Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKD.43525182.28643.16638

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.GenericKD.43525182.28643.16638 (renamed file extension from 16638 to exe)
Analysis ID:255593
MD5:dcf7add878e1e15a80ae49a24f193a33
SHA1:d11535a8533a3a70d49c4ee09315bd61dde06ab2
SHA256:eb531fc8e0491b4361a4519110467f475aeb2e418018f97e7e4f1548bca05862

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected AgentTesla
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Modifies the hosts file
Moves itself to temp directory
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • NBUGIoN.exe (PID: 4788 cmdline: 'C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe' MD5: DCF7ADD878E1E15A80AE49A24F193A33)
    • NBUGIoN.exe (PID: 2848 cmdline: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe MD5: DCF7ADD878E1E15A80AE49A24F193A33)
  • NBUGIoN.exe (PID: 6748 cmdline: 'C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe' MD5: DCF7ADD878E1E15A80AE49A24F193A33)
    • NBUGIoN.exe (PID: 1936 cmdline: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe MD5: DCF7ADD878E1E15A80AE49A24F193A33)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "ytTKd", "URL: ": "https://bx4dFeKDlhfe4eER.org", "To: ": "cobol.wang@amazing-cool.com", "ByHost: ": "amazing-cool.com:25", "Password: ": "7Wmdgkx2", "From: ": "cobol.wang@amazing-cool.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.539235385.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000000C.00000002.397404298.00000000037B9000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000011.00000002.423539967.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.294955552.00000000034C9000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0000000C.00000002.397249508.0000000003719000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 19 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            15.2.NBUGIoN.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              12.2.NBUGIoN.exe.4ff0000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe.6df0000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  14.2.NBUGIoN.exe.5b60000.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    12.2.NBUGIoN.exe.4ff0000.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 4 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: NBUGIoN.exe.2848.15.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "ytTKd", "URL: ": "https://bx4dFeKDlhfe4eER.org", "To: ": "cobol.wang@amazing-cool.com", "ByHost: ": "amazing-cool.com:25", "Password: ": "7Wmdgkx2", "From: ": "cobol.wang@amazing-cool.com"}
                      Source: global trafficTCP traffic: 192.168.2.6:49761 -> 103.118.26.53:25
                      Source: unknownDNS traffic detected: queries for: cdn.onenote.net
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000005.00000002.545428778.0000000003502000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000F.00000002.545962818.0000000002F5C000.00000004.00000001.sdmpString found in binary or memory: http://amazing-cool.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeString found in binary or memory: http://ocsp.sectigo.com0
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000003.278703165.0000000005619000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000003.277291929.0000000005624000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comts
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.294462570.0000000000C87000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comgritauq
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.294462570.0000000000C87000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comlvfet
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.294462570.0000000000C87000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comm
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000003.276816551.0000000005621000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.300374067.0000000006822000.00000004.00000001.sdmp, NBUGIoN.exe, 0000000C.00000002.402646667.00000000059A0000.00000002.00000001.sdmp, NBUGIoN.exe, 0000000E.00000002.416719411.0000000005C10000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000003.277204151.0000000005624000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cne
                      Source: NBUGIoN.exe, 0000000F.00000002.545168411.0000000002E36000.00000004.00000001.sdmpString found in binary or memory: https://bx4dFeKDlhfe4eER.org
                      Source: NBUGIoN.exe, 0000000F.00000002.545168411.0000000002E36000.00000004.00000001.sdmpString found in binary or memory: https://bx4dFeKDlhfe4eER.org(
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeString found in binary or memory: https://sectigo.com/CPS0D

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Installs a global keyboard hookShow sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeWindow created: window name: CLIPBRDWNDCLASS

                      Spam, unwanted Advertisements and Ransom Demands:

                      barindex
                      Modifies the hosts fileShow sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 0_2_00C585D80_2_00C585D8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 0_2_00C5AD580_2_00C5AD58
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA04905_2_05BA0490
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA07E05_2_05BA07E0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA43485_2_05BA4348
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA89185_2_05BA8918
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA36805_2_05BA3680
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA7A985_2_05BA7A98
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA04815_2_05BA0481
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA07D05_2_05BA07D0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA47705_2_05BA4770
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA89085_2_05BA8908
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA36705_2_05BA3670
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA7F035_2_05BA7F03
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA7E885_2_05BA7E88
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_05BA7A895_2_05BA7A89
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661A7785_2_0661A778
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066194905_2_06619490
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661C2685_2_0661C268
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661A3405_2_0661A340
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066199D05_2_066199D0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661A7685_2_0661A768
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661BC105_2_0661BC10
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661CCA85_2_0661CCA8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066105585_2_06610558
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661C5E45_2_0661C5E4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661BDA55_2_0661BDA5
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661C2585_2_0661C258
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066112B85_2_066112B8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661A3305_2_0661A330
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06619BC15_2_06619BC1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06619BD05_2_06619BD0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066199C05_2_066199C0
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 12_2_026585D812_2_026585D8
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 12_2_0265AD5812_2_0265AD58
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 12_2_04B686A412_2_04B686A4
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 12_2_04B6EC5012_2_04B6EC50
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 14_2_010D85D814_2_010D85D8
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 14_2_010DAD5814_2_010DAD58
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 14_2_04E286A414_2_04E286A4
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeCode function: 14_2_04E2EC5014_2_04E2EC50
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: invalid certificate
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: NBUGIoN.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: NBUGIoN.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: NBUGIoN.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000000.00000002.295242120.0000000003569000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameaspnet_merge.exeT vs SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000005.00000002.551080206.0000000006AC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000005.00000002.549928153.0000000005900000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000005.00000002.551150884.0000000006AE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000005.00000002.541259794.00000000014F8000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe, 00000005.00000002.551034702.0000000006AB0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: 15.2.NBUGIoN.exe.400000.0.unpack, ter.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 15.2.NBUGIoN.exe.400000.0.unpack, ter.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@9/5@3/1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe.logJump to behavior
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe 'C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe 'C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06616626 push es; iretd 5_2_06616F14
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06616F3B push es; retf 5_2_066172E8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06616F00 push es; iretd 5_2_06616F14
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06616F15 push es; retf 5_2_066172E8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615C51 push es; ret 5_2_06615C9C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615C05 push es; ret 5_2_06615C50
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CE1 push es; ret 5_2_06615CE4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CE5 push es; ret 5_2_06615CE8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CE9 push es; ret 5_2_06615CEC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CED push es; ret 5_2_06615D34
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CC5 push es; ret 5_2_06615CC8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CC9 push es; ret 5_2_06615CCC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CCD push es; ret 5_2_06615CD0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CD1 push es; ret 5_2_06615CD4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CD5 push es; ret 5_2_06615CD8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CD9 push es; ret 5_2_06615CDC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615CDD push es; ret 5_2_06615CE0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066104A0 push es; ret 5_2_066104B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615C9D push es; ret 5_2_06615CC4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_0661722A push es; retf 5_2_066172E8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615A3D push es; ret 5_2_06615A88
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615A11 push es; ret 5_2_06615A3C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066172EA push es; ret 5_2_06617464
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_066162CF push es; iretd 5_2_06616F14
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615AD5 push es; ret 5_2_06615B20
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615A89 push es; ret 5_2_06615AD4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615B6D push es; ret 5_2_06615BB8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06610B70 pushad ; iretd 5_2_06610B71
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06616379 push es; iretd 5_2_06616F14
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06615B21 push es; ret 5_2_06615B6C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeCode function: 5_2_06616317 push es; iretd 5_2_06616F14
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile created: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeJump to dropped file
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NBUGIoNJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NBUGIoNJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeFile opened: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeFile opened: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Moves itself to temp directoryShow sources
                      Source: c:\users\user\desktop\securiteinfo.com.trojan.generickd.43525182.28643.exeFile moved: C:\Users\user\AppData\Local\Temp\tmpG671.tmpJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NBUGIoN\NBUGIoN.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exeWindow / User API: threadDelayed 692Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 6204Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7016Thread sleep count: 98 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7016Thread sleep count: 692 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -59812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -59312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -88359s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -58688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -57906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -57312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -84000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -55812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -82359s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -54688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -54000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -53812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -80391s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -53094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -52906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -78750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -52312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -52000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -51406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -51188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -50906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -50094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -49000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -48812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -47906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -47688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -46812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -45312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -45094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -44906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -44688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -44000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -43812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -43594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -42906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -42688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -42500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -42312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -41812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.43525182.28643.exe TID: 7092Thread sleep time: -41594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Securite