Windows Analysis Report
TNT Original Documents AWB 8013580.bat.exe

Overview

General Information

Sample name: TNT Original Documents AWB 8013580.bat.exe
Analysis ID: 1533040
MD5: 4547d92046a773ade182813b8dab2808
SHA1: c93a0f354cfc5d4ede8ac6598fbfd48270344367
SHA256: 86564d4471500d3932d0afddc8a0a524982e6b7f3a70630d47e214d31bd166e5
Tags: batexeTNTuser-abuse_ch
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: TNT Original Documents AWB 8013580.bat.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: TNT Original Documents AWB 8013580.bat.exe Virustotal: Detection: 32% Perma Link
Yara detected FormBook
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: TNT Original Documents AWB 8013580.bat.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: TNT Original Documents AWB 8013580.bat.exe, TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp
Source: TNT Original Documents AWB 8013580.bat.exe String found in binary or memory: http://tempuri.org/DataSet1.xsd

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: TNT Original Documents AWB 8013580.bat.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0042C303 NtClose, 4_2_0042C303
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2DF0 NtQuerySystemInformation,LdrInitializeThunk, 4_2_016A2DF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2C70 NtFreeVirtualMemory,LdrInitializeThunk, 4_2_016A2C70
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A35C0 NtCreateMutant,LdrInitializeThunk, 4_2_016A35C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A4340 NtSetContextThread, 4_2_016A4340
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A4650 NtSuspendThread, 4_2_016A4650
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2B60 NtClose, 4_2_016A2B60
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2BE0 NtQueryValueKey, 4_2_016A2BE0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2BF0 NtAllocateVirtualMemory, 4_2_016A2BF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2BA0 NtEnumerateValueKey, 4_2_016A2BA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2B80 NtQueryInformationFile, 4_2_016A2B80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2AF0 NtWriteFile, 4_2_016A2AF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2AD0 NtReadFile, 4_2_016A2AD0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2AB0 NtWaitForSingleObject, 4_2_016A2AB0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2D30 NtUnmapViewOfSection, 4_2_016A2D30
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2D00 NtSetInformationFile, 4_2_016A2D00
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2D10 NtMapViewOfSection, 4_2_016A2D10
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2DD0 NtDelayExecution, 4_2_016A2DD0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2DB0 NtEnumerateKey, 4_2_016A2DB0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2C60 NtCreateKey, 4_2_016A2C60
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2C00 NtQueryInformationProcess, 4_2_016A2C00
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2CF0 NtOpenProcess, 4_2_016A2CF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2CC0 NtQueryVirtualMemory, 4_2_016A2CC0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2CA0 NtQueryInformationToken, 4_2_016A2CA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2F60 NtCreateProcessEx, 4_2_016A2F60
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2F30 NtCreateSection, 4_2_016A2F30
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2FE0 NtCreateFile, 4_2_016A2FE0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2FA0 NtQuerySection, 4_2_016A2FA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2FB0 NtResumeThread, 4_2_016A2FB0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2F90 NtProtectVirtualMemory, 4_2_016A2F90
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2E30 NtWriteVirtualMemory, 4_2_016A2E30
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2EE0 NtQueueApcThread, 4_2_016A2EE0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2EA0 NtAdjustPrivilegesToken, 4_2_016A2EA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2E80 NtReadVirtualMemory, 4_2_016A2E80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A3010 NtOpenDirectoryObject, 4_2_016A3010
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A3090 NtSetValueKey, 4_2_016A3090
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A39B0 NtGetContextThread, 4_2_016A39B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A3D70 NtOpenThread, 4_2_016A3D70
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A3D10 NtOpenProcessToken, 4_2_016A3D10
Detected potential crypto function
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_009EE1F4 0_2_009EE1F4
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_06F87B30 0_2_06F87B30
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_06F87B22 0_2_06F87B22
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_07036B90 0_2_07036B90
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_07032457 0_2_07032457
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_07032468 0_2_07032468
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_0703328F 0_2_0703328F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_070332A0 0_2_070332A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_07030818 0_2_07030818
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_07030830 0_2_07030830
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_070328A0 0_2_070328A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00403040 4_2_00403040
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0042E903 4_2_0042E903
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00401210 4_2_00401210
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0040FB53 4_2_0040FB53
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00402370 4_2_00402370
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_004164C3 4_2_004164C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0040FD73 4_2_0040FD73
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0040DDF3 4_2_0040DDF3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F8158 4_2_016F8158
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660100 4_2_01660100
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170A118 4_2_0170A118
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017281CC 4_2_017281CC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017301AA 4_2_017301AA
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172A352 4_2_0172A352
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017303E6 4_2_017303E6
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E3F0 4_2_0167E3F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F02C0 4_2_016F02C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01730591 4_2_01730591
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01722446 4_2_01722446
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01714420 4_2_01714420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171E4F6 4_2_0171E4F6
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01694750 4_2_01694750
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166C7C0 4_2_0166C7C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168C6E0 4_2_0168C6E0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01686962 4_2_01686962
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0173A9A6 4_2_0173A9A6
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01672840 4_2_01672840
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167A840 4_2_0167A840
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E8F0 4_2_0169E8F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016568B8 4_2_016568B8
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172AB40 4_2_0172AB40
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01726BD7 4_2_01726BD7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167AD00 4_2_0167AD00
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170CD1F 4_2_0170CD1F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166ADE0 4_2_0166ADE0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01688DBF 4_2_01688DBF
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670C00 4_2_01670C00
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660CF2 4_2_01660CF2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710CB5 4_2_01710CB5
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E4F40 4_2_016E4F40
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01712F30 4_2_01712F30
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B2F28 4_2_016B2F28
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01690F30 4_2_01690F30
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167CFE0 4_2_0167CFE0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01662FC8 4_2_01662FC8
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EEFA0 4_2_016EEFA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670E59 4_2_01670E59
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172EE26 4_2_0172EE26
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172EEDB 4_2_0172EEDB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172CE93 4_2_0172CE93
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682E90 4_2_01682E90
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A516C 4_2_016A516C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165F172 4_2_0165F172
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0173B16B 4_2_0173B16B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167B1B0 4_2_0167B1B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172F0E0 4_2_0172F0E0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017270E9 4_2_017270E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016770C0 4_2_016770C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171F0CC 4_2_0171F0CC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165D34C 4_2_0165D34C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172132D 4_2_0172132D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B739A 4_2_016B739A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017112ED 4_2_017112ED
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168B2C0 4_2_0168B2C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016752A0 4_2_016752A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01727571 4_2_01727571
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170D5B0 4_2_0170D5B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01661460 4_2_01661460
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172F43F 4_2_0172F43F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172F7B0 4_2_0172F7B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017216CC 4_2_017216CC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01679950 4_2_01679950
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168B950 4_2_0168B950
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01705910 4_2_01705910
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DD800 4_2_016DD800
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016738E0 4_2_016738E0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172FB76 4_2_0172FB76
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016ADBF9 4_2_016ADBF9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E5BF0 4_2_016E5BF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168FB80 4_2_0168FB80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E3A6C 4_2_016E3A6C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01727A46 4_2_01727A46
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172FA49 4_2_0172FA49
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171DAC6 4_2_0171DAC6
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B5AA0 4_2_016B5AA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01711AA3 4_2_01711AA3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170DAAC 4_2_0170DAAC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01727D73 4_2_01727D73
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01673D40 4_2_01673D40
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01721D5A 4_2_01721D5A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168FDC0 4_2_0168FDC0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E9C32 4_2_016E9C32
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172FCF2 4_2_0172FCF2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172FF09 4_2_0172FF09
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172FFB1 4_2_0172FFB1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01671F92 4_2_01671F92
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01679EB0 4_2_01679EB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: String function: 016EF290 appears 105 times
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: String function: 016B7E54 appears 101 times
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: String function: 016DEA12 appears 86 times
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: String function: 016A5130 appears 58 times
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: String function: 0165B970 appears 280 times
Sample file is different than original file name gathered from version info
Source: TNT Original Documents AWB 8013580.bat.exe, 00000000.00000002.1412907442.00000000009FE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs TNT Original Documents AWB 8013580.bat.exe
Source: TNT Original Documents AWB 8013580.bat.exe, 00000000.00000000.1393219321.00000000002B2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamelKk.exeD vs TNT Original Documents AWB 8013580.bat.exe
Source: TNT Original Documents AWB 8013580.bat.exe, 00000000.00000002.1418264494.00000000073A0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs TNT Original Documents AWB 8013580.bat.exe
Source: TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.000000000175D000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs TNT Original Documents AWB 8013580.bat.exe
Source: TNT Original Documents AWB 8013580.bat.exe Binary or memory string: OriginalFilenamelKk.exeD vs TNT Original Documents AWB 8013580.bat.exe
Uses 32bit PE files
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: _0020.SetAccessControl
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: _0020.AddAccessRule
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, jX0cIPCFeyLeq3FhA2.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, jX0cIPCFeyLeq3FhA2.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: _0020.SetAccessControl
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: _0020.AddAccessRule
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: _0020.SetAccessControl
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.cs Security API names: _0020.AddAccessRule
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, jX0cIPCFeyLeq3FhA2.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: classification engine Classification label: mal100.troj.evad.winEXE@5/1@0/0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TNT Original Documents AWB 8013580.bat.exe.log Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Mutant created: NULL
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: TNT Original Documents AWB 8013580.bat.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: TNT Original Documents AWB 8013580.bat.exe Virustotal: Detection: 32%
Source: unknown Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe"
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe" Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe" Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wntdll.pdbUGP source: TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: TNT Original Documents AWB 8013580.bat.exe, TNT Original Documents AWB 8013580.bat.exe, 00000004.00000002.1799521744.0000000001630000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.cs .Net Code: ojLbjS7eBS System.Reflection.Assembly.Load(byte[])
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.cs .Net Code: ojLbjS7eBS System.Reflection.Assembly.Load(byte[])
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.cs .Net Code: ojLbjS7eBS System.Reflection.Assembly.Load(byte[])
Binary contains a suspicious time stamp
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: 0x86F70E0E [Wed Oct 2 14:45:34 2041 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 0_2_06F8E008 push es; iretd 0_2_06F8E01C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00414061 push es; iretd 4_2_00414075
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0041F19B push ecx; retf 4_2_0041F19C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00401A71 pushfd ; retf 4_2_00401ABE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_004032C0 push eax; ret 4_2_004032C2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_004162CC pushad ; ret 4_2_004162CD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_004233F0 push ebx; retf 4_2_004233F1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00404D68 push es; retf 4_2_00404D6F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00413DC3 push edx; retf 4_2_00413DFD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00414632 push es; iretd 4_2_00414633
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00413E3A push edx; retf 4_2_00413DFD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00415723 push edx; ret 4_2_004157E6
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00404FCF push 001D5E1Fh; retf 4_2_00404FD4
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00401F9C push esp; ret 4_2_00401FAE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016609AD push ecx; mov dword ptr [esp], ecx 4_2_016609B6
Source: TNT Original Documents AWB 8013580.bat.exe Static PE information: section name: .text entropy: 7.7700013936624215
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, Wj7fLirFPn8MH5d7Bo.cs High entropy of concatenated method names: 'rA3j9pFs8', 'eAuKKcRgp', 'it4f9E3GD', 'xP0JRhAyS', 'cqMFsQuhl', 'wnCUbCnbV', 'zIiVLaGCGs65gS4A1o', 'uf9UHaUpTpcbKKemtx', 'SqCdNP7Hd', 'llBPEfxT0'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, HAZjjD68JPWbCyDYLl8.cs High entropy of concatenated method names: 'TAU3O9WjYj', 'Nu13H7sQyG', 'gMg3jX6wpn', 'NcI3KPO0Jn', 'xeQ30UqD8L', 'c4y3f7syKa', 'HPQ3JeMNj3', 'YG93ClwVsG', 'Xu03Fju1og', 'Fh23U7vkEu'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, p2y1Gqa6QgWelXO7N2.cs High entropy of concatenated method names: 'Dispose', 'f4b6yka4WQ', 'kqUrhwSqFe', 'hSV22k8atB', 'CC66iIrkPg', 'O7b6z5IXEa', 'ProcessDialogKey', 'M9Rr8Kusd8', 'ugBr6fhsOh', 'Q1wrrYBIGZ'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, d1x5ehhspujKTqfvvl.cs High entropy of concatenated method names: 'QVFf5T4r7rUNg3sSvX1', 'wlXgLx4T0HmRyECSZdl', 'K0YAdmmDfM', 'WyGA31uLc7', 'HXOAPggZiC', 'fIhFn04WSy6Is82CqVu', 'WSY6sj4bfUPJ4ytNwYG'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, Kh3mY5U4j7G1GH3kaV.cs High entropy of concatenated method names: 'ojIt05h1gw', 'KwVtJqSTgj', 'w7DoDqh6Ox', 'FU6olqmG0c', 'J8FommwBuN', 'Dljokxo8ZJ', 'lJJogMeisc', 'UXCo10rbxy', 'HKIoqu1wAg', 'cgVoWFam1d'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, jBIGZviTWASKt3GFX4.cs High entropy of concatenated method names: 'j2J36cHE62', 'kTv3TkoEWJ', 'WQq3bgv95u', 'xTY3Eveiga', 'uRi3ahrOis', 'r2A3tuKnG8', 'F1y3AV5dtm', 'lahdB2Ritc', 'CdDdvsqvl5', 'k53dyFXtsj'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, MGiMTfga5WSy0W5LrN.cs High entropy of concatenated method names: 'p98YEQHvBH', 'WY8Yo55ojq', 'uicYAl4Y9Z', 'lUZAisYICl', 'wfgAznFXQq', 'dvYY8Lk5D7', 'OI2Y6Sk8Tt', 'XggYr7WqKy', 'jBQYTnydZj', 'KmCYbq2dHI'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, UKusd8yQgBfhsOhu1w.cs High entropy of concatenated method names: 'ApRdXjYQ4N', 'pbUdhXHlGL', 's2KdDgGf0w', 'Y1pdl8DZvC', 'TUDdumxEv1', 'WlFdmOX7ih', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, iRksO5StIoBmnRGTNr.cs High entropy of concatenated method names: 'wJUcx1C97l', 'o4pc5II45G', 'ToString', 'tZYcEsDEQI', 'B2ucaLxIl3', 'lOHcoWtncP', 'za1ctKFUCg', 'imLcA3wceb', 'UR4cY21UEZ', 'vtgcZS3A9r'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, lJsFHW7S8ledgDIW1R.cs High entropy of concatenated method names: 'ngacvnKa9h', 'di1ciTOGlb', 'pSjd89QIor', 'oQLd6fepp6', 'ywXcp7cLYj', 'rnwc9U0M2x', 'UDccwrh9yu', 'dWocukk4VS', 'wRPcnyxYxc', 'pIIcIXxV4v'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, xln1v8ZdSWuorwKwZI.cs High entropy of concatenated method names: 'cJ3TLMJN2M', 'WOoTEbJFVk', 'MViTamZaj3', 'jRfToyOUUC', 'dIATtFjfZq', 'lWUTA5hMwN', 'GqjTYB2Py6', 'pycTZU8yIx', 'VjTTeWMHSt', 'kihTxS2SBW'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, O0gdhnbf3lrCsrZgWS.cs High entropy of concatenated method names: 'YmY6YX0cIP', 'Eey6ZLeq3F', 'MNf6xpeBnv', 'Mvq65Ikh3m', 'y3k6saVUAf', 'j8H6GFAFPD', 'tKf9j2A5oicyEJ9JKW', 'EFyFdElXDqVNeSYyqv', 'Ipl66BQa0S', 'EK66TaXtX3'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, D6IrkPvgp7b5IXEaq9.cs High entropy of concatenated method names: 'mZXdEQRtWW', 'WMkda4G9Zx', 'Q3bdoMF7yp', 'EPWdt47Ltk', 'G32dAP5rLi', 'IGsdYtynFu', 'noJdZCfX66', 'krjdel0hi5', 'jpXdx91rL2', 'cA0d5cF1yU'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, ohSXa2Irpkg80A21VE.cs High entropy of concatenated method names: 'ToString', 'y4YGpLEthQ', 'LUeGhD5MHs', 'OFPGD2qPNq', 'rJCGlOKCMD', 'KFfGmQx1Xa', 'eDPGkGWOQ1', 'TfaGguN1de', 'WE3G1pqP4B', 'WGWGqSewKo'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, QJc5HtoI6HCrLrhPgw.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BVEryu5shA', 'D1DrifrVYk', 'jFtrzxZywn', 'X9IT893sv4', 'PtrT6C5aB9', 'B3UTrddtMu', 'dqtTTZGVji', 'jsE4naJaX6NhPAOOnJC'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, qhoJGBwcuWcdRvmcQJ.cs High entropy of concatenated method names: 'y2oMC0QT0u', 'MxFMFSdhP2', 'MNpMXIDMGe', 'VAYMhMFKT2', 'LulMlaojAj', 'jdeMmH1rUv', 'L2SMgocMH8', 'NZ6M14S5yd', 'b4vMWBP1K5', 'uqIMpT2xSD'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, DntW2qFNfpeBnv1vqI.cs High entropy of concatenated method names: 'jvPoKbZJV6', 'SDSofWgsSo', 'jc6oCCZNxp', 'UMNoFaPgl5', 'O3jos8RnFu', 'jeIoGQq3OL', 'EuSoc3UH1k', 'pnModkd7FR', 'tT0o3KcZC3', 'mtroPxRRjp'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, rHEZxjqLAe7fPGjxJY.cs High entropy of concatenated method names: 'IDvYOOW6Mi', 'a4MYH9Qgtu', 'SC0YjtBJrX', 'LnJYKRHc6f', 'aEBY0ms5As', 'jLiYf3WyML', 'NuaYJTfrhx', 'NUsYCTuo1a', 'VmaYFGG4nv', 'dZQYUu0QBy'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, tSJUo46TZqkPs1mgxMa.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QkaPuEM7V5', 'GXXPn3RmfS', 'rQwPI7WqgA', 'Ni2PSQGUmy', 'oRcPRHPPuA', 'BtGP7sZLp6', 'ITvPBXOvKM'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, jX0cIPCFeyLeq3FhA2.cs High entropy of concatenated method names: 'fBXausDeO1', 'VGBan17SIZ', 'H2aaICEwyS', 'UGUaS4aLZ0', 'iXZaRr15HH', 'qXga7wMCKG', 'wc6aB008bb', 'yOaav2xA59', 'piRayI55hH', 'Gbvait2o2d'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, FAfY8HXFAFPDpNlYjG.cs High entropy of concatenated method names: 'DChALeH8w5', 'F6hAa0O70b', 'kuWAtEoNM3', 'GZCAYUGTqu', 'JCVAZbwB6t', 'pLItRbb49j', 'nLLt73AikB', 'fqUtBobw8L', 'JYvtvSPT2Q', 'JB9tyemugv'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.73a0000.5.raw.unpack, RfiI1Zu4Eogyerhd7p.cs High entropy of concatenated method names: 'eOOsWGeb3N', 'aA6s985KBO', 'YjxsuWV4DP', 'L1WsnjakF9', 'lnhsh1rvKF', 'NmAsDLULQU', 'QmYslnR0Ud', 'ykPsma0u7q', 'zJ4skmD41L', 'VY9sgWsalf'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, Wj7fLirFPn8MH5d7Bo.cs High entropy of concatenated method names: 'rA3j9pFs8', 'eAuKKcRgp', 'it4f9E3GD', 'xP0JRhAyS', 'cqMFsQuhl', 'wnCUbCnbV', 'zIiVLaGCGs65gS4A1o', 'uf9UHaUpTpcbKKemtx', 'SqCdNP7Hd', 'llBPEfxT0'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, HAZjjD68JPWbCyDYLl8.cs High entropy of concatenated method names: 'TAU3O9WjYj', 'Nu13H7sQyG', 'gMg3jX6wpn', 'NcI3KPO0Jn', 'xeQ30UqD8L', 'c4y3f7syKa', 'HPQ3JeMNj3', 'YG93ClwVsG', 'Xu03Fju1og', 'Fh23U7vkEu'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, p2y1Gqa6QgWelXO7N2.cs High entropy of concatenated method names: 'Dispose', 'f4b6yka4WQ', 'kqUrhwSqFe', 'hSV22k8atB', 'CC66iIrkPg', 'O7b6z5IXEa', 'ProcessDialogKey', 'M9Rr8Kusd8', 'ugBr6fhsOh', 'Q1wrrYBIGZ'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, d1x5ehhspujKTqfvvl.cs High entropy of concatenated method names: 'QVFf5T4r7rUNg3sSvX1', 'wlXgLx4T0HmRyECSZdl', 'K0YAdmmDfM', 'WyGA31uLc7', 'HXOAPggZiC', 'fIhFn04WSy6Is82CqVu', 'WSY6sj4bfUPJ4ytNwYG'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, Kh3mY5U4j7G1GH3kaV.cs High entropy of concatenated method names: 'ojIt05h1gw', 'KwVtJqSTgj', 'w7DoDqh6Ox', 'FU6olqmG0c', 'J8FommwBuN', 'Dljokxo8ZJ', 'lJJogMeisc', 'UXCo10rbxy', 'HKIoqu1wAg', 'cgVoWFam1d'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, jBIGZviTWASKt3GFX4.cs High entropy of concatenated method names: 'j2J36cHE62', 'kTv3TkoEWJ', 'WQq3bgv95u', 'xTY3Eveiga', 'uRi3ahrOis', 'r2A3tuKnG8', 'F1y3AV5dtm', 'lahdB2Ritc', 'CdDdvsqvl5', 'k53dyFXtsj'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, MGiMTfga5WSy0W5LrN.cs High entropy of concatenated method names: 'p98YEQHvBH', 'WY8Yo55ojq', 'uicYAl4Y9Z', 'lUZAisYICl', 'wfgAznFXQq', 'dvYY8Lk5D7', 'OI2Y6Sk8Tt', 'XggYr7WqKy', 'jBQYTnydZj', 'KmCYbq2dHI'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, UKusd8yQgBfhsOhu1w.cs High entropy of concatenated method names: 'ApRdXjYQ4N', 'pbUdhXHlGL', 's2KdDgGf0w', 'Y1pdl8DZvC', 'TUDdumxEv1', 'WlFdmOX7ih', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, iRksO5StIoBmnRGTNr.cs High entropy of concatenated method names: 'wJUcx1C97l', 'o4pc5II45G', 'ToString', 'tZYcEsDEQI', 'B2ucaLxIl3', 'lOHcoWtncP', 'za1ctKFUCg', 'imLcA3wceb', 'UR4cY21UEZ', 'vtgcZS3A9r'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, lJsFHW7S8ledgDIW1R.cs High entropy of concatenated method names: 'ngacvnKa9h', 'di1ciTOGlb', 'pSjd89QIor', 'oQLd6fepp6', 'ywXcp7cLYj', 'rnwc9U0M2x', 'UDccwrh9yu', 'dWocukk4VS', 'wRPcnyxYxc', 'pIIcIXxV4v'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, xln1v8ZdSWuorwKwZI.cs High entropy of concatenated method names: 'cJ3TLMJN2M', 'WOoTEbJFVk', 'MViTamZaj3', 'jRfToyOUUC', 'dIATtFjfZq', 'lWUTA5hMwN', 'GqjTYB2Py6', 'pycTZU8yIx', 'VjTTeWMHSt', 'kihTxS2SBW'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, O0gdhnbf3lrCsrZgWS.cs High entropy of concatenated method names: 'YmY6YX0cIP', 'Eey6ZLeq3F', 'MNf6xpeBnv', 'Mvq65Ikh3m', 'y3k6saVUAf', 'j8H6GFAFPD', 'tKf9j2A5oicyEJ9JKW', 'EFyFdElXDqVNeSYyqv', 'Ipl66BQa0S', 'EK66TaXtX3'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, D6IrkPvgp7b5IXEaq9.cs High entropy of concatenated method names: 'mZXdEQRtWW', 'WMkda4G9Zx', 'Q3bdoMF7yp', 'EPWdt47Ltk', 'G32dAP5rLi', 'IGsdYtynFu', 'noJdZCfX66', 'krjdel0hi5', 'jpXdx91rL2', 'cA0d5cF1yU'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, ohSXa2Irpkg80A21VE.cs High entropy of concatenated method names: 'ToString', 'y4YGpLEthQ', 'LUeGhD5MHs', 'OFPGD2qPNq', 'rJCGlOKCMD', 'KFfGmQx1Xa', 'eDPGkGWOQ1', 'TfaGguN1de', 'WE3G1pqP4B', 'WGWGqSewKo'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, QJc5HtoI6HCrLrhPgw.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BVEryu5shA', 'D1DrifrVYk', 'jFtrzxZywn', 'X9IT893sv4', 'PtrT6C5aB9', 'B3UTrddtMu', 'dqtTTZGVji', 'jsE4naJaX6NhPAOOnJC'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, qhoJGBwcuWcdRvmcQJ.cs High entropy of concatenated method names: 'y2oMC0QT0u', 'MxFMFSdhP2', 'MNpMXIDMGe', 'VAYMhMFKT2', 'LulMlaojAj', 'jdeMmH1rUv', 'L2SMgocMH8', 'NZ6M14S5yd', 'b4vMWBP1K5', 'uqIMpT2xSD'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, DntW2qFNfpeBnv1vqI.cs High entropy of concatenated method names: 'jvPoKbZJV6', 'SDSofWgsSo', 'jc6oCCZNxp', 'UMNoFaPgl5', 'O3jos8RnFu', 'jeIoGQq3OL', 'EuSoc3UH1k', 'pnModkd7FR', 'tT0o3KcZC3', 'mtroPxRRjp'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, rHEZxjqLAe7fPGjxJY.cs High entropy of concatenated method names: 'IDvYOOW6Mi', 'a4MYH9Qgtu', 'SC0YjtBJrX', 'LnJYKRHc6f', 'aEBY0ms5As', 'jLiYf3WyML', 'NuaYJTfrhx', 'NUsYCTuo1a', 'VmaYFGG4nv', 'dZQYUu0QBy'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, tSJUo46TZqkPs1mgxMa.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QkaPuEM7V5', 'GXXPn3RmfS', 'rQwPI7WqgA', 'Ni2PSQGUmy', 'oRcPRHPPuA', 'BtGP7sZLp6', 'ITvPBXOvKM'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, jX0cIPCFeyLeq3FhA2.cs High entropy of concatenated method names: 'fBXausDeO1', 'VGBan17SIZ', 'H2aaICEwyS', 'UGUaS4aLZ0', 'iXZaRr15HH', 'qXga7wMCKG', 'wc6aB008bb', 'yOaav2xA59', 'piRayI55hH', 'Gbvait2o2d'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, FAfY8HXFAFPDpNlYjG.cs High entropy of concatenated method names: 'DChALeH8w5', 'F6hAa0O70b', 'kuWAtEoNM3', 'GZCAYUGTqu', 'JCVAZbwB6t', 'pLItRbb49j', 'nLLt73AikB', 'fqUtBobw8L', 'JYvtvSPT2Q', 'JB9tyemugv'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.38ff420.2.raw.unpack, RfiI1Zu4Eogyerhd7p.cs High entropy of concatenated method names: 'eOOsWGeb3N', 'aA6s985KBO', 'YjxsuWV4DP', 'L1WsnjakF9', 'lnhsh1rvKF', 'NmAsDLULQU', 'QmYslnR0Ud', 'ykPsma0u7q', 'zJ4skmD41L', 'VY9sgWsalf'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, Wj7fLirFPn8MH5d7Bo.cs High entropy of concatenated method names: 'rA3j9pFs8', 'eAuKKcRgp', 'it4f9E3GD', 'xP0JRhAyS', 'cqMFsQuhl', 'wnCUbCnbV', 'zIiVLaGCGs65gS4A1o', 'uf9UHaUpTpcbKKemtx', 'SqCdNP7Hd', 'llBPEfxT0'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, HAZjjD68JPWbCyDYLl8.cs High entropy of concatenated method names: 'TAU3O9WjYj', 'Nu13H7sQyG', 'gMg3jX6wpn', 'NcI3KPO0Jn', 'xeQ30UqD8L', 'c4y3f7syKa', 'HPQ3JeMNj3', 'YG93ClwVsG', 'Xu03Fju1og', 'Fh23U7vkEu'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, p2y1Gqa6QgWelXO7N2.cs High entropy of concatenated method names: 'Dispose', 'f4b6yka4WQ', 'kqUrhwSqFe', 'hSV22k8atB', 'CC66iIrkPg', 'O7b6z5IXEa', 'ProcessDialogKey', 'M9Rr8Kusd8', 'ugBr6fhsOh', 'Q1wrrYBIGZ'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, d1x5ehhspujKTqfvvl.cs High entropy of concatenated method names: 'QVFf5T4r7rUNg3sSvX1', 'wlXgLx4T0HmRyECSZdl', 'K0YAdmmDfM', 'WyGA31uLc7', 'HXOAPggZiC', 'fIhFn04WSy6Is82CqVu', 'WSY6sj4bfUPJ4ytNwYG'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, Kh3mY5U4j7G1GH3kaV.cs High entropy of concatenated method names: 'ojIt05h1gw', 'KwVtJqSTgj', 'w7DoDqh6Ox', 'FU6olqmG0c', 'J8FommwBuN', 'Dljokxo8ZJ', 'lJJogMeisc', 'UXCo10rbxy', 'HKIoqu1wAg', 'cgVoWFam1d'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, jBIGZviTWASKt3GFX4.cs High entropy of concatenated method names: 'j2J36cHE62', 'kTv3TkoEWJ', 'WQq3bgv95u', 'xTY3Eveiga', 'uRi3ahrOis', 'r2A3tuKnG8', 'F1y3AV5dtm', 'lahdB2Ritc', 'CdDdvsqvl5', 'k53dyFXtsj'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, MGiMTfga5WSy0W5LrN.cs High entropy of concatenated method names: 'p98YEQHvBH', 'WY8Yo55ojq', 'uicYAl4Y9Z', 'lUZAisYICl', 'wfgAznFXQq', 'dvYY8Lk5D7', 'OI2Y6Sk8Tt', 'XggYr7WqKy', 'jBQYTnydZj', 'KmCYbq2dHI'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, UKusd8yQgBfhsOhu1w.cs High entropy of concatenated method names: 'ApRdXjYQ4N', 'pbUdhXHlGL', 's2KdDgGf0w', 'Y1pdl8DZvC', 'TUDdumxEv1', 'WlFdmOX7ih', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, iRksO5StIoBmnRGTNr.cs High entropy of concatenated method names: 'wJUcx1C97l', 'o4pc5II45G', 'ToString', 'tZYcEsDEQI', 'B2ucaLxIl3', 'lOHcoWtncP', 'za1ctKFUCg', 'imLcA3wceb', 'UR4cY21UEZ', 'vtgcZS3A9r'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, lJsFHW7S8ledgDIW1R.cs High entropy of concatenated method names: 'ngacvnKa9h', 'di1ciTOGlb', 'pSjd89QIor', 'oQLd6fepp6', 'ywXcp7cLYj', 'rnwc9U0M2x', 'UDccwrh9yu', 'dWocukk4VS', 'wRPcnyxYxc', 'pIIcIXxV4v'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, xln1v8ZdSWuorwKwZI.cs High entropy of concatenated method names: 'cJ3TLMJN2M', 'WOoTEbJFVk', 'MViTamZaj3', 'jRfToyOUUC', 'dIATtFjfZq', 'lWUTA5hMwN', 'GqjTYB2Py6', 'pycTZU8yIx', 'VjTTeWMHSt', 'kihTxS2SBW'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, O0gdhnbf3lrCsrZgWS.cs High entropy of concatenated method names: 'YmY6YX0cIP', 'Eey6ZLeq3F', 'MNf6xpeBnv', 'Mvq65Ikh3m', 'y3k6saVUAf', 'j8H6GFAFPD', 'tKf9j2A5oicyEJ9JKW', 'EFyFdElXDqVNeSYyqv', 'Ipl66BQa0S', 'EK66TaXtX3'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, D6IrkPvgp7b5IXEaq9.cs High entropy of concatenated method names: 'mZXdEQRtWW', 'WMkda4G9Zx', 'Q3bdoMF7yp', 'EPWdt47Ltk', 'G32dAP5rLi', 'IGsdYtynFu', 'noJdZCfX66', 'krjdel0hi5', 'jpXdx91rL2', 'cA0d5cF1yU'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, ohSXa2Irpkg80A21VE.cs High entropy of concatenated method names: 'ToString', 'y4YGpLEthQ', 'LUeGhD5MHs', 'OFPGD2qPNq', 'rJCGlOKCMD', 'KFfGmQx1Xa', 'eDPGkGWOQ1', 'TfaGguN1de', 'WE3G1pqP4B', 'WGWGqSewKo'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, QJc5HtoI6HCrLrhPgw.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'BVEryu5shA', 'D1DrifrVYk', 'jFtrzxZywn', 'X9IT893sv4', 'PtrT6C5aB9', 'B3UTrddtMu', 'dqtTTZGVji', 'jsE4naJaX6NhPAOOnJC'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, qhoJGBwcuWcdRvmcQJ.cs High entropy of concatenated method names: 'y2oMC0QT0u', 'MxFMFSdhP2', 'MNpMXIDMGe', 'VAYMhMFKT2', 'LulMlaojAj', 'jdeMmH1rUv', 'L2SMgocMH8', 'NZ6M14S5yd', 'b4vMWBP1K5', 'uqIMpT2xSD'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, DntW2qFNfpeBnv1vqI.cs High entropy of concatenated method names: 'jvPoKbZJV6', 'SDSofWgsSo', 'jc6oCCZNxp', 'UMNoFaPgl5', 'O3jos8RnFu', 'jeIoGQq3OL', 'EuSoc3UH1k', 'pnModkd7FR', 'tT0o3KcZC3', 'mtroPxRRjp'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, rHEZxjqLAe7fPGjxJY.cs High entropy of concatenated method names: 'IDvYOOW6Mi', 'a4MYH9Qgtu', 'SC0YjtBJrX', 'LnJYKRHc6f', 'aEBY0ms5As', 'jLiYf3WyML', 'NuaYJTfrhx', 'NUsYCTuo1a', 'VmaYFGG4nv', 'dZQYUu0QBy'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, tSJUo46TZqkPs1mgxMa.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QkaPuEM7V5', 'GXXPn3RmfS', 'rQwPI7WqgA', 'Ni2PSQGUmy', 'oRcPRHPPuA', 'BtGP7sZLp6', 'ITvPBXOvKM'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, jX0cIPCFeyLeq3FhA2.cs High entropy of concatenated method names: 'fBXausDeO1', 'VGBan17SIZ', 'H2aaICEwyS', 'UGUaS4aLZ0', 'iXZaRr15HH', 'qXga7wMCKG', 'wc6aB008bb', 'yOaav2xA59', 'piRayI55hH', 'Gbvait2o2d'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, FAfY8HXFAFPDpNlYjG.cs High entropy of concatenated method names: 'DChALeH8w5', 'F6hAa0O70b', 'kuWAtEoNM3', 'GZCAYUGTqu', 'JCVAZbwB6t', 'pLItRbb49j', 'nLLt73AikB', 'fqUtBobw8L', 'JYvtvSPT2Q', 'JB9tyemugv'
Source: 0.2.TNT Original Documents AWB 8013580.bat.exe.3987040.3.raw.unpack, RfiI1Zu4Eogyerhd7p.cs High entropy of concatenated method names: 'eOOsWGeb3N', 'aA6s985KBO', 'YjxsuWV4DP', 'L1WsnjakF9', 'lnhsh1rvKF', 'NmAsDLULQU', 'QmYslnR0Ud', 'ykPsma0u7q', 'zJ4skmD41L', 'VY9sgWsalf'
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: TNT Original Documents AWB 8013580.bat.exe PID: 7364, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: 9E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: 26C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: BF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: 8B00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: 7530000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: 9B00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: AB00000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A096E rdtsc 4_2_016A096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe API coverage: 0.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe TID: 7392 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe TID: 7552 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A096E rdtsc 4_2_016A096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_00417473 LdrLoadDll, 4_2_00417473
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h] 4_2_016F4144
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h] 4_2_016F4144
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F4144 mov ecx, dword ptr fs:[00000030h] 4_2_016F4144
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h] 4_2_016F4144
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F4144 mov eax, dword ptr fs:[00000030h] 4_2_016F4144
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666154 mov eax, dword ptr fs:[00000030h] 4_2_01666154
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666154 mov eax, dword ptr fs:[00000030h] 4_2_01666154
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165C156 mov eax, dword ptr fs:[00000030h] 4_2_0165C156
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F8158 mov eax, dword ptr fs:[00000030h] 4_2_016F8158
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01690124 mov eax, dword ptr fs:[00000030h] 4_2_01690124
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01720115 mov eax, dword ptr fs:[00000030h] 4_2_01720115
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170A118 mov ecx, dword ptr fs:[00000030h] 4_2_0170A118
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170A118 mov eax, dword ptr fs:[00000030h] 4_2_0170A118
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170A118 mov eax, dword ptr fs:[00000030h] 4_2_0170A118
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170A118 mov eax, dword ptr fs:[00000030h] 4_2_0170A118
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov eax, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E10E mov ecx, dword ptr fs:[00000030h] 4_2_0170E10E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016901F8 mov eax, dword ptr fs:[00000030h] 4_2_016901F8
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017361E5 mov eax, dword ptr fs:[00000030h] 4_2_017361E5
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017261C3 mov eax, dword ptr fs:[00000030h] 4_2_017261C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017261C3 mov eax, dword ptr fs:[00000030h] 4_2_017261C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h] 4_2_016DE1D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h] 4_2_016DE1D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE1D0 mov ecx, dword ptr fs:[00000030h] 4_2_016DE1D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h] 4_2_016DE1D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE1D0 mov eax, dword ptr fs:[00000030h] 4_2_016DE1D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A0185 mov eax, dword ptr fs:[00000030h] 4_2_016A0185
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01704180 mov eax, dword ptr fs:[00000030h] 4_2_01704180
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01704180 mov eax, dword ptr fs:[00000030h] 4_2_01704180
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E019F mov eax, dword ptr fs:[00000030h] 4_2_016E019F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E019F mov eax, dword ptr fs:[00000030h] 4_2_016E019F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E019F mov eax, dword ptr fs:[00000030h] 4_2_016E019F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E019F mov eax, dword ptr fs:[00000030h] 4_2_016E019F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165A197 mov eax, dword ptr fs:[00000030h] 4_2_0165A197
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165A197 mov eax, dword ptr fs:[00000030h] 4_2_0165A197
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165A197 mov eax, dword ptr fs:[00000030h] 4_2_0165A197
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171C188 mov eax, dword ptr fs:[00000030h] 4_2_0171C188
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171C188 mov eax, dword ptr fs:[00000030h] 4_2_0171C188
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168C073 mov eax, dword ptr fs:[00000030h] 4_2_0168C073
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01662050 mov eax, dword ptr fs:[00000030h] 4_2_01662050
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6050 mov eax, dword ptr fs:[00000030h] 4_2_016E6050
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165A020 mov eax, dword ptr fs:[00000030h] 4_2_0165A020
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165C020 mov eax, dword ptr fs:[00000030h] 4_2_0165C020
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F6030 mov eax, dword ptr fs:[00000030h] 4_2_016F6030
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E4000 mov ecx, dword ptr fs:[00000030h] 4_2_016E4000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01702000 mov eax, dword ptr fs:[00000030h] 4_2_01702000
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h] 4_2_0167E016
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h] 4_2_0167E016
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h] 4_2_0167E016
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E016 mov eax, dword ptr fs:[00000030h] 4_2_0167E016
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165A0E3 mov ecx, dword ptr fs:[00000030h] 4_2_0165A0E3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E60E0 mov eax, dword ptr fs:[00000030h] 4_2_016E60E0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016680E9 mov eax, dword ptr fs:[00000030h] 4_2_016680E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165C0F0 mov eax, dword ptr fs:[00000030h] 4_2_0165C0F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A20F0 mov ecx, dword ptr fs:[00000030h] 4_2_016A20F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E20DE mov eax, dword ptr fs:[00000030h] 4_2_016E20DE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F80A8 mov eax, dword ptr fs:[00000030h] 4_2_016F80A8
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017260B8 mov eax, dword ptr fs:[00000030h] 4_2_017260B8
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017260B8 mov ecx, dword ptr fs:[00000030h] 4_2_017260B8
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166208A mov eax, dword ptr fs:[00000030h] 4_2_0166208A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170437C mov eax, dword ptr fs:[00000030h] 4_2_0170437C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172A352 mov eax, dword ptr fs:[00000030h] 4_2_0172A352
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01708350 mov ecx, dword ptr fs:[00000030h] 4_2_01708350
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E2349 mov eax, dword ptr fs:[00000030h] 4_2_016E2349
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E035C mov eax, dword ptr fs:[00000030h] 4_2_016E035C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E035C mov eax, dword ptr fs:[00000030h] 4_2_016E035C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E035C mov eax, dword ptr fs:[00000030h] 4_2_016E035C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E035C mov ecx, dword ptr fs:[00000030h] 4_2_016E035C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E035C mov eax, dword ptr fs:[00000030h] 4_2_016E035C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E035C mov eax, dword ptr fs:[00000030h] 4_2_016E035C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A30B mov eax, dword ptr fs:[00000030h] 4_2_0169A30B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A30B mov eax, dword ptr fs:[00000030h] 4_2_0169A30B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A30B mov eax, dword ptr fs:[00000030h] 4_2_0169A30B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165C310 mov ecx, dword ptr fs:[00000030h] 4_2_0165C310
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01680310 mov ecx, dword ptr fs:[00000030h] 4_2_01680310
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016703E9 mov eax, dword ptr fs:[00000030h] 4_2_016703E9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016963FF mov eax, dword ptr fs:[00000030h] 4_2_016963FF
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E3F0 mov eax, dword ptr fs:[00000030h] 4_2_0167E3F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E3F0 mov eax, dword ptr fs:[00000030h] 4_2_0167E3F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E3F0 mov eax, dword ptr fs:[00000030h] 4_2_0167E3F0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017043D4 mov eax, dword ptr fs:[00000030h] 4_2_017043D4
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017043D4 mov eax, dword ptr fs:[00000030h] 4_2_017043D4
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h] 4_2_016683C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h] 4_2_016683C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h] 4_2_016683C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016683C0 mov eax, dword ptr fs:[00000030h] 4_2_016683C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0166A3C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0166A3C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0166A3C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0166A3C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0166A3C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A3C0 mov eax, dword ptr fs:[00000030h] 4_2_0166A3C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E3DB mov eax, dword ptr fs:[00000030h] 4_2_0170E3DB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E3DB mov eax, dword ptr fs:[00000030h] 4_2_0170E3DB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E3DB mov ecx, dword ptr fs:[00000030h] 4_2_0170E3DB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170E3DB mov eax, dword ptr fs:[00000030h] 4_2_0170E3DB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E63C0 mov eax, dword ptr fs:[00000030h] 4_2_016E63C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171C3CD mov eax, dword ptr fs:[00000030h] 4_2_0171C3CD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168438F mov eax, dword ptr fs:[00000030h] 4_2_0168438F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168438F mov eax, dword ptr fs:[00000030h] 4_2_0168438F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165E388 mov eax, dword ptr fs:[00000030h] 4_2_0165E388
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165E388 mov eax, dword ptr fs:[00000030h] 4_2_0165E388
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165E388 mov eax, dword ptr fs:[00000030h] 4_2_0165E388
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01658397 mov eax, dword ptr fs:[00000030h] 4_2_01658397
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01658397 mov eax, dword ptr fs:[00000030h] 4_2_01658397
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01658397 mov eax, dword ptr fs:[00000030h] 4_2_01658397
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01710274 mov eax, dword ptr fs:[00000030h] 4_2_01710274
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664260 mov eax, dword ptr fs:[00000030h] 4_2_01664260
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664260 mov eax, dword ptr fs:[00000030h] 4_2_01664260
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664260 mov eax, dword ptr fs:[00000030h] 4_2_01664260
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165826B mov eax, dword ptr fs:[00000030h] 4_2_0165826B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171A250 mov eax, dword ptr fs:[00000030h] 4_2_0171A250
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171A250 mov eax, dword ptr fs:[00000030h] 4_2_0171A250
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E8243 mov eax, dword ptr fs:[00000030h] 4_2_016E8243
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E8243 mov ecx, dword ptr fs:[00000030h] 4_2_016E8243
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165A250 mov eax, dword ptr fs:[00000030h] 4_2_0165A250
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666259 mov eax, dword ptr fs:[00000030h] 4_2_01666259
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165823B mov eax, dword ptr fs:[00000030h] 4_2_0165823B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016702E1 mov eax, dword ptr fs:[00000030h] 4_2_016702E1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016702E1 mov eax, dword ptr fs:[00000030h] 4_2_016702E1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016702E1 mov eax, dword ptr fs:[00000030h] 4_2_016702E1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0166A2C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0166A2C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0166A2C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0166A2C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A2C3 mov eax, dword ptr fs:[00000030h] 4_2_0166A2C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016702A0 mov eax, dword ptr fs:[00000030h] 4_2_016702A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016702A0 mov eax, dword ptr fs:[00000030h] 4_2_016702A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h] 4_2_016F62A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F62A0 mov ecx, dword ptr fs:[00000030h] 4_2_016F62A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h] 4_2_016F62A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h] 4_2_016F62A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h] 4_2_016F62A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F62A0 mov eax, dword ptr fs:[00000030h] 4_2_016F62A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E0283 mov eax, dword ptr fs:[00000030h] 4_2_016E0283
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E0283 mov eax, dword ptr fs:[00000030h] 4_2_016E0283
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E0283 mov eax, dword ptr fs:[00000030h] 4_2_016E0283
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E284 mov eax, dword ptr fs:[00000030h] 4_2_0169E284
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E284 mov eax, dword ptr fs:[00000030h] 4_2_0169E284
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169656A mov eax, dword ptr fs:[00000030h] 4_2_0169656A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169656A mov eax, dword ptr fs:[00000030h] 4_2_0169656A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169656A mov eax, dword ptr fs:[00000030h] 4_2_0169656A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668550 mov eax, dword ptr fs:[00000030h] 4_2_01668550
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668550 mov eax, dword ptr fs:[00000030h] 4_2_01668550
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 mov eax, dword ptr fs:[00000030h] 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 mov eax, dword ptr fs:[00000030h] 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 mov eax, dword ptr fs:[00000030h] 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 mov eax, dword ptr fs:[00000030h] 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 mov eax, dword ptr fs:[00000030h] 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670535 mov eax, dword ptr fs:[00000030h] 4_2_01670535
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h] 4_2_0168E53E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h] 4_2_0168E53E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h] 4_2_0168E53E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h] 4_2_0168E53E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E53E mov eax, dword ptr fs:[00000030h] 4_2_0168E53E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F6500 mov eax, dword ptr fs:[00000030h] 4_2_016F6500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734500 mov eax, dword ptr fs:[00000030h] 4_2_01734500
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C5ED mov eax, dword ptr fs:[00000030h] 4_2_0169C5ED
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C5ED mov eax, dword ptr fs:[00000030h] 4_2_0169C5ED
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016625E0 mov eax, dword ptr fs:[00000030h] 4_2_016625E0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E5E7 mov eax, dword ptr fs:[00000030h] 4_2_0168E5E7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E5CF mov eax, dword ptr fs:[00000030h] 4_2_0169E5CF
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E5CF mov eax, dword ptr fs:[00000030h] 4_2_0169E5CF
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016665D0 mov eax, dword ptr fs:[00000030h] 4_2_016665D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A5D0 mov eax, dword ptr fs:[00000030h] 4_2_0169A5D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A5D0 mov eax, dword ptr fs:[00000030h] 4_2_0169A5D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E05A7 mov eax, dword ptr fs:[00000030h] 4_2_016E05A7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E05A7 mov eax, dword ptr fs:[00000030h] 4_2_016E05A7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E05A7 mov eax, dword ptr fs:[00000030h] 4_2_016E05A7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016845B1 mov eax, dword ptr fs:[00000030h] 4_2_016845B1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016845B1 mov eax, dword ptr fs:[00000030h] 4_2_016845B1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01694588 mov eax, dword ptr fs:[00000030h] 4_2_01694588
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01662582 mov eax, dword ptr fs:[00000030h] 4_2_01662582
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01662582 mov ecx, dword ptr fs:[00000030h] 4_2_01662582
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E59C mov eax, dword ptr fs:[00000030h] 4_2_0169E59C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EC460 mov ecx, dword ptr fs:[00000030h] 4_2_016EC460
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168A470 mov eax, dword ptr fs:[00000030h] 4_2_0168A470
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168A470 mov eax, dword ptr fs:[00000030h] 4_2_0168A470
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168A470 mov eax, dword ptr fs:[00000030h] 4_2_0168A470
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171A456 mov eax, dword ptr fs:[00000030h] 4_2_0171A456
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169E443 mov eax, dword ptr fs:[00000030h] 4_2_0169E443
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168245A mov eax, dword ptr fs:[00000030h] 4_2_0168245A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165645D mov eax, dword ptr fs:[00000030h] 4_2_0165645D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165C427 mov eax, dword ptr fs:[00000030h] 4_2_0165C427
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165E420 mov eax, dword ptr fs:[00000030h] 4_2_0165E420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165E420 mov eax, dword ptr fs:[00000030h] 4_2_0165E420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165E420 mov eax, dword ptr fs:[00000030h] 4_2_0165E420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E6420 mov eax, dword ptr fs:[00000030h] 4_2_016E6420
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A430 mov eax, dword ptr fs:[00000030h] 4_2_0169A430
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01698402 mov eax, dword ptr fs:[00000030h] 4_2_01698402
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01698402 mov eax, dword ptr fs:[00000030h] 4_2_01698402
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01698402 mov eax, dword ptr fs:[00000030h] 4_2_01698402
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016604E5 mov ecx, dword ptr fs:[00000030h] 4_2_016604E5
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016664AB mov eax, dword ptr fs:[00000030h] 4_2_016664AB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016944B0 mov ecx, dword ptr fs:[00000030h] 4_2_016944B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EA4B0 mov eax, dword ptr fs:[00000030h] 4_2_016EA4B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0171A49A mov eax, dword ptr fs:[00000030h] 4_2_0171A49A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668770 mov eax, dword ptr fs:[00000030h] 4_2_01668770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670770 mov eax, dword ptr fs:[00000030h] 4_2_01670770
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169674D mov esi, dword ptr fs:[00000030h] 4_2_0169674D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169674D mov eax, dword ptr fs:[00000030h] 4_2_0169674D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169674D mov eax, dword ptr fs:[00000030h] 4_2_0169674D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EE75D mov eax, dword ptr fs:[00000030h] 4_2_016EE75D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660750 mov eax, dword ptr fs:[00000030h] 4_2_01660750
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2750 mov eax, dword ptr fs:[00000030h] 4_2_016A2750
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2750 mov eax, dword ptr fs:[00000030h] 4_2_016A2750
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E4755 mov eax, dword ptr fs:[00000030h] 4_2_016E4755
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C720 mov eax, dword ptr fs:[00000030h] 4_2_0169C720
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C720 mov eax, dword ptr fs:[00000030h] 4_2_0169C720
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169273C mov eax, dword ptr fs:[00000030h] 4_2_0169273C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169273C mov ecx, dword ptr fs:[00000030h] 4_2_0169273C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169273C mov eax, dword ptr fs:[00000030h] 4_2_0169273C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DC730 mov eax, dword ptr fs:[00000030h] 4_2_016DC730
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C700 mov eax, dword ptr fs:[00000030h] 4_2_0169C700
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660710 mov eax, dword ptr fs:[00000030h] 4_2_01660710
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01690710 mov eax, dword ptr fs:[00000030h] 4_2_01690710
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016827ED mov eax, dword ptr fs:[00000030h] 4_2_016827ED
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016827ED mov eax, dword ptr fs:[00000030h] 4_2_016827ED
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016827ED mov eax, dword ptr fs:[00000030h] 4_2_016827ED
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EE7E1 mov eax, dword ptr fs:[00000030h] 4_2_016EE7E1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016647FB mov eax, dword ptr fs:[00000030h] 4_2_016647FB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016647FB mov eax, dword ptr fs:[00000030h] 4_2_016647FB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166C7C0 mov eax, dword ptr fs:[00000030h] 4_2_0166C7C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E07C3 mov eax, dword ptr fs:[00000030h] 4_2_016E07C3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016607AF mov eax, dword ptr fs:[00000030h] 4_2_016607AF
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_017147A0 mov eax, dword ptr fs:[00000030h] 4_2_017147A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170678E mov eax, dword ptr fs:[00000030h] 4_2_0170678E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A660 mov eax, dword ptr fs:[00000030h] 4_2_0169A660
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A660 mov eax, dword ptr fs:[00000030h] 4_2_0169A660
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172866E mov eax, dword ptr fs:[00000030h] 4_2_0172866E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172866E mov eax, dword ptr fs:[00000030h] 4_2_0172866E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01692674 mov eax, dword ptr fs:[00000030h] 4_2_01692674
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167C640 mov eax, dword ptr fs:[00000030h] 4_2_0167C640
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167E627 mov eax, dword ptr fs:[00000030h] 4_2_0167E627
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01696620 mov eax, dword ptr fs:[00000030h] 4_2_01696620
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01698620 mov eax, dword ptr fs:[00000030h] 4_2_01698620
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166262C mov eax, dword ptr fs:[00000030h] 4_2_0166262C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE609 mov eax, dword ptr fs:[00000030h] 4_2_016DE609
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0167260B mov eax, dword ptr fs:[00000030h] 4_2_0167260B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A2619 mov eax, dword ptr fs:[00000030h] 4_2_016A2619
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h] 4_2_016DE6F2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h] 4_2_016DE6F2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h] 4_2_016DE6F2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE6F2 mov eax, dword ptr fs:[00000030h] 4_2_016DE6F2
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E06F1 mov eax, dword ptr fs:[00000030h] 4_2_016E06F1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E06F1 mov eax, dword ptr fs:[00000030h] 4_2_016E06F1
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A6C7 mov ebx, dword ptr fs:[00000030h] 4_2_0169A6C7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A6C7 mov eax, dword ptr fs:[00000030h] 4_2_0169A6C7
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C6A6 mov eax, dword ptr fs:[00000030h] 4_2_0169C6A6
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016966B0 mov eax, dword ptr fs:[00000030h] 4_2_016966B0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664690 mov eax, dword ptr fs:[00000030h] 4_2_01664690
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664690 mov eax, dword ptr fs:[00000030h] 4_2_01664690
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A096E mov eax, dword ptr fs:[00000030h] 4_2_016A096E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A096E mov edx, dword ptr fs:[00000030h] 4_2_016A096E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016A096E mov eax, dword ptr fs:[00000030h] 4_2_016A096E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01704978 mov eax, dword ptr fs:[00000030h] 4_2_01704978
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01704978 mov eax, dword ptr fs:[00000030h] 4_2_01704978
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01686962 mov eax, dword ptr fs:[00000030h] 4_2_01686962
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01686962 mov eax, dword ptr fs:[00000030h] 4_2_01686962
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01686962 mov eax, dword ptr fs:[00000030h] 4_2_01686962
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EC97C mov eax, dword ptr fs:[00000030h] 4_2_016EC97C
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E0946 mov eax, dword ptr fs:[00000030h] 4_2_016E0946
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E892A mov eax, dword ptr fs:[00000030h] 4_2_016E892A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F892B mov eax, dword ptr fs:[00000030h] 4_2_016F892B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE908 mov eax, dword ptr fs:[00000030h] 4_2_016DE908
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DE908 mov eax, dword ptr fs:[00000030h] 4_2_016DE908
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EC912 mov eax, dword ptr fs:[00000030h] 4_2_016EC912
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01658918 mov eax, dword ptr fs:[00000030h] 4_2_01658918
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01658918 mov eax, dword ptr fs:[00000030h] 4_2_01658918
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EE9E0 mov eax, dword ptr fs:[00000030h] 4_2_016EE9E0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016929F9 mov eax, dword ptr fs:[00000030h] 4_2_016929F9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016929F9 mov eax, dword ptr fs:[00000030h] 4_2_016929F9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172A9D3 mov eax, dword ptr fs:[00000030h] 4_2_0172A9D3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F69C0 mov eax, dword ptr fs:[00000030h] 4_2_016F69C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0166A9D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0166A9D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0166A9D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0166A9D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0166A9D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166A9D0 mov eax, dword ptr fs:[00000030h] 4_2_0166A9D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016949D0 mov eax, dword ptr fs:[00000030h] 4_2_016949D0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016729A0 mov eax, dword ptr fs:[00000030h] 4_2_016729A0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016609AD mov eax, dword ptr fs:[00000030h] 4_2_016609AD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016609AD mov eax, dword ptr fs:[00000030h] 4_2_016609AD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E89B3 mov esi, dword ptr fs:[00000030h] 4_2_016E89B3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E89B3 mov eax, dword ptr fs:[00000030h] 4_2_016E89B3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016E89B3 mov eax, dword ptr fs:[00000030h] 4_2_016E89B3
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EE872 mov eax, dword ptr fs:[00000030h] 4_2_016EE872
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EE872 mov eax, dword ptr fs:[00000030h] 4_2_016EE872
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F6870 mov eax, dword ptr fs:[00000030h] 4_2_016F6870
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F6870 mov eax, dword ptr fs:[00000030h] 4_2_016F6870
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01672840 mov ecx, dword ptr fs:[00000030h] 4_2_01672840
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01690854 mov eax, dword ptr fs:[00000030h] 4_2_01690854
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664859 mov eax, dword ptr fs:[00000030h] 4_2_01664859
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01664859 mov eax, dword ptr fs:[00000030h] 4_2_01664859
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170483A mov eax, dword ptr fs:[00000030h] 4_2_0170483A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170483A mov eax, dword ptr fs:[00000030h] 4_2_0170483A
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169A830 mov eax, dword ptr fs:[00000030h] 4_2_0169A830
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682835 mov eax, dword ptr fs:[00000030h] 4_2_01682835
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682835 mov eax, dword ptr fs:[00000030h] 4_2_01682835
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682835 mov eax, dword ptr fs:[00000030h] 4_2_01682835
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682835 mov ecx, dword ptr fs:[00000030h] 4_2_01682835
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682835 mov eax, dword ptr fs:[00000030h] 4_2_01682835
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01682835 mov eax, dword ptr fs:[00000030h] 4_2_01682835
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EC810 mov eax, dword ptr fs:[00000030h] 4_2_016EC810
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C8F9 mov eax, dword ptr fs:[00000030h] 4_2_0169C8F9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169C8F9 mov eax, dword ptr fs:[00000030h] 4_2_0169C8F9
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172A8E4 mov eax, dword ptr fs:[00000030h] 4_2_0172A8E4
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168E8C0 mov eax, dword ptr fs:[00000030h] 4_2_0168E8C0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660887 mov eax, dword ptr fs:[00000030h] 4_2_01660887
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016EC89D mov eax, dword ptr fs:[00000030h] 4_2_016EC89D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0165CB7E mov eax, dword ptr fs:[00000030h] 4_2_0165CB7E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170EB50 mov eax, dword ptr fs:[00000030h] 4_2_0170EB50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F6B40 mov eax, dword ptr fs:[00000030h] 4_2_016F6B40
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F6B40 mov eax, dword ptr fs:[00000030h] 4_2_016F6B40
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0172AB40 mov eax, dword ptr fs:[00000030h] 4_2_0172AB40
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01708B42 mov eax, dword ptr fs:[00000030h] 4_2_01708B42
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01714B4B mov eax, dword ptr fs:[00000030h] 4_2_01714B4B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01714B4B mov eax, dword ptr fs:[00000030h] 4_2_01714B4B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168EB20 mov eax, dword ptr fs:[00000030h] 4_2_0168EB20
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168EB20 mov eax, dword ptr fs:[00000030h] 4_2_0168EB20
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01728B28 mov eax, dword ptr fs:[00000030h] 4_2_01728B28
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01728B28 mov eax, dword ptr fs:[00000030h] 4_2_01728B28
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DEB1D mov eax, dword ptr fs:[00000030h] 4_2_016DEB1D
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168EBFC mov eax, dword ptr fs:[00000030h] 4_2_0168EBFC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668BF0 mov eax, dword ptr fs:[00000030h] 4_2_01668BF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668BF0 mov eax, dword ptr fs:[00000030h] 4_2_01668BF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668BF0 mov eax, dword ptr fs:[00000030h] 4_2_01668BF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016ECBF0 mov eax, dword ptr fs:[00000030h] 4_2_016ECBF0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170EBD0 mov eax, dword ptr fs:[00000030h] 4_2_0170EBD0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01680BCB mov eax, dword ptr fs:[00000030h] 4_2_01680BCB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01680BCB mov eax, dword ptr fs:[00000030h] 4_2_01680BCB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01680BCB mov eax, dword ptr fs:[00000030h] 4_2_01680BCB
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660BCD mov eax, dword ptr fs:[00000030h] 4_2_01660BCD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660BCD mov eax, dword ptr fs:[00000030h] 4_2_01660BCD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660BCD mov eax, dword ptr fs:[00000030h] 4_2_01660BCD
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01714BB0 mov eax, dword ptr fs:[00000030h] 4_2_01714BB0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01714BB0 mov eax, dword ptr fs:[00000030h] 4_2_01714BB0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670BBE mov eax, dword ptr fs:[00000030h] 4_2_01670BBE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670BBE mov eax, dword ptr fs:[00000030h] 4_2_01670BBE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169CA6F mov eax, dword ptr fs:[00000030h] 4_2_0169CA6F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169CA6F mov eax, dword ptr fs:[00000030h] 4_2_0169CA6F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169CA6F mov eax, dword ptr fs:[00000030h] 4_2_0169CA6F
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0170EA60 mov eax, dword ptr fs:[00000030h] 4_2_0170EA60
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DCA72 mov eax, dword ptr fs:[00000030h] 4_2_016DCA72
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016DCA72 mov eax, dword ptr fs:[00000030h] 4_2_016DCA72
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01666A50 mov eax, dword ptr fs:[00000030h] 4_2_01666A50
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670A5B mov eax, dword ptr fs:[00000030h] 4_2_01670A5B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01670A5B mov eax, dword ptr fs:[00000030h] 4_2_01670A5B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0168EA2E mov eax, dword ptr fs:[00000030h] 4_2_0168EA2E
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169CA24 mov eax, dword ptr fs:[00000030h] 4_2_0169CA24
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169CA38 mov eax, dword ptr fs:[00000030h] 4_2_0169CA38
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01684A35 mov eax, dword ptr fs:[00000030h] 4_2_01684A35
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01684A35 mov eax, dword ptr fs:[00000030h] 4_2_01684A35
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016ECA11 mov eax, dword ptr fs:[00000030h] 4_2_016ECA11
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169AAEE mov eax, dword ptr fs:[00000030h] 4_2_0169AAEE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0169AAEE mov eax, dword ptr fs:[00000030h] 4_2_0169AAEE
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B6ACC mov eax, dword ptr fs:[00000030h] 4_2_016B6ACC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B6ACC mov eax, dword ptr fs:[00000030h] 4_2_016B6ACC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B6ACC mov eax, dword ptr fs:[00000030h] 4_2_016B6ACC
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660AD0 mov eax, dword ptr fs:[00000030h] 4_2_01660AD0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01694AD0 mov eax, dword ptr fs:[00000030h] 4_2_01694AD0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01694AD0 mov eax, dword ptr fs:[00000030h] 4_2_01694AD0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668AA0 mov eax, dword ptr fs:[00000030h] 4_2_01668AA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668AA0 mov eax, dword ptr fs:[00000030h] 4_2_01668AA0
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016B6AA4 mov eax, dword ptr fs:[00000030h] 4_2_016B6AA4
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_0166EA80 mov eax, dword ptr fs:[00000030h] 4_2_0166EA80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01734A80 mov eax, dword ptr fs:[00000030h] 4_2_01734A80
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01698A90 mov edx, dword ptr fs:[00000030h] 4_2_01698A90
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_016F8D6B mov eax, dword ptr fs:[00000030h] 4_2_016F8D6B
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660D59 mov eax, dword ptr fs:[00000030h] 4_2_01660D59
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660D59 mov eax, dword ptr fs:[00000030h] 4_2_01660D59
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01660D59 mov eax, dword ptr fs:[00000030h] 4_2_01660D59
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668D59 mov eax, dword ptr fs:[00000030h] 4_2_01668D59
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668D59 mov eax, dword ptr fs:[00000030h] 4_2_01668D59
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Code function: 4_2_01668D59 mov eax, dword ptr fs:[00000030h] 4_2_01668D59
Enables debug privileges
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Memory written: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe" Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Process created: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe "C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Queries volume information: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\TNT Original Documents AWB 8013580.bat.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 4.2.TNT Original Documents AWB 8013580.bat.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000004.00000002.1799413826.0000000001590000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.1798952461.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1533040 Sample: TNT Original Documents AWB ... Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 6 other signatures 2->22 6 TNT Original Documents AWB 8013580.bat.exe 3 2->6         started        process3 file4 14 TNT Original Docum...8013580.bat.exe.log, ASCII 6->14 dropped 24 Injects a PE file into a foreign processes 6->24 10 TNT Original Documents AWB 8013580.bat.exe 6->10         started        12 TNT Original Documents AWB 8013580.bat.exe 6->12         started        signatures5 process6
No contacted IP infos