Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKD.34263609.3735.31368

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.GenericKD.34263609.3735.31368 (renamed file extension from 31368 to exe)
Analysis ID:255764
MD5:2112c999e44a7d4180680068d9ffb6b1
SHA1:9969d4de902cbeae01cbc42e9ec200a919724581
SHA256:c4d62fb1cf19280c5eefbd09de9d2f7d2c7b23abaf396cff79d552bd4363f1eb

Most interesting Screenshot:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected AntiVM_3
Yara detected FormBook
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98b8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x157a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15291:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x158a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x15a1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa69a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1450c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb393:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18429:$sqlite3step: 68 34 1C 7B E1
    • 0x1853c:$sqlite3step: 68 34 1C 7B E1
    • 0x18458:$sqlite3text: 68 38 2A 90 C5
    • 0x1857d:$sqlite3text: 68 38 2A 90 C5
    • 0x1846b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18593:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 7 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ab8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x149a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14491:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14aa7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14c1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x989a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1370c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa593:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19d17:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ad1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17629:$sqlite3step: 68 34 1C 7B E1
          • 0x1773c:$sqlite3step: 68 34 1C 7B E1
          • 0x17658:$sqlite3text: 68 38 2A 90 C5
          • 0x1777d:$sqlite3text: 68 38 2A 90 C5
          • 0x1766b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17793:$sqlite3blob: 68 53 D8 7F 8C
          2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x98b8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x9b22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x157a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x15291:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x158a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x15a1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0xa69a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x1450c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xb393:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 1 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Machine Learning detection for sampleShow sources
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeJoe Sandbox ML: detected

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419830 NtCreateFile,2_2_00419830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_004198E0 NtReadFile,2_2_004198E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419960 NtClose,2_2_00419960
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419A10 NtAllocateVirtualMemory,2_2_00419A10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419887 NtCreateFile,2_2_00419887
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041995A NtClose,2_2_0041995A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019296E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_019296E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01929660
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01929860
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192B040 NtSuspendThread,2_2_0192B040
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192A3B0 NtGetContextThread,2_2_0192A3B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019295D0 NtClose,2_2_019295D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019295F0 NtQueryInformationFile,2_2_019295F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929520 NtWaitForSingleObject,2_2_01929520
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929540 NtReadFile,2_2_01929540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929560 NtWriteFile,2_2_01929560
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929780 NtMapViewOfSection,2_2_01929780
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019297A0 NtUnmapViewOfSection,2_2_019297A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192A710 NtOpenProcessToken,2_2_0192A710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929710 NtQueryInformationToken,2_2_01929710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929730 NtQueryVirtualMemory,2_2_01929730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929770 NtSetInformationFile,2_2_01929770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192A770 NtOpenThread,2_2_0192A770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929760 NtOpenProcess,2_2_01929760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019296D0 NtCreateKey,2_2_019296D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929610 NtEnumerateValueKey,2_2_01929610
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929650 NtQueryValueKey,2_2_01929650
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929670 NtQueryInformationProcess,2_2_01929670
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019299A0 NtCreateSection,2_2_019299A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019299D0 NtCreateProcessEx,2_2_019299D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929910 NtAdjustPrivilegesToken,2_2_01929910
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929950 NtQueueApcThread,2_2_01929950
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019298A0 NtWriteVirtualMemory,2_2_019298A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019298F0 NtReadVirtualMemory,2_2_019298F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929820 NtEnumerateKey,2_2_01929820
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929840 NtDelayExecution,2_2_01929840
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929B00 NtSetValueKey,2_2_01929B00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A80 NtOpenDirectoryObject,2_2_01929A80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A10 NtQuerySection,2_2_01929A10
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A00 NtProtectVirtualMemory,2_2_01929A00
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A20 NtResumeThread,2_2_01929A20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A50 NtCreateFile,2_2_01929A50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192AD30 NtSetContextThread,2_2_0192AD30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929FE0 NtCreateMutant,2_2_01929FE0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7EC00_2_02DA7EC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1C880_2_02DA1C88
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA74A00_2_02DA74A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA5EA10_2_02DA5EA1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4E180_2_02DA4E18
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA0BF00_2_02DA0BF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA2B980_2_02DA2B98
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA67A00_2_02DA67A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA77700_2_02DA7770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA6B080_2_02DA6B08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA13280_2_02DA1328
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA71200_2_02DA7120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA44F00_2_02DA44F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA00F10_2_02DA00F1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA6AF70_2_02DA6AF7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA2A900_2_02DA2A90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA74910_2_02DA7491
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA50800_2_02DA5080
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7E800_2_02DA7E80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA42580_2_02DA4258
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA38500_2_02DA3850
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA56430_2_02DA5643
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4A400_2_02DA4A40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA38400_2_02DA3840
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4C780_2_02DA4C78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1C780_2_02DA1C78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA50700_2_02DA5070
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA42680_2_02DA4268
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA56680_2_02DA5668
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4C680_2_02DA4C68
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA48180_2_02DA4818
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4E080_2_02DA4E08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4A300_2_02DA4A30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA48280_2_02DA4828
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DAC1D80_2_02DAC1D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DAC1C80_2_02DAC1C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA67910_2_02DA6791
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA17800_2_02DA1780
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DAC1870_2_02DAC187
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA87B80_2_02DA87B8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA87AA0_2_02DA87AA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA17700_2_02DA1770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA77600_2_02DA7760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA13180_2_02DA1318
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA71100_2_02DA7110
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA79100_2_02DA7910
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA01000_2_02DA0100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA45000_2_02DA4500
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA81380_2_02DA8138
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA0B3F0_2_02DA0B3F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA81290_2_02DA8129
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA79200_2_02DA7920
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C9E0900_2_05C9E090
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C900700_2_05C90070
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C960010_2_05C96001
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C900060_2_05C90006
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C923CB0_2_05C923CB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D0132_2_0041D013
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_004010302_2_00401030
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C8C22_2_0041C8C2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D95B2_2_0041D95B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D2CD2_2_0041D2CD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00402D902_2_00402D90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00409F602_2_00409F60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D7732_2_0041D773
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00402FB02_2_00402FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FC1C02_2_018FC1C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019041202_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB0902_2_018FB090
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A02_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B20A82_2_019B20A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F52_2_019A60F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A10022_2_019A1002
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B2_2_0191138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A03DA2_2_019A03DA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E32_2_019923E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A231B2_2_019A231B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A3092_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019033602_2_01903360
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B32A92_2_019B32A9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B22AE2_2_019B22AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC2C32_2_018EC2C3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AE2C52_2_019AE2C5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B2362_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019125812_2_01912581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A02_2_019165A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B25DD2_2_019B25DD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FD5E02_2_018FD5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A44962_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F841F2_2_018F841F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019024302_2_01902430
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B4772_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AD4662_2_019AD466
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A67E22_2_019A67E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C02_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AD6162_2_019AD616
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019056002_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E96602_2_018E9660
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019029902_2_01902990
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EF9002_2_018EF900
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F19152_2_018F1915
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E88E02_2_018E88E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B28EC2_2_019B28EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E68002_2_018E6800
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A8302_2_0190A830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BE8242_2_019BE824
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190EB9A2_2_0190EB9A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0198EB8A2_2_0198EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191EBB02_2_0191EBB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019ADBD22_2_019ADBD2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191ABD82_2_0191ABD8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01938BE82_2_01938BE8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B2B282_2_019B2B28
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190AB402_2_0190AB40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0198CB4F2_2_0198CB4F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4AEF2_2_019A4AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199FA2B2_2_0199FA2B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A5A4F2_2_019A5A4F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A2D822_2_019A2D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B2D072_2_019B2D07
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E0D202_2_018E0D20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902D502_2_01902D50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B1D552_2_019B1D55
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914CD42_2_01914CD4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F4CEC2_2_018F4CEC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019ACC772_2_019ACC77
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BDFCE2_2_019BDFCE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B1FF12_2_019B1FF1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01991EB62_2_01991EB6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B2EF72_2_019B2EF7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01906E302_2_01906E30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196AE602_2_0196AE60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 01965510 appears 36 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 01975720 appears 82 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 018EB150 appears 177 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 0193D08C appears 55 times
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.237503763.0000000000B82000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAphrodite.dll4 vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.239217679.0000000005730000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.239459917.0000000005B50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameJupiter.dll0 vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000001.00000002.235927591.0000000000012000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000002.00000002.239376171.00000000019DF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000002.00000000.236786279.0000000000DB2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal80.troj.evad.winEXE@5/1@0/0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.logJump to behavior
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe'
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000002.00000002.239376171.00000000019DF000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: Binary string: mscorrc.pdb source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.239217679.0000000005730000.00000002.00000001.sdmp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA8EC8 push eax; mov dword ptr [esp], 00000003h0_2_02DA8ED9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA048B push 00000002h; ret 0_2_02DA0494
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417040 push esi; iretd 2_2_00417147
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417149 push ds; iretd 2_2_00417152
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417163 push esi; iretd 2_2_00417147
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417670 push es; ret 2_2_00417683
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00416615 push ecx; ret 2_2_0041661E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_004166F3 push 0000002Eh; iretd 2_2_004166F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C6F2 push eax; ret 2_2_0041C6F8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C6FB push eax; ret 2_2_0041C762
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C6A5 push eax; ret 2_2_0041C6F8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C75C push eax; ret 2_2_0041C762
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0193D0D1 push ecx; ret 2_2_0193D0E4
            Source: initial sampleStatic PE information: section name: .text entropy: 7.49063983261
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM_3Show sources
            Source: Yara matchFile source: 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238591769.00000000032F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe PID: 7112, type: MEMORY
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeRDTSC instruction interceptor: First address: 00000000004098B4 second address: 00000000004098BA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeRDTSC instruction interceptor: First address: 0000000000409B1E second address: 0000000000409B24 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C95652 rdtsc 0_2_05C95652
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe TID: 7116Thread sleep time: -55690s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe TID: 7132Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C95652 rdtsc 0_2_05C95652
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019296E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_019296E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914190 mov eax, dword ptr fs:[00000030h]2_2_01914190
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E519E mov eax, dword ptr fs:[00000030h]2_2_018E519E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E519E mov ecx, dword ptr fs:[00000030h]2_2_018E519E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190C182 mov eax, dword ptr fs:[00000030h]2_2_0190C182
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AA189 mov eax, dword ptr fs:[00000030h]2_2_019AA189
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AA189 mov ecx, dword ptr fs:[00000030h]2_2_019AA189
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A185 mov eax, dword ptr fs:[00000030h]2_2_0191A185
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8190 mov ecx, dword ptr fs:[00000030h]2_2_018E8190
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]2_2_019651BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]2_2_019651BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]2_2_019651BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]2_2_019651BE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]2_2_018F61A7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]2_2_018F61A7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]2_2_018F61A7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]2_2_018F61A7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BF1B5 mov eax, dword ptr fs:[00000030h]2_2_019BF1B5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BF1B5 mov eax, dword ptr fs:[00000030h]2_2_019BF1B5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019161A0 mov eax, dword ptr fs:[00000030h]2_2_019161A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019161A0 mov eax, dword ptr fs:[00000030h]2_2_019161A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov ecx, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov ecx, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]2_2_019A31DC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FC1C0 mov eax, dword ptr fs:[00000030h]2_2_018FC1C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E31E0 mov eax, dword ptr fs:[00000030h]2_2_018E31E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0197D1F9 mov eax, dword ptr fs:[00000030h]2_2_0197D1F9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB1E1 mov eax, dword ptr fs:[00000030h]2_2_018EB1E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB1E1 mov eax, dword ptr fs:[00000030h]2_2_018EB1E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB1E1 mov eax, dword ptr fs:[00000030h]2_2_018EB1E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019741E8 mov eax, dword ptr fs:[00000030h]2_2_019741E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190D1EF mov eax, dword ptr fs:[00000030h]2_2_0190D1EF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9100 mov eax, dword ptr fs:[00000030h]2_2_018E9100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9100 mov eax, dword ptr fs:[00000030h]2_2_018E9100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9100 mov eax, dword ptr fs:[00000030h]2_2_018E9100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F0100 mov eax, dword ptr fs:[00000030h]2_2_018F0100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F0100 mov eax, dword ptr fs:[00000030h]2_2_018F0100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F0100 mov eax, dword ptr fs:[00000030h]2_2_018F0100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191513A mov eax, dword ptr fs:[00000030h]2_2_0191513A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191513A mov eax, dword ptr fs:[00000030h]2_2_0191513A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]2_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]2_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]2_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]2_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov ecx, dword ptr fs:[00000030h]2_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3138 mov ecx, dword ptr fs:[00000030h]2_2_018E3138
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196714D mov eax, dword ptr fs:[00000030h]2_2_0196714D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196714D mov eax, dword ptr fs:[00000030h]2_2_0196714D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB171 mov eax, dword ptr fs:[00000030h]2_2_018EB171
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB171 mov eax, dword ptr fs:[00000030h]2_2_018EB171
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9080 mov eax, dword ptr fs:[00000030h]2_2_018E9080
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB080 mov eax, dword ptr fs:[00000030h]2_2_018EB080
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F0BF mov ecx, dword ptr fs:[00000030h]2_2_0191F0BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F0BF mov eax, dword ptr fs:[00000030h]2_2_0191F0BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F0BF mov eax, dword ptr fs:[00000030h]2_2_0191F0BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019290AF mov eax, dword ptr fs:[00000030h]2_2_019290AF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E70C0 mov eax, dword ptr fs:[00000030h]2_2_018E70C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E70C0 mov eax, dword ptr fs:[00000030h]2_2_018E70C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB0C7 mov eax, dword ptr fs:[00000030h]2_2_019AB0C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB0C7 mov eax, dword ptr fs:[00000030h]2_2_019AB0C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E40E1 mov eax, dword ptr fs:[00000030h]2_2_018E40E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E40E1 mov eax, dword ptr fs:[00000030h]2_2_018E40E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E40E1 mov eax, dword ptr fs:[00000030h]2_2_018E40E1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]2_2_019A60F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]2_2_019A60F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]2_2_019A60F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]2_2_019A60F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967016 mov eax, dword ptr fs:[00000030h]2_2_01967016
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967016 mov eax, dword ptr fs:[00000030h]2_2_01967016
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967016 mov eax, dword ptr fs:[00000030h]2_2_01967016
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B4015 mov eax, dword ptr fs:[00000030h]2_2_019B4015
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B4015 mov eax, dword ptr fs:[00000030h]2_2_019B4015
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01973019 mov eax, dword ptr fs:[00000030h]2_2_01973019
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]2_2_018FB02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]2_2_018FB02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]2_2_018FB02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]2_2_018FB02A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914020 mov edi, dword ptr fs:[00000030h]2_2_01914020
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]2_2_0191002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]2_2_0191002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]2_2_0191002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]2_2_0191002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]2_2_0191002D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01900050 mov eax, dword ptr fs:[00000030h]2_2_01900050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01900050 mov eax, dword ptr fs:[00000030h]2_2_01900050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E7057 mov eax, dword ptr fs:[00000030h]2_2_018E7057
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5050 mov eax, dword ptr fs:[00000030h]2_2_018E5050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5050 mov eax, dword ptr fs:[00000030h]2_2_018E5050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5050 mov eax, dword ptr fs:[00000030h]2_2_018E5050
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A2073 mov eax, dword ptr fs:[00000030h]2_2_019A2073
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B1074 mov eax, dword ptr fs:[00000030h]2_2_019B1074
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191B390 mov eax, dword ptr fs:[00000030h]2_2_0191B390
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912397 mov eax, dword ptr fs:[00000030h]2_2_01912397
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A138A mov eax, dword ptr fs:[00000030h]2_2_019A138A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199D380 mov ecx, dword ptr fs:[00000030h]2_2_0199D380
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B mov eax, dword ptr fs:[00000030h]2_2_0191138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B mov eax, dword ptr fs:[00000030h]2_2_0191138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B mov eax, dword ptr fs:[00000030h]2_2_0191138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019153C5 mov eax, dword ptr fs:[00000030h]2_2_019153C5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019653CA mov eax, dword ptr fs:[00000030h]2_2_019653CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019653CA mov eax, dword ptr fs:[00000030h]2_2_019653CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]2_2_019103E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]2_2_019103E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]2_2_019103E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]2_2_019103E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]2_2_019103E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]2_2_019103E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3 mov ecx, dword ptr fs:[00000030h]2_2_019923E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3 mov ecx, dword ptr fs:[00000030h]2_2_019923E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3 mov eax, dword ptr fs:[00000030h]2_2_019923E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A131B mov eax, dword ptr fs:[00000030h]2_2_019A131B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EF358 mov eax, dword ptr fs:[00000030h]2_2_018EF358
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976365 mov eax, dword ptr fs:[00000030h]2_2_01976365
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976365 mov eax, dword ptr fs:[00000030h]2_2_01976365
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976365 mov eax, dword ptr fs:[00000030h]2_2_01976365
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FF370 mov eax, dword ptr fs:[00000030h]2_2_018FF370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FF370 mov eax, dword ptr fs:[00000030h]2_2_018FF370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FF370 mov eax, dword ptr fs:[00000030h]2_2_018FF370
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A129A mov eax, dword ptr fs:[00000030h]2_2_019A129A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D294 mov eax, dword ptr fs:[00000030h]2_2_0191D294
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D294 mov eax, dword ptr fs:[00000030h]2_2_0191D294
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]2_2_018E52A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]2_2_018E52A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]2_2_018E52A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]2_2_018E52A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]2_2_018E52A5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019112BD mov esi, dword ptr fs:[00000030h]2_2_019112BD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019112BD mov eax, dword ptr fs:[00000030h]2_2_019112BD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019112BD mov eax, dword ptr fs:[00000030h]2_2_019112BD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]2_2_018F62A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]2_2_018F62A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]2_2_018F62A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]2_2_018F62A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E12D4 mov eax, dword ptr fs:[00000030h]2_2_018E12D4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]2_2_019AB2E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]2_2_019AB2E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]2_2_019AB2E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]2_2_019AB2E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov eax, dword ptr fs:[00000030h]2_2_018E5210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov ecx, dword ptr fs:[00000030h]2_2_018E5210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov eax, dword ptr fs:[00000030h]2_2_018E5210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov eax, dword ptr fs:[00000030h]2_2_018E5210
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1229 mov eax, dword ptr fs:[00000030h]2_2_019A1229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8239 mov eax, dword ptr fs:[00000030h]2_2_018E8239
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8239 mov eax, dword ptr fs:[00000030h]2_2_018E8239
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8239 mov eax, dword ptr fs:[00000030h]2_2_018E8239
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]2_2_0190A229
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB233 mov eax, dword ptr fs:[00000030h]2_2_018EB233
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB233 mov eax, dword ptr fs:[00000030h]2_2_018EB233
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01974257 mov eax, dword ptr fs:[00000030h]2_2_01974257
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]2_2_018E9240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]2_2_018E9240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]2_2_018E9240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]2_2_018E9240
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192927A mov eax, dword ptr fs:[00000030h]2_2_0192927A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199B260 mov eax, dword ptr fs:[00000030h]2_2_0199B260
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199B260 mov eax, dword ptr fs:[00000030h]2_2_0199B260
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]2_2_01912581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]2_2_01912581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]2_2_01912581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]2_2_01912581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]2_2_019AB581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]2_2_019AB581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]2_2_019AB581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]2_2_019AB581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3591 mov eax, dword ptr fs:[00000030h]2_2_018E3591
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019135A1 mov eax, dword ptr fs:[00000030h]2_2_019135A1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0 mov eax, dword ptr fs:[00000030h]2_2_019165A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0 mov eax, dword ptr fs:[00000030h]2_2_019165A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0 mov eax, dword ptr fs:[00000030h]2_2_019165A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B05AC mov eax, dword ptr fs:[00000030h]2_2_019B05AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B05AC mov eax, dword ptr fs:[00000030h]2_2_019B05AC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E15C1 mov eax, dword ptr fs:[00000030h]2_2_018E15C1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FD5E0 mov eax, dword ptr fs:[00000030h]2_2_018FD5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FD5E0 mov eax, dword ptr fs:[00000030h]2_2_018FD5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019195EC mov eax, dword ptr fs:[00000030h]2_2_019195EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E95F0 mov eax, dword ptr fs:[00000030h]2_2_018E95F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E95F0 mov ecx, dword ptr fs:[00000030h]2_2_018E95F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A3518 mov eax, dword ptr fs:[00000030h]2_2_019A3518
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A3518 mov eax, dword ptr fs:[00000030h]2_2_019A3518
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A3518 mov eax, dword ptr fs:[00000030h]2_2_019A3518
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]2_2_018E751A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]2_2_018E751A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]2_2_018E751A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]2_2_018E751A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9515 mov ecx, dword ptr fs:[00000030h]2_2_018E9515
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196A537 mov eax, dword ptr fs:[00000030h]2_2_0196A537
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AE539 mov eax, dword ptr fs:[00000030h]2_2_019AE539
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F527 mov eax, dword ptr fs:[00000030h]2_2_0191F527
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F527 mov eax, dword ptr fs:[00000030h]2_2_0191F527
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F527 mov eax, dword ptr fs:[00000030h]2_2_0191F527
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E354C mov eax, dword ptr fs:[00000030h]2_2_018E354C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E354C mov eax, dword ptr fs:[00000030h]2_2_018E354C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB540 mov eax, dword ptr fs:[00000030h]2_2_018EB540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB540 mov eax, dword ptr fs:[00000030h]2_2_018EB540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01963540 mov eax, dword ptr fs:[00000030h]2_2_01963540
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190C577 mov eax, dword ptr fs:[00000030h]2_2_0190C577
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190C577 mov eax, dword ptr fs:[00000030h]2_2_0190C577
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E1480 mov eax, dword ptr fs:[00000030h]2_2_018E1480
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F849B mov eax, dword ptr fs:[00000030h]2_2_018F849B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E649B mov eax, dword ptr fs:[00000030h]2_2_018E649B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E649B mov eax, dword ptr fs:[00000030h]2_2_018E649B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D4B0 mov eax, dword ptr fs:[00000030h]2_2_0191D4B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019764B5 mov eax, dword ptr fs:[00000030h]2_2_019764B5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019764B5 mov eax, dword ptr fs:[00000030h]2_2_019764B5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F14A9 mov eax, dword ptr fs:[00000030h]2_2_018F14A9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F14A9 mov ecx, dword ptr fs:[00000030h]2_2_018F14A9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019734A0 mov eax, dword ptr fs:[00000030h]2_2_019734A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019734A0 mov eax, dword ptr fs:[00000030h]2_2_019734A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019734A0 mov eax, dword ptr fs:[00000030h]2_2_019734A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F34B1 mov eax, dword ptr fs:[00000030h]2_2_018F34B1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F34B1 mov eax, dword ptr fs:[00000030h]2_2_018F34B1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A14FB mov eax, dword ptr fs:[00000030h]2_2_019A14FB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]2_2_019184E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]2_2_019184E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]2_2_019184E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]2_2_019184E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]2_2_019184E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]2_2_019184E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B740D mov eax, dword ptr fs:[00000030h]2_2_019B740D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B740D mov eax, dword ptr fs:[00000030h]2_2_019B740D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B740D mov eax, dword ptr fs:[00000030h]2_2_019B740D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8410 mov eax, dword ptr fs:[00000030h]2_2_018E8410
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902430 mov eax, dword ptr fs:[00000030h]2_2_01902430
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902430 mov eax, dword ptr fs:[00000030h]2_2_01902430
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E4439 mov eax, dword ptr fs:[00000030h]2_2_018E4439
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB433 mov eax, dword ptr fs:[00000030h]2_2_018FB433
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB433 mov eax, dword ptr fs:[00000030h]2_2_018FB433
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB433 mov eax, dword ptr fs:[00000030h]2_2_018FB433
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0197C450 mov eax, dword ptr fs:[00000030h]2_2_0197C450
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0197C450 mov eax, dword ptr fs:[00000030h]2_2_0197C450
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B8450 mov eax, dword ptr fs:[00000030h]2_2_019B8450
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A44B mov eax, dword ptr fs:[00000030h]2_2_0191A44B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9450 mov eax, dword ptr fs:[00000030h]2_2_018E9450
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8466 mov eax, dword ptr fs:[00000030h]2_2_018E8466
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8466 mov eax, dword ptr fs:[00000030h]2_2_018E8466
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190746D mov eax, dword ptr fs:[00000030h]2_2_0190746D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967794 mov eax, dword ptr fs:[00000030h]2_2_01967794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967794 mov eax, dword ptr fs:[00000030h]2_2_01967794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967794 mov eax, dword ptr fs:[00000030h]2_2_01967794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F8794 mov eax, dword ptr fs:[00000030h]2_2_018F8794
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F17B5 mov eax, dword ptr fs:[00000030h]2_2_018F17B5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A17D2 mov eax, dword ptr fs:[00000030h]2_2_019A17D2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B87CF mov eax, dword ptr fs:[00000030h]2_2_019B87CF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D7CA mov eax, dword ptr fs:[00000030h]2_2_0191D7CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D7CA mov eax, dword ptr fs:[00000030h]2_2_0191D7CA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019237F5 mov eax, dword ptr fs:[00000030h]2_2_019237F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]2_2_019137EB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]2_2_019097ED
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914710 mov eax, dword ptr fs:[00000030h]2_2_01914710
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D715 mov eax, dword ptr fs:[00000030h]2_2_0191D715
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D715 mov eax, dword ptr fs:[00000030h]2_2_0191D715
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190F716 mov eax, dword ptr fs:[00000030h]2_2_0190F716
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B070D mov eax, dword ptr fs:[00000030h]2_2_019B070D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B070D mov eax, dword ptr fs:[00000030h]2_2_019B070D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C707 mov eax, dword ptr fs:[00000030h]2_2_0191C707
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C707 mov ecx, dword ptr fs:[00000030h]2_2_0191C707
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C707 mov eax, dword ptr fs:[00000030h]2_2_0191C707
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A70E mov eax, dword ptr fs:[00000030h]2_2_0191A70E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A70E mov eax, dword ptr fs:[00000030h]2_2_0191A70E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191E730 mov eax, dword ptr fs:[00000030h]2_2_0191E730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B73D mov eax, dword ptr fs:[00000030h]2_2_0190B73D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B73D mov eax, dword ptr fs:[00000030h]2_2_0190B73D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6730 mov eax, dword ptr fs:[00000030h]2_2_018E6730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6730 mov eax, dword ptr fs:[00000030h]2_2_018E6730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6730 mov eax, dword ptr fs:[00000030h]2_2_018E6730
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1751 mov eax, dword ptr fs:[00000030h]2_2_019A1751
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EA745 mov eax, dword ptr fs:[00000030h]2_2_018EA745
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov ecx, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]2_2_018E8760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190E760 mov eax, dword ptr fs:[00000030h]2_2_0190E760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190E760 mov eax, dword ptr fs:[00000030h]2_2_0190E760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A56B6 mov eax, dword ptr fs:[00000030h]2_2_019A56B6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A56B6 mov eax, dword ptr fs:[00000030h]2_2_019A56B6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E86A0 mov eax, dword ptr fs:[00000030h]2_2_018E86A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019646A7 mov eax, dword ptr fs:[00000030h]2_2_019646A7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov ecx, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019136CC mov eax, dword ptr fs:[00000030h]2_2_019136CC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F76E2 mov eax, dword ptr fs:[00000030h]2_2_018F76E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019116E0 mov ecx, dword ptr fs:[00000030h]2_2_019116E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A61C mov eax, dword ptr fs:[00000030h]2_2_0191A61C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A61C mov eax, dword ptr fs:[00000030h]2_2_0191A61C
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC600 mov eax, dword ptr fs:[00000030h]2_2_018EC600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC600 mov eax, dword ptr fs:[00000030h]2_2_018EC600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC600 mov eax, dword ptr fs:[00000030h]2_2_018EC600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1608 mov eax, dword ptr fs:[00000030h]2_2_019A1608
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F161A mov eax, dword ptr fs:[00000030h]2_2_018F161A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E1618 mov eax, dword ptr fs:[00000030h]2_2_018E1618
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB62E mov eax, dword ptr fs:[00000030h]2_2_018FB62E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB62E mov eax, dword ptr fs:[00000030h]2_2_018FB62E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C63D mov eax, dword ptr fs:[00000030h]2_2_0191C63D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EE620 mov eax, dword ptr fs:[00000030h]2_2_018EE620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]2_2_01917620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]2_2_01917620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]2_2_01917620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]2_2_01917620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]2_2_01917620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]2_2_01917620
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EA63B mov eax, dword ptr fs:[00000030h]2_2_018EA63B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EA63B mov eax, dword ptr fs:[00000030h]2_2_018EA63B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]2_2_01965623
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976652 mov eax, dword ptr fs:[00000030h]2_2_01976652
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]2_2_01904670
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]2_2_01904670
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]2_2_01904670
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]2_2_01904670
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F766D mov eax, dword ptr fs:[00000030h]2_2_018F766D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912990 mov eax, dword ptr fs:[00000030h]2_2_01912990
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB990 mov eax, dword ptr fs:[00000030h]2_2_018EB990
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019199BC mov eax, dword ptr fs:[00000030h]2_2_019199BC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C9BF mov eax, dword ptr fs:[00000030h]2_2_0191C9BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C9BF mov eax, dword ptr fs:[00000030h]2_2_0191C9BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019669A6 mov eax, dword ptr fs:[00000030h]2_2_019669A6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]2_2_019A49A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]2_2_019A49A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]2_2_019A49A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]2_2_019A49A4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A19D8 mov eax, dword ptr fs:[00000030h]2_2_019A19D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]2_2_018F99C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]2_2_018F99C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]2_2_018F99C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]2_2_018F99C7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC9FF mov eax, dword ptr fs:[00000030h]2_2_018EC9FF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC9FF mov eax, dword ptr fs:[00000030h]2_2_018EC9FF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC9FF mov eax, dword ptr fs:[00000030h]2_2_018EC9FF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B89E7 mov eax, dword ptr fs:[00000030h]2_2_019B89E7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F1915 mov eax, dword ptr fs:[00000030h]2_2_018F1915
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F1915 mov eax, dword ptr fs:[00000030h]2_2_018F1915
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1951 mov eax, dword ptr fs:[00000030h]2_2_019A1951
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E395E mov eax, dword ptr fs:[00000030h]2_2_018E395E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E395E mov eax, dword ptr fs:[00000030h]2_2_018E395E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B944 mov eax, dword ptr fs:[00000030h]2_2_0190B944
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B944 mov eax, dword ptr fs:[00000030h]2_2_0190B944
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC962 mov eax, dword ptr fs:[00000030h]2_2_018EC962
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AE962 mov eax, dword ptr fs:[00000030h]2_2_019AE962
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B8966 mov eax, dword ptr fs:[00000030h]2_2_019B8966
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3880 mov eax, dword ptr fs:[00000030h]2_2_018E3880
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3880 mov eax, dword ptr fs:[00000030h]2_2_018E3880
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01963884 mov eax, dword ptr fs:[00000030h]2_2_01963884
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01963884 mov eax, dword ptr fs:[00000030h]2_2_01963884
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]2_2_018F28AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]2_2_018F28AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]2_2_018F28AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov ecx, dword ptr fs:[00000030h]2_2_018F28AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]2_2_018F28AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]2_2_018F28AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019178A0 mov eax, dword ptr fs:[00000030h]2_2_019178A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019178A0 mov eax, dword ptr fs:[00000030h]2_2_019178A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing2NTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection111LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values