Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.GenericKD.34263609.3735.31368

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.GenericKD.34263609.3735.31368 (renamed file extension from 31368 to exe)
Analysis ID:255764
MD5:2112c999e44a7d4180680068d9ffb6b1
SHA1:9969d4de902cbeae01cbc42e9ec200a919724581
SHA256:c4d62fb1cf19280c5eefbd09de9d2f7d2c7b23abaf396cff79d552bd4363f1eb

Most interesting Screenshot:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected AntiVM_3
Yara detected FormBook
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98b8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x157a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15291:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x158a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x15a1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa69a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1450c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb393:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18429:$sqlite3step: 68 34 1C 7B E1
    • 0x1853c:$sqlite3step: 68 34 1C 7B E1
    • 0x18458:$sqlite3text: 68 38 2A 90 C5
    • 0x1857d:$sqlite3text: 68 38 2A 90 C5
    • 0x1846b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18593:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 7 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ab8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x149a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14491:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14aa7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14c1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x989a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1370c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa593:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19d17:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ad1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17629:$sqlite3step: 68 34 1C 7B E1
          • 0x1773c:$sqlite3step: 68 34 1C 7B E1
          • 0x17658:$sqlite3text: 68 38 2A 90 C5
          • 0x1777d:$sqlite3text: 68 38 2A 90 C5
          • 0x1766b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17793:$sqlite3blob: 68 53 D8 7F 8C
          2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x98b8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x9b22:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x157a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x15291:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x158a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x15a1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0xa69a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x1450c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xb393:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1ab17:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1bb1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 1 entries

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Machine Learning detection for sampleShow sources
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeJoe Sandbox ML: detected

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419830 NtCreateFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_004198E0 NtReadFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419960 NtClose,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419A10 NtAllocateVirtualMemory,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00419887 NtCreateFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041995A NtClose,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019296E0 NtFreeVirtualMemory,LdrInitializeThunk,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929660 NtAllocateVirtualMemory,LdrInitializeThunk,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929860 NtQuerySystemInformation,LdrInitializeThunk,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192B040 NtSuspendThread,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192A3B0 NtGetContextThread,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019295D0 NtClose,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019295F0 NtQueryInformationFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929520 NtWaitForSingleObject,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929540 NtReadFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929560 NtWriteFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929780 NtMapViewOfSection,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019297A0 NtUnmapViewOfSection,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192A710 NtOpenProcessToken,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929710 NtQueryInformationToken,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929730 NtQueryVirtualMemory,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929770 NtSetInformationFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192A770 NtOpenThread,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929760 NtOpenProcess,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019296D0 NtCreateKey,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929610 NtEnumerateValueKey,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929650 NtQueryValueKey,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929670 NtQueryInformationProcess,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019299A0 NtCreateSection,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019299D0 NtCreateProcessEx,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929910 NtAdjustPrivilegesToken,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929950 NtQueueApcThread,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019298A0 NtWriteVirtualMemory,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019298F0 NtReadVirtualMemory,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929820 NtEnumerateKey,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929840 NtDelayExecution,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929B00 NtSetValueKey,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A80 NtOpenDirectoryObject,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A10 NtQuerySection,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A00 NtProtectVirtualMemory,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A20 NtResumeThread,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929A50 NtCreateFile,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192AD30 NtSetContextThread,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01929FE0 NtCreateMutant,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7EC0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1C88
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA74A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA5EA1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4E18
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA0BF0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA2B98
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA67A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA6B08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1328
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA44F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA00F1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA6AF7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA2A90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7491
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA5080
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7E80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4258
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA3850
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA5643
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4A40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA3840
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4C78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1C78
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA5070
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4268
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA5668
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4C68
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4818
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4E08
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4A30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4828
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DAC1D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DAC1C8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA6791
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1780
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DAC187
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA87B8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA87AA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1770
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7760
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA1318
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7110
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7910
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA0100
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA4500
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA8138
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA0B3F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA8129
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA7920
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C9E090
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C90070
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C96001
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C90006
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C923CB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D013
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00401030
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C8C2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D95B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D2CD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00402D90
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00409F60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041D773
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00402FB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FC1C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB090
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B20A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1002
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A03DA
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A231B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01903360
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B32A9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B22AE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC2C3
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AE2C5
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B25DD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FD5E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F841F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902430
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AD466
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A67E2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AD616
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9660
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902990
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EF900
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F1915
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E88E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B28EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6800
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A830
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BE824
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190EB9A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0198EB8A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191EBB0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019ADBD2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191ABD8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01938BE8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B2B28
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190AB40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0198CB4F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4AEF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199FA2B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A5A4F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A2D82
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B2D07
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E0D20
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902D50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B1D55
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914CD4
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F4CEC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019ACC77
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BDFCE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B1FF1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01991EB6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B2EF7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01906E30
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196AE60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 01965510 appears 36 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 01975720 appears 82 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 018EB150 appears 177 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: String function: 0193D08C appears 55 times
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.237503763.0000000000B82000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAphrodite.dll4 vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.239217679.0000000005730000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.239459917.0000000005B50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameJupiter.dll0 vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000001.00000002.235927591.0000000000012000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000002.00000002.239376171.00000000019DF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000002.00000000.236786279.0000000000DB2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeBinary or memory string: OriginalFilenamewUOUZcmvlX.exe. vs SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal80.troj.evad.winEXE@5/1@0/0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.logJump to behavior
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe'
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000002.00000002.239376171.00000000019DF000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: Binary string: mscorrc.pdb source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.239217679.0000000005730000.00000002.00000001.sdmp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA8EC8 push eax; mov dword ptr [esp], 00000003h
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_02DA048B push 00000002h; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417040 push esi; iretd
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417149 push ds; iretd
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417163 push esi; iretd
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00417670 push es; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_00416615 push ecx; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_004166F3 push 0000002Eh; iretd
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C6F2 push eax; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C6FB push eax; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C6A5 push eax; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0041C75C push eax; ret
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0193D0D1 push ecx; ret
            Source: initial sampleStatic PE information: section name: .text entropy: 7.49063983261
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion:

            barindex
            Yara detected AntiVM_3Show sources
            Source: Yara matchFile source: 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238591769.00000000032F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe PID: 7112, type: MEMORY
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeRDTSC instruction interceptor: First address: 00000000004098B4 second address: 00000000004098BA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeRDTSC instruction interceptor: First address: 0000000000409B1E second address: 0000000000409B24 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C95652 rdtsc
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe TID: 7116Thread sleep time: -55690s >= -30000s
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe TID: 7132Thread sleep time: -922337203685477s >= -30000s
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: vmware
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
            Source: SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe, 00000000.00000002.238632327.0000000003336000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess information queried: ProcessInformation
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess queried: DebugPort
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 0_2_05C95652 rdtsc
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019296E0 NtFreeVirtualMemory,LdrInitializeThunk,
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914190 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E519E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E519E mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190C182 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AA189 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AA189 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A185 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8190 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019651BE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F61A7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BF1B5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019BF1B5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019161A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019161A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A31DC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FC1C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E31E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0197D1F9 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB1E1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB1E1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB1E1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019741E8 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190D1EF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9100 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9100 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9100 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F0100 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F0100 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F0100 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191513A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191513A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904120 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3138 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196714D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196714D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB171 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB171 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9080 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB080 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F0BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F0BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F0BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019120A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019290AF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E70C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E70C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB0C7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB0C7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E40E1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E40E1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E40E1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A60F5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967016 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967016 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967016 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191701D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B4015 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B4015 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01973019 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB02A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914020 mov edi, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191002D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01900050 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01900050 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E7057 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5050 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5050 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5050 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A2073 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B1074 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191B390 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912397 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A138A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199D380 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191138B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019153C5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019653CA mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019653CA mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019103E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019923E3 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A131B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A309 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EF358 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976365 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976365 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976365 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FF370 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FF370 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FF370 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A129A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D294 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D294 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E52A5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019112BD mov esi, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019112BD mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019112BD mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F62A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E12D4 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB2E8 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E5210 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B236 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8239 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8239 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8239 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190A229 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB233 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB233 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01974257 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9240 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0192927A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199B260 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0199B260 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AB581 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3591 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019135A1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019165A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B05AC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B05AC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E15C1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FD5E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FD5E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019195EC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E95F0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E95F0 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A3518 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A3518 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A3518 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E751A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9515 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0196A537 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AE539 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F527 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F527 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191F527 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E354C mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E354C mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB540 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB540 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01963540 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190C577 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190C577 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A4496 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E1480 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F849B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E649B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E649B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D4B0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019764B5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019764B5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F14A9 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F14A9 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019734A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019734A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019734A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F34B1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F34B1 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A14FB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019184E0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B740D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B740D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B740D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8410 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902430 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01902430 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E4439 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB433 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB433 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB433 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0197C450 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0197C450 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B8450 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A44B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E9450 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B477 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8466 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8466 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190746D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967794 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967794 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01967794 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F8794 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F17B5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A17D2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B87CF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D7CA mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D7CA mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019237F5 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019137EB mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019097ED mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01914710 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D715 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191D715 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190F716 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B070D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B070D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C707 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C707 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C707 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A70E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A70E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191E730 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B73D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B73D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6730 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6730 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E6730 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1751 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EA745 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E8760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190E760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190E760 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A56B6 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A56B6 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E86A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019646A7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019106C0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019136CC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F76E2 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019116E0 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A61C mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191A61C mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01905600 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1608 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F161A mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E1618 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB62E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018FB62E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C63D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EE620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01917620 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EA63B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EA63B mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01965623 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01976652 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01904670 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F766D mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01912990 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EB990 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019199BC mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C9BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0191C9BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019099BF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019669A6 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A49A4 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A19D8 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F99C7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC9FF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC9FF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC9FF mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B89E7 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F1915 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F1915 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019A1951 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E395E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E395E mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B944 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_0190B944 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018EC962 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019AE962 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019B8966 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3880 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018E3880 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01963884 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_01963884 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov ecx, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_018F28AE mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019178A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeCode function: 2_2_019178A0 mov eax, dword ptr fs:[00000030h]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeMemory allocated: page read and write | page guard

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe base: 400000 value starts with: 4D5A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 00000002.00000002.238874448.0000000000400000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238799313.00000000042F1000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.238839326.0000000004346000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.SecuriteInfo.com.Trojan.GenericKD.34263609.3735.exe.400000.0.raw.unpack, type: UNPACKEDPE

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing2NTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection111LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.