| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: Http://ptlogin2.qq.com/check?uin= |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ad.23gua.com/farm.html |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ad.23gua.com/pasture.html |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/farm/key.xml |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/fy/ |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/fy/QQ |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/fy/card.xml |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/fy/farm.html |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/fy/farm.htmlU |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://api.23gua.com/fy/farm.xml |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://appimg.qq.com/happyfarm/module/Main2_v_6.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://appimg.qq.com/happyfarm/module/Main2_v_9.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://appimg.qq.com/happyfarm/module/loading2_v_1.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://base.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?uins= |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://captcha.qq.com/getimage?aid=10000101&vc_type= |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ctc.appimg.qq.com/mc/module/Master2_v_5.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ctc.appimg.qq.com/mc/module/mc/main/commonui_v_5.swf?v=1 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ctc.appimg.qq.com/mc/module/mc/main/farmui1_v_25.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ctc.appimg.qq.com/mc/module/mc/main/farmui2_v_19.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_buyseed?mod=repertory&act=buySeed |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_getseedinfo?mod=repertory&act=getSeedInfo |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_getuserseed?mod=repertory&act=getUserSeed |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_ini_run_v2?v=12 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_reclaim?mod=user&act=reclaim |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_reclaimpay?mod=user&act=reclaimPay |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.qzone.qq.com/cgi-bin/cgi_farm_upgrade |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_attack_beast |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_getseedinfo?mod=repertory&act=getSeedInfo |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_getuserseed?mod=repertory&act=getUserSeed |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_pickup_crystal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_reclaim?mod=user&act=reclaim |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_reclaimpay?mod=user&act=reclaimPay |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://farm.xiaoyou.qq.com/cgi-bin/cgi_farm_upgrade |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/animalConfig.xml |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_buy_animal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_donate_animal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_enter |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_feed_food |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_fight |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_get_Exp |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_get_animals |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_get_package |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_get_repertory?target=animal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_harvest_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_help_pasture |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_post_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_raise_cub |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_sale_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_steal_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.qzone.qq.com/cgi-bin/cgi_up_animalhouse |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/animalConfig.xml |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_buy_animal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_donate_animal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_enter |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_feed_food |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_fight |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_get_Exp |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_get_animals |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_get_repertory?target=animal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_harvest_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_post_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_raise_cub |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_sale_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://mc.xiaoyou.qq.com/cgi-bin/cgi_steal_product |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_attack_beast |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_getFriendList?mod=friend |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_getstatus_filter?cmd=3 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_getusercrop?f=1 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run&ownerId= |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_opt?mod=farmlandstatus&act=clearWeed |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_opt?mod=farmlandstatus&act=spraying |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_opt?mod=farmlandstatus&act=water |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_pickup_crystal |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=harvest |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=planting |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=scarify |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_saleall?mod=repertory&act=saleAll |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.qzone.qq.com/cgi-bin/cgi_farm_steal_v2?mod=farmlandstatus&act=scrounge |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_getFriendList?mod=friend |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_getstatus_filter?cmd=3 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_getusercrop?f=1 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_index?mod=user&act=run&ownerId= |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_opt?mod=farmlandstatus&act=clearWeed |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_opt?mod=farmlandstatus&act=spraying |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_opt?mod=farmlandstatus&act=water |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=harvest |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=planting |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_plant?mod=farmlandstatus&act=scarify |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_saleall?mod=repertory&act=saleAll |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://nc.xiaoyou.qq.com/cgi-bin/cgi_farm_steal_v2?mod=farmlandstatus&act=scrounge |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ptlogin2.qq.com/getimage?aid=353& |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ptlogin2.qq.com/getimage?aid=353&U |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://ptlogin2.qq.com/login?u= |
| Source: Amcache.hve.4.dr | String found in binary or memory: http://upx.sf.net |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://www.23gua.cm |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://www.23gua.com |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://www.23gua.comopen |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://www.23gua.comopenS3 |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://www.clamav.net |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: http://www.indyproject.org/ |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: NATS-SEFI-ADD |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: NATS-DANO-ADD |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: JIS_C6229-1984-b-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: jp-ocr-b-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: jp-ocr-hand-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: JIS_C6229-1984-hand-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: ISO_6937-2-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: 0=http://appimg.qq.com/happyfarm/module/loading2_v_1.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: NATS-SEFI-ADD |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: NATS-DANO-ADD |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: JIS_C6229-1984-b-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: jp-ocr-b-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: JIS_C6229-1984-hand-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: jp-ocr-hand-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: ISO_6937-2-add |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: 0=http://appimg.qq.com/happyfarm/module/loading2_v_1.swf |
| Source: SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | String found in binary or memory: 80=http://appimg.qq.com/happyfarm/module/loading2_v_1.swf |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0046B058 push 0046B084h; ret | 0_2_0046B07C |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004C5074 push 004C50A0h; ret | 0_2_004C5098 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004CD02C push 004CD0E5h; ret | 0_2_004CD0DD |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_00434020 push 0043406Ch; ret | 0_2_00434064 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004BF0CC push 004BF126h; ret | 0_2_004BF11E |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004430FC push 00443128h; ret | 0_2_00443120 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004D1080 push 004D10ACh; ret | 0_2_004D10A4 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0046B090 push 0046B0BCh; ret | 0_2_0046B0B4 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004A70B4 push 004A712Eh; ret | 0_2_004A7126 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004CD108 push 004CD134h; ret | 0_2_004CD12C |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0048611C push 00486148h; ret | 0_2_00486140 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0046B110 push 0046B13Ch; ret | 0_2_0046B134 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_00430130 push 0043015Ch; ret | 0_2_00430154 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004A71D8 push 004A7204h; ret | 0_2_004A71FC |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004171D4 push 0041724Ah; ret | 0_2_00417242 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0046E1EC push 0046E238h; ret | 0_2_0046E230 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004551F4 push 0045525Ah; ret | 0_2_00455252 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004261F8 push 004262A3h; ret | 0_2_0042629B |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004A7188 push 004A71B4h; ret | 0_2_004A71AC |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0046E188 push 0046E1CBh; ret | 0_2_0046E1C3 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_00433198 push 004331E7h; ret | 0_2_004331DF |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004951B8 push 004951FBh; ret | 0_2_004951F3 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0046E244 push 0046E28Fh; ret | 0_2_0046E287 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0041724C push 004172F4h; ret | 0_2_004172EC |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0045525C push 004552E9h; ret | 0_2_004552E1 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_00458204 push 00458230h; ret | 0_2_00458228 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004322C4 push 00432302h; ret | 0_2_004322FA |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0043D2D4 push 0043D300h; ret | 0_2_0043D2F8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_004312DC push 00431308h; ret | 0_2_00431300 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0043D284 push 0043D2B0h; ret | 0_2_0043D2A8 |
| Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe | Code function: 0_2_0043129C push 004312C8h; ret | 0_2_004312C0 |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual USB Mouse |
| Source: Amcache.hve.4.dr | Binary or memory string: vmci.syshbin |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware, Inc. |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware20,1hbin@ |
| Source: Amcache.hve.4.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
| Source: Amcache.hve.4.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: Amcache.hve.4.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
| Source: Amcache.hve.4.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: Amcache.hve.4.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
| Source: Amcache.hve.4.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
| Source: Amcache.hve.4.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
| Source: Amcache.hve.4.dr | Binary or memory string: vmci.sys |
| Source: Amcache.hve.4.dr | Binary or memory string: vmci.syshbin` |
| Source: Amcache.hve.4.dr | Binary or memory string: \driver\vmci,\driver\pci |
| Source: Amcache.hve.4.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware20,1 |
| Source: Amcache.hve.4.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
| Source: Amcache.hve.4.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
| Source: Amcache.hve.4.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
| Source: Amcache.hve.4.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
| Source: Amcache.hve.4.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware PCI VMCI Bus Device |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware VMCI Bus Device |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware Virtual RAM |
| Source: Amcache.hve.4.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
| Source: Amcache.hve.4.dr | Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d |
| Source: Amcache.hve.4.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Edit tour
SecuriteInfo.com.W32.Xpack.E.gen.Eldorado.12002.13899.exe (PID: 1072 cmdline: 
WerFault.exe (PID: 6440 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node