Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
Analysis ID:1665512
MD5:3f521f73d8e581412ca1bba3661ff98b
SHA1:da72ebc7bfa3db99fa91716219e62915ec57a549
SHA256:26fbb27abded4caa804d632a421222278dff0b49d77fdc765e2b95a9e21df8e5
Tags:exeFormbookuser-SecuriteInfoCom
Infos:

Detection

FormBook
Score:76
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1441072281.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe PID: 7432JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeVirustotal: Detection: 30%Perma Link
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeReversingLabs: Detection: 25%
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.1441072281.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleNeural Call Log Analysis: 92.6%
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: Gmoo.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000002.00000002.1441542380.0000000000F30000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: Gmoo.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000002.00000002.1441542380.0000000000F30000.00000040.00001000.00020000.00000000.sdmp
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: c.pki.goog
          Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.1441072281.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0042CD23 NtClose,2_2_0042CD23
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_00FA2DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA4340 NtSetContextThread,2_2_00FA4340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA4650 NtSuspendThread,2_2_00FA4650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2AF0 NtWriteFile,2_2_00FA2AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2AD0 NtReadFile,2_2_00FA2AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2AB0 NtWaitForSingleObject,2_2_00FA2AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2BF0 NtAllocateVirtualMemory,2_2_00FA2BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2BE0 NtQueryValueKey,2_2_00FA2BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2BA0 NtEnumerateValueKey,2_2_00FA2BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2B80 NtQueryInformationFile,2_2_00FA2B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2B60 NtClose,2_2_00FA2B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2CF0 NtOpenProcess,2_2_00FA2CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2CC0 NtQueryVirtualMemory,2_2_00FA2CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2CA0 NtQueryInformationToken,2_2_00FA2CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2C70 NtFreeVirtualMemory,2_2_00FA2C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2C60 NtCreateKey,2_2_00FA2C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2C00 NtQueryInformationProcess,2_2_00FA2C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2DD0 NtDelayExecution,2_2_00FA2DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2DB0 NtEnumerateKey,2_2_00FA2DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2D30 NtUnmapViewOfSection,2_2_00FA2D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2D10 NtMapViewOfSection,2_2_00FA2D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2D00 NtSetInformationFile,2_2_00FA2D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2EE0 NtQueueApcThread,2_2_00FA2EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2EA0 NtAdjustPrivilegesToken,2_2_00FA2EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2E80 NtReadVirtualMemory,2_2_00FA2E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2E30 NtWriteVirtualMemory,2_2_00FA2E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2FE0 NtCreateFile,2_2_00FA2FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2FB0 NtResumeThread,2_2_00FA2FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2FA0 NtQuerySection,2_2_00FA2FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2F90 NtProtectVirtualMemory,2_2_00FA2F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2F60 NtCreateProcessEx,2_2_00FA2F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2F30 NtCreateSection,2_2_00FA2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA3090 NtSetValueKey,2_2_00FA3090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA3010 NtOpenDirectoryObject,2_2_00FA3010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA35C0 NtCreateMutant,2_2_00FA35C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA39B0 NtGetContextThread,2_2_00FA39B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA3D70 NtOpenThread,2_2_00FA3D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA3D10 NtOpenProcessToken,2_2_00FA3D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0328E0540_2_0328E054
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059474D00_2_059474D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059400060_2_05940006
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059400400_2_05940040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059474C10_2_059474C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059A92600_2_059A9260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059A925A0_2_059A925A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077064200_2_07706420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077093A00_2_077093A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07705DE80_2_07705DE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07705DDA0_2_07705DDA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077064120_2_07706412
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0770C1200_2_0770C120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077088C00_2_077088C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0778E0830_2_0778E083
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0778C6780_2_0778C678
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B117180_2_07B11718
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B117080_2_07B11708
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B150B80_2_07B150B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B120BB0_2_07B120BB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B120C80_2_07B120C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B104780_2_07B10478
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B16C600_2_07B16C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B100400_2_07B10040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_083A10700_2_083A1070
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_083A05F80_2_083A05F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_083A0FE80_2_083A0FE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0770CF5A0_2_0770CF5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077093200_2_07709320
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077000400_2_07700040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0770003A0_2_0770003A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077826600_2_07782660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07784DB00_2_07784DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07782A080_2_07782A08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077829F80_2_077829F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_077800400_2_07780040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059A06910_2_059A0691
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_059A06A00_2_059A06A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004010C02_2_004010C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004031352_2_00403135
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004012402_2_00401240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004102DB2_2_004102DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004102E32_2_004102E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0042F3432_2_0042F343
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00402B302_2_00402B30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004033D02_2_004033D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0040E4E32_2_0040E4E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00416D6F2_2_00416D6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00416D732_2_00416D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004105032_2_00410503
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0040E6272_2_0040E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0040E6332_2_0040E633
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00402F902_2_00402F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_004027A02_2_004027A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100A1182_2_0100A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010241A22_2_010241A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010301AA2_2_010301AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010281CC2_2_010281CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010020002_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF81582_2_00FF8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F601002_2_00F60100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF02C02_2_00FF02C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102A3522_2_0102A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010303E62_2_010303E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E3F02_2_00F7E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010102742_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010305912_2_01030591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010144202_2_01014420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010224462_2_01022446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F705352_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101E4F62_2_0101E4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8C6E02_2_00F8C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6C7C02_2_00F6C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F707702_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F947502_2_00F94750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E8F02_2_00F9E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F568B82_2_00F568B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0103A9A62_2_0103A9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F728402_2_00F72840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7A8402_2_00F7A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A02_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F869622_2_00F86962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102AB402_2_0102AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA802_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01026BD72_2_01026BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60CF22_2_00F60CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100CD1F2_2_0100CD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70C002_2_00F70C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6ADE02_2_00F6ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F88DBF2_2_00F88DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010CB52_2_01010CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7AD002_2_00F7AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01012F302_2_01012F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82E902_2_00F82E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70E592_2_00F70E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7CFE02_2_00F7CFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102EE262_2_0102EE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F62FC82_2_00F62FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEEFA02_2_00FEEFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102CE932_2_0102CE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE4F402_2_00FE4F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F90F302_2_00F90F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB2F282_2_00FB2F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102EEDB2_2_0102EEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F770C02_2_00F770C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0103B16B2_2_0103B16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7B1B02_2_00F7B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5F1722_2_00F5F172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA516C2_2_00FA516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101F0CC2_2_0101F0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102F0E02_2_0102F0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010270E92_2_010270E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102132D2_2_0102132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8B2C02_2_00F8B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F752A02_2_00F752A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB739A2_2_00FB739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5D34C2_2_00F5D34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010112ED2_2_010112ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010275712_2_01027571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F614602_2_00F61460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100D5B02_2_0100D5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102F43F2_2_0102F43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102F7B02_2_0102F7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB56302_2_00FB5630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010216CC2_2_010216CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010059102_2_01005910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F738E02_2_00F738E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDD8002_2_00FDD800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F799502_2_00F79950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8B9502_2_00F8B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB5AA02_2_00FB5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102FB762_2_0102FB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE3A6C2_2_00FE3A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FADBF92_2_00FADBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE5BF02_2_00FE5BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01027A462_2_01027A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102FA492_2_0102FA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8FB802_2_00F8FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01011AA32_2_01011AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100DAAC2_2_0100DAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101DAC62_2_0101DAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01021D5A2_2_01021D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01027D732_2_01027D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE9C322_2_00FE9C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8FDC02_2_00F8FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F73D402_2_00F73D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102FCF22_2_0102FCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102FF092_2_0102FF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F79EB02_2_00F79EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102FFB12_2_0102FFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F71F922_2_00F71F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: String function: 00FB7E54 appears 103 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: String function: 00F5B970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: String function: 00FA5130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: String function: 00FEF290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: String function: 00FDEA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 196
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000000.00000000.1386647080.0000000000F84000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGmoo.exe* vs SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000000.00000002.1401512616.000000000138E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000000.00000002.1406518888.00000000083C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000002.00000002.1441542380.000000000105D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeBinary or memory string: OriginalFilenameGmoo.exe* vs SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, vcs47b39aFrTAKbLgQ.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, vcs47b39aFrTAKbLgQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, vcs47b39aFrTAKbLgQ.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, KcWvU4lWfjj1EcFWhJ.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, KcWvU4lWfjj1EcFWhJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: classification engineClassification label: mal76.troj.evad.winEXE@4/6@1/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7728
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\e9fb24c5-f04e-440a-aabf-9b7d0c140e7eJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeVirustotal: Detection: 30%
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeReversingLabs: Detection: 25%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 196
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: Gmoo.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000002.00000002.1441542380.0000000000F30000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: Gmoo.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe, 00000002.00000002.1441542380.0000000000F30000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.7710000.3.raw.unpack, gaWNLGnov1rlIG3v4D.cs.Net Code: R28xr4yyh System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, vcs47b39aFrTAKbLgQ.cs.Net Code: WxcFibSt0o System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.36ccac8.0.raw.unpack, gaWNLGnov1rlIG3v4D.cs.Net Code: R28xr4yyh System.Reflection.Assembly.Load(byte[])
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: 0x99C9A4A4 [Thu Oct 5 14:28:52 2051 UTC]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0328DA52 pushfd ; retf 0_2_0328DA81
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_0778F191 push esp; iretd 0_2_0778F19D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_07B108A3 pushfd ; retf 0_2_07B108A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_083A09D8 pushad ; iretd 0_2_083A09D9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 0_2_083A5B11 push 00000059h; ret 0_2_083A5B06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0042D853 push ds; ret 2_2_0042D916
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0041B0C9 push cs; retf 2_2_0041B0D1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00401560 push ss; retn 4683h2_2_00401691
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00403650 push eax; ret 2_2_00403652
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0040AECC push es; ret 2_2_0040AEE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0041EEED push edi; iretd 2_2_0041EEEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00414EF6 push esi; iretd 2_2_00414EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00426F53 push ecx; ret 2_2_00426FAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F609AD push ecx; mov dword ptr [esp], ecx2_2_00F609B6
          Source: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeStatic PE information: section name: .text entropy: 7.579750277060197
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.7710000.3.raw.unpack, RXv2gXFWfOHdOu5o4x.csHigh entropy of concatenated method names: 'Dispose', 'RXvF2gXWf', 'n2Bp3KX6LyhTbP96rs', 'HAstR11TVar3Xj672y', 'xsAVXGkykj1GusshJD', 'JGFM2jecZvOttkGp4k', 'HHpSMXNqrPUQ9uRakI', 'ranpYVVsY7udN56k77', 'p5pu9YMFbrUFoKYFkw', 'AbP9nkAg30G7nF7ARo'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.7710000.3.raw.unpack, gaWNLGnov1rlIG3v4D.csHigh entropy of concatenated method names: 'RQZhEfdal', 'elpwuw9vg', 'C7SvONiOb', 'aZJEKrY9W', 'sgWQQRlj4', 'RrdjBPCmS', 'Sy8pMxXYf', 'wHiomWuqF', 'Mi7rXdWnP', 'uih5bqCV1'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, sjZ0pLLRLnhgdkdNbm.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'dkMfYZ3Q8N', 'iUGfZSnskW', 'sbXfzOAhiG', 'IWGMyF4qEI', 'vM5Mq74tqG', 'b67MfiYdWw', 'tlkMMDg3Wc', 'gMswJFb34iJeONeRS7f'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, ls3c7NEHOSv8EhrWgF.csHigh entropy of concatenated method names: 'IqtBou16oO', 'wm2Bgcbg6u', 'xsJBi2IVIh', 'x1BBG3yl9Y', 'unvBxd2XqQ', 'TTsBmEda83', 'NbWB1Kmkcm', 'L4PBl5u30l', 'yIABbQOTFT', 'sWOBHe6rOI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, fM4B5MH0SfdbdWdgYr.csHigh entropy of concatenated method names: 'tDh6xyLlLK', 'sJo61E1yuS', 'n4RLenOdDH', 'zjkL0DYxt8', 'uxSL4lZwu1', 'F19LUfvLga', 'v1gLJDfnYD', 'IaaLufbsrr', 'kjpLEGuAqV', 'IZ9LjNXBF9'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, vcs47b39aFrTAKbLgQ.csHigh entropy of concatenated method names: 'QpsMW2XvQw', 'cwAM9kUf0r', 'NpYMwjF08L', 'q9uMLGcf5s', 'jnNM6hpHch', 'aDIM5M0Yc3', 'HTbMBVSK8s', 'eEiM3d0rFN', 'Oa1MvWHLwP', 'T5rMRN4oR3'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, Oc8OemqFvs4d3Fa1nv4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QvnPNMLA0E', 'HS6PCRi4ew', 'JctPaFAbc0', 'tRtPPegqUW', 'SC2PhdsfrI', 'E2OPpSoBiM', 'N6nPKEV6c4'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, KKWw8lF6qj8paJUKjc.csHigh entropy of concatenated method names: 'VsJqBcWvU4', 'efjq3j1EcF', 'sFiqRkVYQm', 'LVDqnW9M4B', 'edgqOYrxNf', 'd4DqXITR95', 'YfgXiSaFKji848bUMv', 'WWFSq9DJ1sBJdoq1NE', 'o8gqqAdj1P', 'FKsqMbC3U1'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, UKs5H5TVeVmE7wn550.csHigh entropy of concatenated method names: 'ToString', 'uUXXAbDB0O', 'DQZXservS8', 'XAmXenpQh2', 'Rn7X0Rct30', 'LIQX4mNPAG', 'GHjXUDBi0G', 'csxXJu3uEw', 'VCWXuhx4us', 'qPmXEFyeWL'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, KW72ZSqqU6bWEcT1Sxf.csHigh entropy of concatenated method names: 'nJkCZ8eAu9', 'xUYCzIuHHN', 'pHPayPxsr8', 'SmZaqY0Xia', 'C88af6oKec', 'm62aMULns7', 'W8iaF2pafT', 'tmwaW9OhZi', 'cJpa9DAcvN', 'mFkawyd7co'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, RN9I0IDg1MWEnDK52Q.csHigh entropy of concatenated method names: 'wD9OjsUWRB', 'ffoOtoJtto', 'SEaODcqgF7', 'fINOrHJ7GG', 'uRGOsfrJb7', 'g4XOe9qxcG', 'ow3O0wjCGZ', 'IP7O4IoKFR', 'pEoOUWJTyT', 'tGtOJb3jhV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, hYKkM3299BRT2mk17j.csHigh entropy of concatenated method names: 'JknIV7hryc', 'G1QIZ7oQOQ', 's0mkyLXDCo', 'c4SkqRDh57', 'g3jIAPbpmc', 'U4vIt5Y2Mc', 'JugIcJ8rb0', 'nrIIDgnfKe', 'MqUIrK4XhC', 'HtoITqZ7Cx'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, y8XsyNbFikVYQmJVDW.csHigh entropy of concatenated method names: 'A8SLGgiokN', 'QvmLmq2ov1', 'aahLlhdgeD', 'lRZLbMbT0f', 'NsYLOHo7GD', 'fbxLXHSxeF', 'CZ0LIfYGL2', 'Mk3LkCtgmH', 'ShhLNtJ61i', 'cRWLCNdwXg'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, PfLg7oYA7P1jXVU2eM.csHigh entropy of concatenated method names: 'CUGN7y4Fbf', 'DMXNsCI7Y6', 'AIyNegHJXn', 'IYnN0l8ZLB', 'lneN4qBdUU', 'EtxNUOVVHb', 'zBrNJpe0mb', 'rceNuJq0xH', 'WGDNEodMMN', 'UVWNjjqqbM'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, HFtW03ze2Ql7gKpva4.csHigh entropy of concatenated method names: 'KyECmMbMNh', 'ddeCllWmhZ', 'FcyCb1oy4j', 'uw1C7b0DYX', 'ItdCsc6AN6', 'h69C0KlLkW', 'VMhC4PpeF1', 'XVSCKRRbbn', 'nJnCoVnnpG', 'xHBCgVTUVt'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, F4B3ZvZJaAPpcfUQKl.csHigh entropy of concatenated method names: 'YUBCLi80ul', 'WNJC67xKBY', 'LAaC58OVNI', 'gl3CBhEp44', 'g5eCNRKH4B', 'zhPC3mhXek', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, jksrUMJbKeKS3m1pN5.csHigh entropy of concatenated method names: 'H95B9aTdp1', 'sbXBLL1Tkp', 'RoBB5riSnT', 'x255Z3xWYN', 'b8U5zKfqK4', 'FQjByO6nu3', 'J7KBqNCs3N', 'KbWBfs5s9L', 'V7qBMuWpPG', 'o9jBFtD4OH'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, PQqmrXwQabidtxoqWV.csHigh entropy of concatenated method names: 'Dispose', 'DGWqY1aMHY', 'qR0fsJWyna', 'VtT9iLXamL', 'TSTqZI3fJt', 'JWuqzMMOX6', 'ProcessDialogKey', 'xEcfyfLg7o', 'O7Pfq1jXVU', 'VeMffH4B3Z'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, Gx3Z4Yc4yMjcrPaCNx.csHigh entropy of concatenated method names: 'Lpr8l1ESUZ', 'ySL8bchcFY', 'h4M872NwLQ', 'HwV8sFNl7H', 'SNd80dkR4j', 'Viv84VtCuH', 'oOW8JxhGlH', 'Bju8ugwdVp', 'e2v8jYegRW', 'GTt8AF7G3E'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, ABoCs2Qec1GW1aMHYd.csHigh entropy of concatenated method names: 'rkXNOmEFKe', 'JtuNIp5XLJ', 'VloNNL3lIo', 's92NaWAHou', 'LqANh4R4Po', 'De7NKU4jkL', 'Dispose', 'srZk9pItfv', 'MwRkwvBQpC', 'wMjkLGhPbq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, BNfF4D7ITR954fAa5W.csHigh entropy of concatenated method names: 'zKp5WBE8wK', 'AA35wFssDW', 'gev56p2MI0', 'Ple5B1mI9A', 'NqO536B4pm', 'huW6SNGkul', 'zvR62MAhRO', 'BSu6QOmX64', 'fg56V8E8qu', 'NIo6YYEjkq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, ViRuP3qyvPHmNvKhmNQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'a42CACWIeM', 'e9tCtvOlv1', 'yMgCcy8kgi', 'ULbCDqHXT0', 'pXVCrnVBrk', 'mBKCTXsjZH', 'XSvCdCOjbY'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, KcWvU4lWfjj1EcFWhJ.csHigh entropy of concatenated method names: 'Be1wDwasHq', 'LQQwrfX57h', 'oalwTqCUkl', 'pf4wdaj4Zj', 'lL9wS9qlSd', 'rb0w2U7oZ8', 'j57wQP3vEF', 'yH5wVDRglx', 'aImwY7p7U3', 'DTEwZScAb4'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, U8cjlfdqqVDuqcjh4O.csHigh entropy of concatenated method names: 'oFhIRUKNQx', 'ymHInh4YqP', 'ToString', 'GADI9W4vjL', 'w48IwM9NUd', 'FGwILHhp2s', 'X0DI6kGdQn', 'Qj4I5OTG2E', 'fSSIBlQt7x', 'qHoI3OTCwq'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.83c0000.4.raw.unpack, uZL4MGfU3pRSvoWCbB.csHigh entropy of concatenated method names: 'WXLin3yk3', 'mNEGGy0kq', 'pZEm3Zbuq', 'IJi17RhdC', 'h45bDkUxC', 'Rs1HpKL2L', 'JKsacKJJftCt4uZpIM', 'BcXMxkNsCNwJoSWAFS', 'd7gqdN7Qnu9cymOixf', 'c4Ekvv0rI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.36ccac8.0.raw.unpack, RXv2gXFWfOHdOu5o4x.csHigh entropy of concatenated method names: 'Dispose', 'RXvF2gXWf', 'n2Bp3KX6LyhTbP96rs', 'HAstR11TVar3Xj672y', 'xsAVXGkykj1GusshJD', 'JGFM2jecZvOttkGp4k', 'HHpSMXNqrPUQ9uRakI', 'ranpYVVsY7udN56k77', 'p5pu9YMFbrUFoKYFkw', 'AbP9nkAg30G7nF7ARo'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.36ccac8.0.raw.unpack, gaWNLGnov1rlIG3v4D.csHigh entropy of concatenated method names: 'RQZhEfdal', 'elpwuw9vg', 'C7SvONiOb', 'aZJEKrY9W', 'sgWQQRlj4', 'RrdjBPCmS', 'Sy8pMxXYf', 'wHiomWuqF', 'Mi7rXdWnP', 'uih5bqCV1'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe PID: 7432, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: 31E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: 3470000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: 31E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: 99E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: A9E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: AC00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: BC00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA096E rdtsc 2_2_00FA096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe TID: 7468Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe TID: 7508Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeThread delayed: delay time: 30000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.5.drBinary or memory string: VMware
          Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAMX
          Source: Amcache.hve.5.drBinary or memory string: vmci.sys
          Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 d9 2e dc 89 72 dd-92 e8 86 9f a5 a6 64 93
          Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.5.drBinary or memory string: VMware20,1
          Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.24224532.B64.2408191502,BiosReleaseDate:08/19/2024,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA096E rdtsc 2_2_00FA096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2C0A LdrInitializeThunk,2_2_00FA2C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5C0F0 mov eax, dword ptr fs:[00000030h]2_2_00F5C0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA20F0 mov ecx, dword ptr fs:[00000030h]2_2_00FA20F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov eax, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov ecx, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov eax, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov eax, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov ecx, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov eax, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov eax, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov ecx, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov eax, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E10E mov ecx, dword ptr fs:[00000030h]2_2_0100E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5A0E3 mov ecx, dword ptr fs:[00000030h]2_2_00F5A0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01020115 mov eax, dword ptr fs:[00000030h]2_2_01020115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100A118 mov ecx, dword ptr fs:[00000030h]2_2_0100A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100A118 mov eax, dword ptr fs:[00000030h]2_2_0100A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100A118 mov eax, dword ptr fs:[00000030h]2_2_0100A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100A118 mov eax, dword ptr fs:[00000030h]2_2_0100A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE60E0 mov eax, dword ptr fs:[00000030h]2_2_00FE60E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F680E9 mov eax, dword ptr fs:[00000030h]2_2_00F680E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE20DE mov eax, dword ptr fs:[00000030h]2_2_00FE20DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF80A8 mov eax, dword ptr fs:[00000030h]2_2_00FF80A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6208A mov eax, dword ptr fs:[00000030h]2_2_00F6208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01004180 mov eax, dword ptr fs:[00000030h]2_2_01004180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01004180 mov eax, dword ptr fs:[00000030h]2_2_01004180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101C188 mov eax, dword ptr fs:[00000030h]2_2_0101C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101C188 mov eax, dword ptr fs:[00000030h]2_2_0101C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8C073 mov eax, dword ptr fs:[00000030h]2_2_00F8C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F62050 mov eax, dword ptr fs:[00000030h]2_2_00F62050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6050 mov eax, dword ptr fs:[00000030h]2_2_00FE6050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010261C3 mov eax, dword ptr fs:[00000030h]2_2_010261C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010261C3 mov eax, dword ptr fs:[00000030h]2_2_010261C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF6030 mov eax, dword ptr fs:[00000030h]2_2_00FF6030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5A020 mov eax, dword ptr fs:[00000030h]2_2_00F5A020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5C020 mov eax, dword ptr fs:[00000030h]2_2_00F5C020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]2_2_00F7E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]2_2_00F7E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]2_2_00F7E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]2_2_00F7E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010361E5 mov eax, dword ptr fs:[00000030h]2_2_010361E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE4000 mov ecx, dword ptr fs:[00000030h]2_2_00FE4000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01002000 mov eax, dword ptr fs:[00000030h]2_2_01002000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F901F8 mov eax, dword ptr fs:[00000030h]2_2_00F901F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]2_2_00FDE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]2_2_00FDE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE1D0 mov ecx, dword ptr fs:[00000030h]2_2_00FDE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]2_2_00FDE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]2_2_00FDE1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]2_2_00FE019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]2_2_00FE019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]2_2_00FE019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]2_2_00FE019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5A197 mov eax, dword ptr fs:[00000030h]2_2_00F5A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5A197 mov eax, dword ptr fs:[00000030h]2_2_00F5A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5A197 mov eax, dword ptr fs:[00000030h]2_2_00F5A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA0185 mov eax, dword ptr fs:[00000030h]2_2_00FA0185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66154 mov eax, dword ptr fs:[00000030h]2_2_00F66154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66154 mov eax, dword ptr fs:[00000030h]2_2_00F66154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5C156 mov eax, dword ptr fs:[00000030h]2_2_00F5C156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF8158 mov eax, dword ptr fs:[00000030h]2_2_00FF8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010260B8 mov eax, dword ptr fs:[00000030h]2_2_010260B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010260B8 mov ecx, dword ptr fs:[00000030h]2_2_010260B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]2_2_00FF4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]2_2_00FF4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF4144 mov ecx, dword ptr fs:[00000030h]2_2_00FF4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]2_2_00FF4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]2_2_00FF4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F90124 mov eax, dword ptr fs:[00000030h]2_2_00F90124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F702E1 mov eax, dword ptr fs:[00000030h]2_2_00F702E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F702E1 mov eax, dword ptr fs:[00000030h]2_2_00F702E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F702E1 mov eax, dword ptr fs:[00000030h]2_2_00F702E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]2_2_00F6A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]2_2_00F6A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]2_2_00F6A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]2_2_00F6A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]2_2_00F6A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102A352 mov eax, dword ptr fs:[00000030h]2_2_0102A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01008350 mov ecx, dword ptr fs:[00000030h]2_2_01008350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F702A0 mov eax, dword ptr fs:[00000030h]2_2_00F702A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F702A0 mov eax, dword ptr fs:[00000030h]2_2_00F702A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]2_2_00FF62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF62A0 mov ecx, dword ptr fs:[00000030h]2_2_00FF62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]2_2_00FF62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]2_2_00FF62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]2_2_00FF62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]2_2_00FF62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100437C mov eax, dword ptr fs:[00000030h]2_2_0100437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE0283 mov eax, dword ptr fs:[00000030h]2_2_00FE0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE0283 mov eax, dword ptr fs:[00000030h]2_2_00FE0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE0283 mov eax, dword ptr fs:[00000030h]2_2_00FE0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E284 mov eax, dword ptr fs:[00000030h]2_2_00F9E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E284 mov eax, dword ptr fs:[00000030h]2_2_00F9E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64260 mov eax, dword ptr fs:[00000030h]2_2_00F64260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64260 mov eax, dword ptr fs:[00000030h]2_2_00F64260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64260 mov eax, dword ptr fs:[00000030h]2_2_00F64260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5826B mov eax, dword ptr fs:[00000030h]2_2_00F5826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5A250 mov eax, dword ptr fs:[00000030h]2_2_00F5A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66259 mov eax, dword ptr fs:[00000030h]2_2_00F66259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE8243 mov eax, dword ptr fs:[00000030h]2_2_00FE8243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE8243 mov ecx, dword ptr fs:[00000030h]2_2_00FE8243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101C3CD mov eax, dword ptr fs:[00000030h]2_2_0101C3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5823B mov eax, dword ptr fs:[00000030h]2_2_00F5823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010043D4 mov eax, dword ptr fs:[00000030h]2_2_010043D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010043D4 mov eax, dword ptr fs:[00000030h]2_2_010043D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E3DB mov eax, dword ptr fs:[00000030h]2_2_0100E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E3DB mov eax, dword ptr fs:[00000030h]2_2_0100E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E3DB mov ecx, dword ptr fs:[00000030h]2_2_0100E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100E3DB mov eax, dword ptr fs:[00000030h]2_2_0100E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F963FF mov eax, dword ptr fs:[00000030h]2_2_00F963FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]2_2_00F7E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]2_2_00F7E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]2_2_00F7E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]2_2_00F703E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]2_2_00F683C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]2_2_00F683C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]2_2_00F683C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]2_2_00F683C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]2_2_00F6A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]2_2_00F6A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]2_2_00F6A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]2_2_00F6A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]2_2_00F6A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]2_2_00F6A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE63C0 mov eax, dword ptr fs:[00000030h]2_2_00FE63C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101A250 mov eax, dword ptr fs:[00000030h]2_2_0101A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101A250 mov eax, dword ptr fs:[00000030h]2_2_0101A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F58397 mov eax, dword ptr fs:[00000030h]2_2_00F58397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F58397 mov eax, dword ptr fs:[00000030h]2_2_00F58397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F58397 mov eax, dword ptr fs:[00000030h]2_2_00F58397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]2_2_01010274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8438F mov eax, dword ptr fs:[00000030h]2_2_00F8438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8438F mov eax, dword ptr fs:[00000030h]2_2_00F8438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5E388 mov eax, dword ptr fs:[00000030h]2_2_00F5E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5E388 mov eax, dword ptr fs:[00000030h]2_2_00F5E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5E388 mov eax, dword ptr fs:[00000030h]2_2_00F5E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]2_2_00FE035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]2_2_00FE035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]2_2_00FE035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE035C mov ecx, dword ptr fs:[00000030h]2_2_00FE035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]2_2_00FE035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]2_2_00FE035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]2_2_00FE2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5C310 mov ecx, dword ptr fs:[00000030h]2_2_00F5C310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F80310 mov ecx, dword ptr fs:[00000030h]2_2_00F80310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A30B mov eax, dword ptr fs:[00000030h]2_2_00F9A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A30B mov eax, dword ptr fs:[00000030h]2_2_00F9A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A30B mov eax, dword ptr fs:[00000030h]2_2_00F9A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]2_2_01034500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F604E5 mov ecx, dword ptr fs:[00000030h]2_2_00F604E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F944B0 mov ecx, dword ptr fs:[00000030h]2_2_00F944B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEA4B0 mov eax, dword ptr fs:[00000030h]2_2_00FEA4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F664AB mov eax, dword ptr fs:[00000030h]2_2_00F664AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8A470 mov eax, dword ptr fs:[00000030h]2_2_00F8A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8A470 mov eax, dword ptr fs:[00000030h]2_2_00F8A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8A470 mov eax, dword ptr fs:[00000030h]2_2_00F8A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEC460 mov ecx, dword ptr fs:[00000030h]2_2_00FEC460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8245A mov eax, dword ptr fs:[00000030h]2_2_00F8245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5645D mov eax, dword ptr fs:[00000030h]2_2_00F5645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]2_2_00F9E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A430 mov eax, dword ptr fs:[00000030h]2_2_00F9A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5C427 mov eax, dword ptr fs:[00000030h]2_2_00F5C427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5E420 mov eax, dword ptr fs:[00000030h]2_2_00F5E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5E420 mov eax, dword ptr fs:[00000030h]2_2_00F5E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5E420 mov eax, dword ptr fs:[00000030h]2_2_00F5E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE6420 mov eax, dword ptr fs:[00000030h]2_2_00FE6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F98402 mov eax, dword ptr fs:[00000030h]2_2_00F98402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F98402 mov eax, dword ptr fs:[00000030h]2_2_00F98402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F98402 mov eax, dword ptr fs:[00000030h]2_2_00F98402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C5ED mov eax, dword ptr fs:[00000030h]2_2_00F9C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C5ED mov eax, dword ptr fs:[00000030h]2_2_00F9C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F625E0 mov eax, dword ptr fs:[00000030h]2_2_00F625E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]2_2_00F8E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F665D0 mov eax, dword ptr fs:[00000030h]2_2_00F665D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A5D0 mov eax, dword ptr fs:[00000030h]2_2_00F9A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A5D0 mov eax, dword ptr fs:[00000030h]2_2_00F9A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E5CF mov eax, dword ptr fs:[00000030h]2_2_00F9E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E5CF mov eax, dword ptr fs:[00000030h]2_2_00F9E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F845B1 mov eax, dword ptr fs:[00000030h]2_2_00F845B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F845B1 mov eax, dword ptr fs:[00000030h]2_2_00F845B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101A456 mov eax, dword ptr fs:[00000030h]2_2_0101A456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE05A7 mov eax, dword ptr fs:[00000030h]2_2_00FE05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE05A7 mov eax, dword ptr fs:[00000030h]2_2_00FE05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE05A7 mov eax, dword ptr fs:[00000030h]2_2_00FE05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9E59C mov eax, dword ptr fs:[00000030h]2_2_00F9E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F94588 mov eax, dword ptr fs:[00000030h]2_2_00F94588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F62582 mov eax, dword ptr fs:[00000030h]2_2_00F62582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F62582 mov ecx, dword ptr fs:[00000030h]2_2_00F62582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9656A mov eax, dword ptr fs:[00000030h]2_2_00F9656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9656A mov eax, dword ptr fs:[00000030h]2_2_00F9656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9656A mov eax, dword ptr fs:[00000030h]2_2_00F9656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0101A49A mov eax, dword ptr fs:[00000030h]2_2_0101A49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68550 mov eax, dword ptr fs:[00000030h]2_2_00F68550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68550 mov eax, dword ptr fs:[00000030h]2_2_00F68550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]2_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]2_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]2_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]2_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]2_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]2_2_00F70535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]2_2_00F8E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]2_2_00F8E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]2_2_00F8E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]2_2_00F8E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]2_2_00F8E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF6500 mov eax, dword ptr fs:[00000030h]2_2_00FF6500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]2_2_00FDE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]2_2_00FDE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]2_2_00FDE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE6F2 mov eax, dword ptr fs:[00000030h]2_2_00FDE6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE06F1 mov eax, dword ptr fs:[00000030h]2_2_00FE06F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE06F1 mov eax, dword ptr fs:[00000030h]2_2_00FE06F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A6C7 mov ebx, dword ptr fs:[00000030h]2_2_00F9A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A6C7 mov eax, dword ptr fs:[00000030h]2_2_00F9A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F966B0 mov eax, dword ptr fs:[00000030h]2_2_00F966B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C6A6 mov eax, dword ptr fs:[00000030h]2_2_00F9C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64690 mov eax, dword ptr fs:[00000030h]2_2_00F64690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64690 mov eax, dword ptr fs:[00000030h]2_2_00F64690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F92674 mov eax, dword ptr fs:[00000030h]2_2_00F92674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100678E mov eax, dword ptr fs:[00000030h]2_2_0100678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A660 mov eax, dword ptr fs:[00000030h]2_2_00F9A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A660 mov eax, dword ptr fs:[00000030h]2_2_00F9A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010147A0 mov eax, dword ptr fs:[00000030h]2_2_010147A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7C640 mov eax, dword ptr fs:[00000030h]2_2_00F7C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7E627 mov eax, dword ptr fs:[00000030h]2_2_00F7E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F96620 mov eax, dword ptr fs:[00000030h]2_2_00F96620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F98620 mov eax, dword ptr fs:[00000030h]2_2_00F98620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6262C mov eax, dword ptr fs:[00000030h]2_2_00F6262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2619 mov eax, dword ptr fs:[00000030h]2_2_00FA2619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE609 mov eax, dword ptr fs:[00000030h]2_2_00FDE609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F7260B mov eax, dword ptr fs:[00000030h]2_2_00F7260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F647FB mov eax, dword ptr fs:[00000030h]2_2_00F647FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F647FB mov eax, dword ptr fs:[00000030h]2_2_00F647FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F827ED mov eax, dword ptr fs:[00000030h]2_2_00F827ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F827ED mov eax, dword ptr fs:[00000030h]2_2_00F827ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F827ED mov eax, dword ptr fs:[00000030h]2_2_00F827ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEE7E1 mov eax, dword ptr fs:[00000030h]2_2_00FEE7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6C7C0 mov eax, dword ptr fs:[00000030h]2_2_00F6C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE07C3 mov eax, dword ptr fs:[00000030h]2_2_00FE07C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F607AF mov eax, dword ptr fs:[00000030h]2_2_00F607AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102866E mov eax, dword ptr fs:[00000030h]2_2_0102866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102866E mov eax, dword ptr fs:[00000030h]2_2_0102866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68770 mov eax, dword ptr fs:[00000030h]2_2_00F68770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70770 mov eax, dword ptr fs:[00000030h]2_2_00F70770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEE75D mov eax, dword ptr fs:[00000030h]2_2_00FEE75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60750 mov eax, dword ptr fs:[00000030h]2_2_00F60750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2750 mov eax, dword ptr fs:[00000030h]2_2_00FA2750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA2750 mov eax, dword ptr fs:[00000030h]2_2_00FA2750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE4755 mov eax, dword ptr fs:[00000030h]2_2_00FE4755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9674D mov esi, dword ptr fs:[00000030h]2_2_00F9674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9674D mov eax, dword ptr fs:[00000030h]2_2_00F9674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9674D mov eax, dword ptr fs:[00000030h]2_2_00F9674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9273C mov eax, dword ptr fs:[00000030h]2_2_00F9273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9273C mov ecx, dword ptr fs:[00000030h]2_2_00F9273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9273C mov eax, dword ptr fs:[00000030h]2_2_00F9273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDC730 mov eax, dword ptr fs:[00000030h]2_2_00FDC730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C720 mov eax, dword ptr fs:[00000030h]2_2_00F9C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C720 mov eax, dword ptr fs:[00000030h]2_2_00F9C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60710 mov eax, dword ptr fs:[00000030h]2_2_00F60710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F90710 mov eax, dword ptr fs:[00000030h]2_2_00F90710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C700 mov eax, dword ptr fs:[00000030h]2_2_00F9C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C8F9 mov eax, dword ptr fs:[00000030h]2_2_00F9C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9C8F9 mov eax, dword ptr fs:[00000030h]2_2_00F9C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8E8C0 mov eax, dword ptr fs:[00000030h]2_2_00F8E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEC89D mov eax, dword ptr fs:[00000030h]2_2_00FEC89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60887 mov eax, dword ptr fs:[00000030h]2_2_00F60887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01004978 mov eax, dword ptr fs:[00000030h]2_2_01004978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01004978 mov eax, dword ptr fs:[00000030h]2_2_01004978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEE872 mov eax, dword ptr fs:[00000030h]2_2_00FEE872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEE872 mov eax, dword ptr fs:[00000030h]2_2_00FEE872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF6870 mov eax, dword ptr fs:[00000030h]2_2_00FF6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF6870 mov eax, dword ptr fs:[00000030h]2_2_00FF6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F90854 mov eax, dword ptr fs:[00000030h]2_2_00F90854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64859 mov eax, dword ptr fs:[00000030h]2_2_00F64859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F64859 mov eax, dword ptr fs:[00000030h]2_2_00F64859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F72840 mov ecx, dword ptr fs:[00000030h]2_2_00F72840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9A830 mov eax, dword ptr fs:[00000030h]2_2_00F9A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82835 mov eax, dword ptr fs:[00000030h]2_2_00F82835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82835 mov eax, dword ptr fs:[00000030h]2_2_00F82835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82835 mov eax, dword ptr fs:[00000030h]2_2_00F82835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82835 mov ecx, dword ptr fs:[00000030h]2_2_00F82835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82835 mov eax, dword ptr fs:[00000030h]2_2_00F82835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F82835 mov eax, dword ptr fs:[00000030h]2_2_00F82835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102A9D3 mov eax, dword ptr fs:[00000030h]2_2_0102A9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEC810 mov eax, dword ptr fs:[00000030h]2_2_00FEC810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F929F9 mov eax, dword ptr fs:[00000030h]2_2_00F929F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F929F9 mov eax, dword ptr fs:[00000030h]2_2_00F929F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEE9E0 mov eax, dword ptr fs:[00000030h]2_2_00FEE9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]2_2_00F6A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]2_2_00F6A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]2_2_00F6A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]2_2_00F6A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]2_2_00F6A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6A9D0 mov eax, dword ptr fs:[00000030h]2_2_00F6A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F949D0 mov eax, dword ptr fs:[00000030h]2_2_00F949D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100483A mov eax, dword ptr fs:[00000030h]2_2_0100483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100483A mov eax, dword ptr fs:[00000030h]2_2_0100483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF69C0 mov eax, dword ptr fs:[00000030h]2_2_00FF69C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE89B3 mov esi, dword ptr fs:[00000030h]2_2_00FE89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE89B3 mov eax, dword ptr fs:[00000030h]2_2_00FE89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE89B3 mov eax, dword ptr fs:[00000030h]2_2_00FE89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F729A0 mov eax, dword ptr fs:[00000030h]2_2_00F729A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F609AD mov eax, dword ptr fs:[00000030h]2_2_00F609AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F609AD mov eax, dword ptr fs:[00000030h]2_2_00F609AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEC97C mov eax, dword ptr fs:[00000030h]2_2_00FEC97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA096E mov eax, dword ptr fs:[00000030h]2_2_00FA096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA096E mov edx, dword ptr fs:[00000030h]2_2_00FA096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FA096E mov eax, dword ptr fs:[00000030h]2_2_00FA096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F86962 mov eax, dword ptr fs:[00000030h]2_2_00F86962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F86962 mov eax, dword ptr fs:[00000030h]2_2_00F86962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F86962 mov eax, dword ptr fs:[00000030h]2_2_00F86962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE0946 mov eax, dword ptr fs:[00000030h]2_2_00FE0946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_010308C0 mov eax, dword ptr fs:[00000030h]2_2_010308C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FE892A mov eax, dword ptr fs:[00000030h]2_2_00FE892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF892B mov eax, dword ptr fs:[00000030h]2_2_00FF892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102A8E4 mov eax, dword ptr fs:[00000030h]2_2_0102A8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FEC912 mov eax, dword ptr fs:[00000030h]2_2_00FEC912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F58918 mov eax, dword ptr fs:[00000030h]2_2_00F58918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F58918 mov eax, dword ptr fs:[00000030h]2_2_00F58918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE908 mov eax, dword ptr fs:[00000030h]2_2_00FDE908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDE908 mov eax, dword ptr fs:[00000030h]2_2_00FDE908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9AAEE mov eax, dword ptr fs:[00000030h]2_2_00F9AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9AAEE mov eax, dword ptr fs:[00000030h]2_2_00F9AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60AD0 mov eax, dword ptr fs:[00000030h]2_2_00F60AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F94AD0 mov eax, dword ptr fs:[00000030h]2_2_00F94AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F94AD0 mov eax, dword ptr fs:[00000030h]2_2_00F94AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01028B28 mov eax, dword ptr fs:[00000030h]2_2_01028B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01028B28 mov eax, dword ptr fs:[00000030h]2_2_01028B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB6ACC mov eax, dword ptr fs:[00000030h]2_2_00FB6ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB6ACC mov eax, dword ptr fs:[00000030h]2_2_00FB6ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB6ACC mov eax, dword ptr fs:[00000030h]2_2_00FB6ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0102AB40 mov eax, dword ptr fs:[00000030h]2_2_0102AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01008B42 mov eax, dword ptr fs:[00000030h]2_2_01008B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01014B4B mov eax, dword ptr fs:[00000030h]2_2_01014B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01014B4B mov eax, dword ptr fs:[00000030h]2_2_01014B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100EB50 mov eax, dword ptr fs:[00000030h]2_2_0100EB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01032B57 mov eax, dword ptr fs:[00000030h]2_2_01032B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01032B57 mov eax, dword ptr fs:[00000030h]2_2_01032B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01032B57 mov eax, dword ptr fs:[00000030h]2_2_01032B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01032B57 mov eax, dword ptr fs:[00000030h]2_2_01032B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68AA0 mov eax, dword ptr fs:[00000030h]2_2_00F68AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68AA0 mov eax, dword ptr fs:[00000030h]2_2_00F68AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FB6AA4 mov eax, dword ptr fs:[00000030h]2_2_00FB6AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F98A90 mov edx, dword ptr fs:[00000030h]2_2_00F98A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F6EA80 mov eax, dword ptr fs:[00000030h]2_2_00F6EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDCA72 mov eax, dword ptr fs:[00000030h]2_2_00FDCA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDCA72 mov eax, dword ptr fs:[00000030h]2_2_00FDCA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9CA6F mov eax, dword ptr fs:[00000030h]2_2_00F9CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9CA6F mov eax, dword ptr fs:[00000030h]2_2_00F9CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9CA6F mov eax, dword ptr fs:[00000030h]2_2_00F9CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F66A50 mov eax, dword ptr fs:[00000030h]2_2_00F66A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70A5B mov eax, dword ptr fs:[00000030h]2_2_00F70A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70A5B mov eax, dword ptr fs:[00000030h]2_2_00F70A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01014BB0 mov eax, dword ptr fs:[00000030h]2_2_01014BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01014BB0 mov eax, dword ptr fs:[00000030h]2_2_01014BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9CA38 mov eax, dword ptr fs:[00000030h]2_2_00F9CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F84A35 mov eax, dword ptr fs:[00000030h]2_2_00F84A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F84A35 mov eax, dword ptr fs:[00000030h]2_2_00F84A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100EBD0 mov eax, dword ptr fs:[00000030h]2_2_0100EBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8EA2E mov eax, dword ptr fs:[00000030h]2_2_00F8EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F9CA24 mov eax, dword ptr fs:[00000030h]2_2_00F9CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FECA11 mov eax, dword ptr fs:[00000030h]2_2_00FECA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8EBFC mov eax, dword ptr fs:[00000030h]2_2_00F8EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68BF0 mov eax, dword ptr fs:[00000030h]2_2_00F68BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68BF0 mov eax, dword ptr fs:[00000030h]2_2_00F68BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F68BF0 mov eax, dword ptr fs:[00000030h]2_2_00F68BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FECBF0 mov eax, dword ptr fs:[00000030h]2_2_00FECBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F80BCB mov eax, dword ptr fs:[00000030h]2_2_00F80BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F80BCB mov eax, dword ptr fs:[00000030h]2_2_00F80BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F80BCB mov eax, dword ptr fs:[00000030h]2_2_00F80BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60BCD mov eax, dword ptr fs:[00000030h]2_2_00F60BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60BCD mov eax, dword ptr fs:[00000030h]2_2_00F60BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F60BCD mov eax, dword ptr fs:[00000030h]2_2_00F60BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70BBE mov eax, dword ptr fs:[00000030h]2_2_00F70BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F70BBE mov eax, dword ptr fs:[00000030h]2_2_00F70BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_0100EA60 mov eax, dword ptr fs:[00000030h]2_2_0100EA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_01034A80 mov eax, dword ptr fs:[00000030h]2_2_01034A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F5CB7E mov eax, dword ptr fs:[00000030h]2_2_00F5CB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF6B40 mov eax, dword ptr fs:[00000030h]2_2_00FF6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FF6B40 mov eax, dword ptr fs:[00000030h]2_2_00FF6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8EB20 mov eax, dword ptr fs:[00000030h]2_2_00F8EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F8EB20 mov eax, dword ptr fs:[00000030h]2_2_00F8EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00FDEB1D mov eax, dword ptr fs:[00000030h]2_2_00FDEB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F92CF0 mov eax, dword ptr fs:[00000030h]2_2_00F92CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeCode function: 2_2_00F92CF0 mov eax, dword ptr fs:[00000030h]2_2_00F92CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeQueries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.1441072281.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.1441072281.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS12
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.