE83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h] 8_2_01AE83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h] 8_2_01AE83C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9C3CD mov eax, dword ptr fs:[00000030h] 8_2_01B9C3CD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B663C0 mov eax, dword ptr fs:[00000030h] 8_2_01B663C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB8324 mov eax, dword ptr fs:[00000030h] 8_2_01BB8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB8324 mov ecx, dword ptr fs:[00000030h] 8_2_01BB8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB8324 mov eax, dword ptr fs:[00000030h] 8_2_01BB8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB8324 mov eax, dword ptr fs:[00000030h] 8_2_01BB8324
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B00310 mov ecx, dword ptr fs:[00000030h] 8_2_01B00310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A30B mov eax, dword ptr fs:[00000030h] 8_2_01B1A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A30B mov eax, dword ptr fs:[00000030h] 8_2_01B1A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A30B mov eax, dword ptr fs:[00000030h] 8_2_01B1A30B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADC310 mov ecx, dword ptr fs:[00000030h] 8_2_01ADC310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8437C mov eax, dword ptr fs:[00000030h] 8_2_01B8437C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAA352 mov eax, dword ptr fs:[00000030h] 8_2_01BAA352
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B88350 mov ecx, dword ptr fs:[00000030h] 8_2_01B88350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h] 8_2_01B6035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h] 8_2_01B6035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h] 8_2_01B6035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6035C mov ecx, dword ptr fs:[00000030h] 8_2_01B6035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h] 8_2_01B6035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h] 8_2_01B6035C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB634F mov eax, dword ptr fs:[00000030h] 8_2_01BB634F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h] 8_2_01B62349
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF02A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF02A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF02A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF02A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h] 8_2_01B762A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B762A0 mov ecx, dword ptr fs:[00000030h] 8_2_01B762A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h] 8_2_01B762A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h] 8_2_01B762A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h] 8_2_01B762A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h] 8_2_01B762A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B60283 mov eax, dword ptr fs:[00000030h] 8_2_01B60283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B60283 mov eax, dword ptr fs:[00000030h] 8_2_01B60283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B60283 mov eax, dword ptr fs:[00000030h] 8_2_01B60283
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E284 mov eax, dword ptr fs:[00000030h] 8_2_01B1E284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E284 mov eax, dword ptr fs:[00000030h] 8_2_01B1E284
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF02E1 mov eax, dword ptr fs:[00000030h] 8_2_01AF02E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF02E1 mov eax, dword ptr fs:[00000030h] 8_2_01AF02E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF02E1 mov eax, dword ptr fs:[00000030h] 8_2_01AF02E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h] 8_2_01AEA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h] 8_2_01AEA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h] 8_2_01AEA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h] 8_2_01AEA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h] 8_2_01AEA2C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB62D6 mov eax, dword ptr fs:[00000030h] 8_2_01BB62D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD823B mov eax, dword ptr fs:[00000030h] 8_2_01AD823B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD826B mov eax, dword ptr fs:[00000030h] 8_2_01AD826B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h] 8_2_01B90274
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4260 mov eax, dword ptr fs:[00000030h] 8_2_01AE4260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4260 mov eax, dword ptr fs:[00000030h] 8_2_01AE4260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4260 mov eax, dword ptr fs:[00000030h] 8_2_01AE4260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB625D mov eax, dword ptr fs:[00000030h] 8_2_01BB625D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9A250 mov eax, dword ptr fs:[00000030h] 8_2_01B9A250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9A250 mov eax, dword ptr fs:[00000030h] 8_2_01B9A250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B68243 mov eax, dword ptr fs:[00000030h] 8_2_01B68243
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B68243 mov ecx, dword ptr fs:[00000030h] 8_2_01B68243
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE6259 mov eax, dword ptr fs:[00000030h] 8_2_01AE6259
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADA250 mov eax, dword ptr fs:[00000030h] 8_2_01ADA250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B045B1 mov eax, dword ptr fs:[00000030h] 8_2_01B045B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B045B1 mov eax, dword ptr fs:[00000030h] 8_2_01B045B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B605A7 mov eax, dword ptr fs:[00000030h] 8_2_01B605A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B605A7 mov eax, dword ptr fs:[00000030h] 8_2_01B605A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B605A7 mov eax, dword ptr fs:[00000030h] 8_2_01B605A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE2582 mov eax, dword ptr fs:[00000030h] 8_2_01AE2582
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE2582 mov ecx, dword ptr fs:[00000030h] 8_2_01AE2582
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E59C mov eax, dword ptr fs:[00000030h] 8_2_01B1E59C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B14588 mov eax, dword ptr fs:[00000030h] 8_2_01B14588
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE25E0 mov eax, dword ptr fs:[00000030h] 8_2_01AE25E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h] 8_2_01B0E5E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C5ED mov eax, dword ptr fs:[00000030h] 8_2_01B1C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C5ED mov eax, dword ptr fs:[00000030h] 8_2_01B1C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A5D0 mov eax, dword ptr fs:[00000030h] 8_2_01B1A5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A5D0 mov eax, dword ptr fs:[00000030h] 8_2_01B1A5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E5CF mov eax, dword ptr fs:[00000030h] 8_2_01B1E5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E5CF mov eax, dword ptr fs:[00000030h] 8_2_01B1E5CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE65D0 mov eax, dword ptr fs:[00000030h] 8_2_01AE65D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h] 8_2_01B0E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h] 8_2_01B0E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h] 8_2_01B0E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h] 8_2_01B0E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h] 8_2_01B0E53E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h] 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h] 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h] 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h] 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h] 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h] 8_2_01AF0535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B76500 mov eax, dword ptr fs:[00000030h] 8_2_01B76500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h] 8_2_01BB4500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1656A mov eax, dword ptr fs:[00000030h] 8_2_01B1656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1656A mov eax, dword ptr fs:[00000030h] 8_2_01B1656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1656A mov eax, dword ptr fs:[00000030h] 8_2_01B1656A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8550 mov eax, dword ptr fs:[00000030h] 8_2_01AE8550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8550 mov eax, dword ptr fs:[00000030h] 8_2_01AE8550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B144B0 mov ecx, dword ptr fs:[00000030h] 8_2_01B144B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE64AB mov eax, dword ptr fs:[00000030h] 8_2_01AE64AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6A4B0 mov eax, dword ptr fs:[00000030h] 8_2_01B6A4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9A49A mov eax, dword ptr fs:[00000030h] 8_2_01B9A49A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE04E5 mov ecx, dword ptr fs:[00000030h] 8_2_01AE04E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A430 mov eax, dword ptr fs:[00000030h] 8_2_01B1A430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADC427 mov eax, dword ptr fs:[00000030h] 8_2_01ADC427
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADE420 mov eax, dword ptr fs:[00000030h] 8_2_01ADE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADE420 mov eax, dword ptr fs:[00000030h] 8_2_01ADE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADE420 mov eax, dword ptr fs:[00000030h] 8_2_01ADE420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h] 8_2_01B66420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B18402 mov eax, dword ptr fs:[00000030h] 8_2_01B18402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B18402 mov eax, dword ptr fs:[00000030h] 8_2_01B18402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B18402 mov eax, dword ptr fs:[00000030h] 8_2_01B18402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0A470 mov eax, dword ptr fs:[00000030h] 8_2_01B0A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0A470 mov eax, dword ptr fs:[00000030h] 8_2_01B0A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0A470 mov eax, dword ptr fs:[00000030h] 8_2_01B0A470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6C460 mov ecx, dword ptr fs:[00000030h] 8_2_01B6C460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0245A mov eax, dword ptr fs:[00000030h] 8_2_01B0245A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B9A456 mov eax, dword ptr fs:[00000030h] 8_2_01B9A456
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD645D mov eax, dword ptr fs:[00000030h] 8_2_01AD645D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h] 8_2_01B1E443
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE07AF mov eax, dword ptr fs:[00000030h] 8_2_01AE07AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B947A0 mov eax, dword ptr fs:[00000030h] 8_2_01B947A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8678E mov eax, dword ptr fs:[00000030h] 8_2_01B8678E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE47FB mov eax, dword ptr fs:[00000030h] 8_2_01AE47FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE47FB mov eax, dword ptr fs:[00000030h] 8_2_01AE47FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6E7E1 mov eax, dword ptr fs:[00000030h] 8_2_01B6E7E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B027ED mov eax, dword ptr fs:[00000030h] 8_2_01B027ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B027ED mov eax, dword ptr fs:[00000030h] 8_2_01B027ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B027ED mov eax, dword ptr fs:[00000030h] 8_2_01B027ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEC7C0 mov eax, dword ptr fs:[00000030h] 8_2_01AEC7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B607C3 mov eax, dword ptr fs:[00000030h] 8_2_01B607C3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5C730 mov eax, dword ptr fs:[00000030h] 8_2_01B5C730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1273C mov eax, dword ptr fs:[00000030h] 8_2_01B1273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1273C mov ecx, dword ptr fs:[00000030h] 8_2_01B1273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1273C mov eax, dword ptr fs:[00000030h] 8_2_01B1273C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C720 mov eax, dword ptr fs:[00000030h] 8_2_01B1C720
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C720 mov eax, dword ptr fs:[00000030h] 8_2_01B1C720
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B10710 mov eax, dword ptr fs:[00000030h] 8_2_01B10710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C700 mov eax, dword ptr fs:[00000030h] 8_2_01B1C700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0710 mov eax, dword ptr fs:[00000030h] 8_2_01AE0710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8770 mov eax, dword ptr fs:[00000030h] 8_2_01AE8770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h] 8_2_01AF0770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22750 mov eax, dword ptr fs:[00000030h] 8_2_01B22750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22750 mov eax, dword ptr fs:[00000030h] 8_2_01B22750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B64755 mov eax, dword ptr fs:[00000030h] 8_2_01B64755
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6E75D mov eax, dword ptr fs:[00000030h] 8_2_01B6E75D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1674D mov esi, dword ptr fs:[00000030h] 8_2_01B1674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1674D mov eax, dword ptr fs:[00000030h] 8_2_01B1674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1674D mov eax, dword ptr fs:[00000030h] 8_2_01B1674D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0750 mov eax, dword ptr fs:[00000030h] 8_2_01AE0750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B166B0 mov eax, dword ptr fs:[00000030h] 8_2_01B166B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C6A6 mov eax, dword ptr fs:[00000030h] 8_2_01B1C6A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4690 mov eax, dword ptr fs:[00000030h] 8_2_01AE4690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4690 mov eax, dword ptr fs:[00000030h] 8_2_01AE4690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h] 8_2_01B5E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h] 8_2_01B5E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h] 8_2_01B5E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h] 8_2_01B5E6F2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B606F1 mov eax, dword ptr fs:[00000030h] 8_2_01B606F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B606F1 mov eax, dword ptr fs:[00000030h] 8_2_01B606F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A6C7 mov ebx, dword ptr fs:[00000030h] 8_2_01B1A6C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A6C7 mov eax, dword ptr fs:[00000030h] 8_2_01B1A6C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE262C mov eax, dword ptr fs:[00000030h] 8_2_01AE262C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFE627 mov eax, dword ptr fs:[00000030h] 8_2_01AFE627
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B16620 mov eax, dword ptr fs:[00000030h] 8_2_01B16620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B18620 mov eax, dword ptr fs:[00000030h] 8_2_01B18620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h] 8_2_01AF260B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B22619 mov eax, dword ptr fs:[00000030h] 8_2_01B22619
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E609 mov eax, dword ptr fs:[00000030h] 8_2_01B5E609
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B12674 mov eax, dword ptr fs:[00000030h] 8_2_01B12674
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A660 mov eax, dword ptr fs:[00000030h] 8_2_01B1A660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A660 mov eax, dword ptr fs:[00000030h] 8_2_01B1A660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA866E mov eax, dword ptr fs:[00000030h] 8_2_01BA866E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA866E mov eax, dword ptr fs:[00000030h] 8_2_01BA866E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AFC640 mov eax, dword ptr fs:[00000030h] 8_2_01AFC640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE09AD mov eax, dword ptr fs:[00000030h] 8_2_01AE09AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE09AD mov eax, dword ptr fs:[00000030h] 8_2_01AE09AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B689B3 mov esi, dword ptr fs:[00000030h] 8_2_01B689B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B689B3 mov eax, dword ptr fs:[00000030h] 8_2_01B689B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B689B3 mov eax, dword ptr fs:[00000030h] 8_2_01B689B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h] 8_2_01AF29A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B129F9 mov eax, dword ptr fs:[00000030h] 8_2_01B129F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B129F9 mov eax, dword ptr fs:[00000030h] 8_2_01B129F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6E9E0 mov eax, dword ptr fs:[00000030h] 8_2_01B6E9E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B149D0 mov eax, dword ptr fs:[00000030h] 8_2_01B149D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAA9D3 mov eax, dword ptr fs:[00000030h] 8_2_01BAA9D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B769C0 mov eax, dword ptr fs:[00000030h] 8_2_01B769C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h] 8_2_01AEA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6892A mov eax, dword ptr fs:[00000030h] 8_2_01B6892A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B7892B mov eax, dword ptr fs:[00000030h] 8_2_01B7892B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6C912 mov eax, dword ptr fs:[00000030h] 8_2_01B6C912
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD8918 mov eax, dword ptr fs:[00000030h] 8_2_01AD8918
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD8918 mov eax, dword ptr fs:[00000030h] 8_2_01AD8918
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E908 mov eax, dword ptr fs:[00000030h] 8_2_01B5E908
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5E908 mov eax, dword ptr fs:[00000030h] 8_2_01B5E908
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B84978 mov eax, dword ptr fs:[00000030h] 8_2_01B84978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B84978 mov eax, dword ptr fs:[00000030h] 8_2_01B84978
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6C97C mov eax, dword ptr fs:[00000030h] 8_2_01B6C97C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B06962 mov eax, dword ptr fs:[00000030h] 8_2_01B06962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B06962 mov eax, dword ptr fs:[00000030h] 8_2_01B06962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B06962 mov eax, dword ptr fs:[00000030h] 8_2_01B06962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2096E mov eax, dword ptr fs:[00000030h] 8_2_01B2096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2096E mov edx, dword ptr fs:[00000030h] 8_2_01B2096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B2096E mov eax, dword ptr fs:[00000030h] 8_2_01B2096E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B60946 mov eax, dword ptr fs:[00000030h] 8_2_01B60946
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4940 mov eax, dword ptr fs:[00000030h] 8_2_01BB4940
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0887 mov eax, dword ptr fs:[00000030h] 8_2_01AE0887
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6C89D mov eax, dword ptr fs:[00000030h] 8_2_01B6C89D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C8F9 mov eax, dword ptr fs:[00000030h] 8_2_01B1C8F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1C8F9 mov eax, dword ptr fs:[00000030h] 8_2_01B1C8F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAA8E4 mov eax, dword ptr fs:[00000030h] 8_2_01BAA8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0E8C0 mov eax, dword ptr fs:[00000030h] 8_2_01B0E8C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB08C0 mov eax, dword ptr fs:[00000030h] 8_2_01BB08C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1A830 mov eax, dword ptr fs:[00000030h] 8_2_01B1A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8483A mov eax, dword ptr fs:[00000030h] 8_2_01B8483A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8483A mov eax, dword ptr fs:[00000030h] 8_2_01B8483A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h] 8_2_01B02835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h] 8_2_01B02835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h] 8_2_01B02835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02835 mov ecx, dword ptr fs:[00000030h] 8_2_01B02835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h] 8_2_01B02835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h] 8_2_01B02835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6C810 mov eax, dword ptr fs:[00000030h] 8_2_01B6C810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6E872 mov eax, dword ptr fs:[00000030h] 8_2_01B6E872
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6E872 mov eax, dword ptr fs:[00000030h] 8_2_01B6E872
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B76870 mov eax, dword ptr fs:[00000030h] 8_2_01B76870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B76870 mov eax, dword ptr fs:[00000030h] 8_2_01B76870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B10854 mov eax, dword ptr fs:[00000030h] 8_2_01B10854
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF2840 mov ecx, dword ptr fs:[00000030h] 8_2_01AF2840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4859 mov eax, dword ptr fs:[00000030h] 8_2_01AE4859
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE4859 mov eax, dword ptr fs:[00000030h] 8_2_01AE4859
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B94BB0 mov eax, dword ptr fs:[00000030h] 8_2_01B94BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B94BB0 mov eax, dword ptr fs:[00000030h] 8_2_01B94BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0BBE mov eax, dword ptr fs:[00000030h] 8_2_01AF0BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AF0BBE mov eax, dword ptr fs:[00000030h] 8_2_01AF0BBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6CBF0 mov eax, dword ptr fs:[00000030h] 8_2_01B6CBF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0EBFC mov eax, dword ptr fs:[00000030h] 8_2_01B0EBFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8BF0 mov eax, dword ptr fs:[00000030h] 8_2_01AE8BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8BF0 mov eax, dword ptr fs:[00000030h] 8_2_01AE8BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8BF0 mov eax, dword ptr fs:[00000030h] 8_2_01AE8BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0BCD mov eax, dword ptr fs:[00000030h] 8_2_01AE0BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0BCD mov eax, dword ptr fs:[00000030h] 8_2_01AE0BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0BCD mov eax, dword ptr fs:[00000030h] 8_2_01AE0BCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8EBD0 mov eax, dword ptr fs:[00000030h] 8_2_01B8EBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B00BCB mov eax, dword ptr fs:[00000030h] 8_2_01B00BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B00BCB mov eax, dword ptr fs:[00000030h] 8_2_01B00BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B00BCB mov eax, dword ptr fs:[00000030h] 8_2_01B00BCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0EB20 mov eax, dword ptr fs:[00000030h] 8_2_01B0EB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0EB20 mov eax, dword ptr fs:[00000030h] 8_2_01B0EB20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA8B28 mov eax, dword ptr fs:[00000030h] 8_2_01BA8B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BA8B28 mov eax, dword ptr fs:[00000030h] 8_2_01BA8B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h] 8_2_01B5EB1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4B00 mov eax, dword ptr fs:[00000030h] 8_2_01BB4B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01ADCB7E mov eax, dword ptr fs:[00000030h] 8_2_01ADCB7E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8EB50 mov eax, dword ptr fs:[00000030h] 8_2_01B8EB50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h] 8_2_01BB2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h] 8_2_01BB2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h] 8_2_01BB2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h] 8_2_01BB2B57
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B94B4B mov eax, dword ptr fs:[00000030h] 8_2_01B94B4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B94B4B mov eax, dword ptr fs:[00000030h] 8_2_01B94B4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B76B40 mov eax, dword ptr fs:[00000030h] 8_2_01B76B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B76B40 mov eax, dword ptr fs:[00000030h] 8_2_01B76B40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BAAB40 mov eax, dword ptr fs:[00000030h] 8_2_01BAAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B88B42 mov eax, dword ptr fs:[00000030h] 8_2_01B88B42
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AD8B50 mov eax, dword ptr fs:[00000030h] 8_2_01AD8B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8AA0 mov eax, dword ptr fs:[00000030h] 8_2_01AE8AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE8AA0 mov eax, dword ptr fs:[00000030h] 8_2_01AE8AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B36AA4 mov eax, dword ptr fs:[00000030h] 8_2_01B36AA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B18A90 mov edx, dword ptr fs:[00000030h] 8_2_01B18A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h] 8_2_01AEEA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01BB4A80 mov eax, dword ptr fs:[00000030h] 8_2_01BB4A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1AAEE mov eax, dword ptr fs:[00000030h] 8_2_01B1AAEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1AAEE mov eax, dword ptr fs:[00000030h] 8_2_01B1AAEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B14AD0 mov eax, dword ptr fs:[00000030h] 8_2_01B14AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B14AD0 mov eax, dword ptr fs:[00000030h] 8_2_01B14AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01AE0AD0 mov eax, dword ptr fs:[00000030h] 8_2_01AE0AD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B36ACC mov eax, dword ptr fs:[00000030h] 8_2_01B36ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B36ACC mov eax, dword ptr fs:[00000030h] 8_2_01B36ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B36ACC mov eax, dword ptr fs:[00000030h] 8_2_01B36ACC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B04A35 mov eax, dword ptr fs:[00000030h] 8_2_01B04A35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B04A35 mov eax, dword ptr fs:[00000030h] 8_2_01B04A35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1CA38 mov eax, dword ptr fs:[00000030h] 8_2_01B1CA38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1CA24 mov eax, dword ptr fs:[00000030h] 8_2_01B1CA24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B0EA2E mov eax, dword ptr fs:[00000030h] 8_2_01B0EA2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B6CA11 mov eax, dword ptr fs:[00000030h] 8_2_01B6CA11
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5CA72 mov eax, dword ptr fs:[00000030h] 8_2_01B5CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B5CA72 mov eax, dword ptr fs:[00000030h] 8_2_01B5CA72
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B8EA60 mov eax, dword ptr fs:[00000030h] 8_2_01B8EA60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Code function: 8_2_01B1CA6F mov eax, dword ptr fs:[00000030h] 8_2_01B1CA6F
Enables debug privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.11.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.11.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.11.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.11.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.11.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1539814 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 23/10/2024 Architecture: WINDOWS Score: 100 28 Malicious sample detected (through community Yara rule) 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected FormBook 2->32 34 5 other signatures 2->34 7 SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe 4 2->7         started        process3 file4 26 SecuriteInfo.com.W...12389.27465.exe.log, ASCII 7->26 dropped 36 Adds a directory exclusion to Windows Defender 7->36 38 Injects a PE file into a foreign processes 7->38 11 powershell.exe 23 7->11         started        14 SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe 7->14         started        16 SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe 7->16         started        18 2 other processes 7->18 signatures5 process6 signatures7 40 Loading BitLocker PowerShell Module 11->40 20 WmiPrvSE.exe 11->20         started        22 conhost.exe 11->22         started        24 WerFault.exe 22 16 14->24         started        process8
No contacted IP infos