Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Fareit-FZVA14157D843C5.28074

Overview

General Information

Sample Name:SecuriteInfo.com.Fareit-FZVA14157D843C5.28074 (renamed file extension from 28074 to exe)
Analysis ID:284287
MD5:a14157d843c5893bb57f7f59f84a1165
SHA1:4b65807f3a0bd0f1b2439301e0e4d860cd4f8871
SHA256:d732985d24a02a21df8e93598ea0431ae1e9a89a1afcac240e758130517d625e

Most interesting Screenshot:

Detection

FormBook
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM_3
Yara detected FormBook
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x918b0:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x91b1a:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0xbdcd0:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0xbdf3a:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9d63d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0xc9a5d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x9d129:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0xc9549:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x9d73f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0xc9b5f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x9d8b7:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xc9cd7:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x92532:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0xbe952:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x9c3a4:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xc87c4:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x9322b:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0xbf64b:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0xa321f:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xcf63f:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xa4222:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0xa0301:$sqlite3step: 68 34 1C 7B E1
    • 0xa0414:$sqlite3step: 68 34 1C 7B E1
    • 0xcc721:$sqlite3step: 68 34 1C 7B E1
    • 0xcc834:$sqlite3step: 68 34 1C 7B E1
    • 0xa0330:$sqlite3text: 68 38 2A 90 C5
    • 0xa0455:$sqlite3text: 68 38 2A 90 C5
    • 0xcc750:$sqlite3text: 68 38 2A 90 C5
    • 0xcc875:$sqlite3text: 68 38 2A 90 C5
    • 0xa0343:$sqlite3blob: 68 53 D8 7F 8C
    • 0xa046b:$sqlite3blob: 68 53 D8 7F 8C
    • 0xcc763:$sqlite3blob: 68 53 D8 7F 8C
    • 0xcc88b:$sqlite3blob: 68 53 D8 7F 8C
    00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b257:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c25a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 2 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b257:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c25a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18339:$sqlite3step: 68 34 1C 7B E1
        • 0x1844c:$sqlite3step: 68 34 1C 7B E1
        • 0x18368:$sqlite3text: 68 38 2A 90 C5
        • 0x1848d:$sqlite3text: 68 38 2A 90 C5
        • 0x1837b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x184a3:$sqlite3blob: 68 53 D8 7F 8C
        6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a457:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b45a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeVirustotal: Detection: 14%Perma Link
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeReversingLabs: Detection: 14%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeJoe Sandbox ML: detected
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 4x nop then pop esi6_2_0041728D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 4x nop then pop edi6_2_00416B9B
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.377494119.0000000002881000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/DataSet1.xsd
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382542109.0000000006762000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419C90 NtCreateFile,6_2_00419C90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419D40 NtReadFile,6_2_00419D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419DC0 NtClose,6_2_00419DC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419E70 NtAllocateVirtualMemory,6_2_00419E70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419CE5 NtReadFile,6_2_00419CE5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419C8B NtCreateFile,6_2_00419C8B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419D3A NtReadFile,6_2_00419D3A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419DBB NtClose,6_2_00419DBB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00419E6B NtAllocateVirtualMemory,6_2_00419E6B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9860 NtQuerySystemInformation,LdrInitializeThunk,6_2_012E9860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9660 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_012E9660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E96E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_012E96E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9910 NtAdjustPrivilegesToken,6_2_012E9910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9950 NtQueueApcThread,6_2_012E9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E99A0 NtCreateSection,6_2_012E99A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E99D0 NtCreateProcessEx,6_2_012E99D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9820 NtEnumerateKey,6_2_012E9820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012EB040 NtSuspendThread,6_2_012EB040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9840 NtDelayExecution,6_2_012E9840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E98A0 NtWriteVirtualMemory,6_2_012E98A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E98F0 NtReadVirtualMemory,6_2_012E98F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9B00 NtSetValueKey,6_2_012E9B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012EA3B0 NtGetContextThread,6_2_012EA3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9A20 NtResumeThread,6_2_012E9A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9A00 NtProtectVirtualMemory,6_2_012E9A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9A10 NtQuerySection,6_2_012E9A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9A50 NtCreateFile,6_2_012E9A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9A80 NtOpenDirectoryObject,6_2_012E9A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9520 NtWaitForSingleObject,6_2_012E9520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012EAD30 NtSetContextThread,6_2_012EAD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9560 NtWriteFile,6_2_012E9560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9540 NtReadFile,6_2_012E9540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E95F0 NtQueryInformationFile,6_2_012E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E95D0 NtClose,6_2_012E95D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9730 NtQueryVirtualMemory,6_2_012E9730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9710 NtQueryInformationToken,6_2_012E9710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012EA710 NtOpenProcessToken,6_2_012EA710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9760 NtOpenProcess,6_2_012E9760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012EA770 NtOpenThread,6_2_012EA770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9770 NtSetInformationFile,6_2_012E9770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E97A0 NtUnmapViewOfSection,6_2_012E97A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9780 NtMapViewOfSection,6_2_012E9780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9FE0 NtCreateMutant,6_2_012E9FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9610 NtEnumerateValueKey,6_2_012E9610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9670 NtQueryInformationProcess,6_2_012E9670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9650 NtQueryValueKey,6_2_012E9650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E96D0 NtCreateKey,6_2_012E96D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00D5CBB40_2_00D5CBB4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00D5F1D00_2_00D5F1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00D5F1C00_2_00D5F1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E839880_2_00E83988
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E811780_2_00E81178
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E83C080_2_00E83C08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E805780_2_00E80578
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E857900_2_00E85790
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E809A90_2_00E809A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E809B80_2_00E809B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E811680_2_00E81168
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E839790_2_00E83979
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E83BF90_2_00E83BF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E81B780_2_00E81B78
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E805280_2_00E80528
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E836A00_2_00E836A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E83E9D0_2_00E83E9D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E83E4E0_2_00E83E4E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E83E2E0_2_00E83E2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_02855E310_2_02855E31
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_0037223D0_2_0037223D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_004010306_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041E0C86_2_0041E0C8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041D26A6_2_0041D26A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041D3B46_2_0041D3B4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041D4896_2_0041D489
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00402D906_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041E6116_2_0041E611
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00409E306_2_00409E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041CED66_2_0041CED6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00402FB06_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C41206_2_012C4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AF9006_2_012AF900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C29906_2_012C2990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BC1C06_2_012BC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137E8246_2_0137E824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA8306_2_012CA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A68006_2_012A6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013610026_2_01361002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A06_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013720A86_2_013720A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB0906_2_012BB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013660F56_2_013660F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013728EC6_2_013728EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01372B286_2_01372B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA3096_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136231B6_2_0136231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C33606_2_012C3360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CAB406_2_012CAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134CB4F6_2_0134CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DEBB06_2_012DEBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D138B6_2_012D138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CEB9A6_2_012CEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134EB8A6_2_0134EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012F8BE86_2_012F8BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013523E36_2_013523E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136DBD26_2_0136DBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013603DA6_2_013603DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DABD86_2_012DABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB2366_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0135FA2B6_2_0135FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01365A4F6_2_01365A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013722AE6_2_013722AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013732A96_2_013732A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136E2C56_2_0136E2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A0D206_2_012A0D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01372D076_2_01372D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01371D556_2_01371D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C2D506_2_012C2D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D65A06_2_012D65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D25816_2_012D2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D826_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BD5E06_2_012BD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013725DD6_2_013725DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C24306_2_012C2430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B841F6_2_012B841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136D4666_2_0136D466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB4776_2_012CB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013644966_2_01364496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4CD46_2_012D4CD4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01371FF16_2_01371FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013667E26_2_013667E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137DFCE6_2_0137DFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C6E306_2_012C6E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136D6166_2_0136D616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C56006_2_012C5600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0132AE606_2_0132AE60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01351EB66_2_01351EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01372EF76_2_01372EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0062223D6_2_0062223D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: String function: 01335720 appears 85 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: String function: 012AB150 appears 159 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: String function: 012FD08C appears 48 times
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000000.355129081.000000000043F000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamefDt.exed" vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.377494119.0000000002881000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameWinRar.dll. vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382886817.0000000007140000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.382995395.0000000007340000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameB2B.exe4 vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000006.00000000.375661326.00000000006EF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamefDt.exed" vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000006.00000002.377958978.000000000139F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeBinary or memory string: OriginalFilenamefDt.exed" vs SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: 00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.378936278.00000000038DC000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.377587351.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 6.2.SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal88.troj.evad.winEXE@3/1@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe.logJump to behavior
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeVirustotal: Detection: 14%
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeReversingLabs: Detection: 14%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe:Zone.IdentifierJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe {path}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe {path}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000006.00000002.377844767.0000000001280000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00D5DF08 pushfd ; retf 0_2_00D5DF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E87B0D push FFFFFF8Bh; iretd 0_2_00E87B0F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 0_2_00E80D1F push ebp; ret 0_2_00E80D27
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00417117 pushfd ; iretd 6_2_00417122
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_004179B9 push ecx; ret 6_2_004179BA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041E272 push ebp; ret 6_2_0041E273
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00416B0D push cs; retf 6_2_00416B93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00416B9B push cs; retf 6_2_00416B93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041CDE5 push eax; ret 6_2_0041CE38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041CE32 push eax; ret 6_2_0041CE38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041CE3B push eax; ret 6_2_0041CEA2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0041CE9C push eax; ret 6_2_0041CEA2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00416780 push cs; retf 6_2_00416781
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012FD0D1 push ecx; ret 6_2_012FD0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.03277873738
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM_3Show sources
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe PID: 4576, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00409A80 rdtsc 6_2_00409A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe TID: 4572Thread sleep time: -33000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe TID: 1408Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: SecuriteInfo.com.Fareit-FZVA14157D843C5.exe, 00000000.00000002.378598714.00000000031D1000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_00409A80 rdtsc 6_2_00409A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E9860 NtQuerySystemInformation,LdrInitializeThunk,6_2_012E9860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C4120 mov eax, dword ptr fs:[00000030h]6_2_012C4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C4120 mov eax, dword ptr fs:[00000030h]6_2_012C4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C4120 mov eax, dword ptr fs:[00000030h]6_2_012C4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C4120 mov eax, dword ptr fs:[00000030h]6_2_012C4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C4120 mov ecx, dword ptr fs:[00000030h]6_2_012C4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A3138 mov ecx, dword ptr fs:[00000030h]6_2_012A3138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D513A mov eax, dword ptr fs:[00000030h]6_2_012D513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D513A mov eax, dword ptr fs:[00000030h]6_2_012D513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9100 mov eax, dword ptr fs:[00000030h]6_2_012A9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9100 mov eax, dword ptr fs:[00000030h]6_2_012A9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9100 mov eax, dword ptr fs:[00000030h]6_2_012A9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B0100 mov eax, dword ptr fs:[00000030h]6_2_012B0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B0100 mov eax, dword ptr fs:[00000030h]6_2_012B0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B0100 mov eax, dword ptr fs:[00000030h]6_2_012B0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AC962 mov eax, dword ptr fs:[00000030h]6_2_012AC962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378966 mov eax, dword ptr fs:[00000030h]6_2_01378966
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136E962 mov eax, dword ptr fs:[00000030h]6_2_0136E962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AB171 mov eax, dword ptr fs:[00000030h]6_2_012AB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AB171 mov eax, dword ptr fs:[00000030h]6_2_012AB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361951 mov eax, dword ptr fs:[00000030h]6_2_01361951
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB944 mov eax, dword ptr fs:[00000030h]6_2_012CB944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB944 mov eax, dword ptr fs:[00000030h]6_2_012CB944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A395E mov eax, dword ptr fs:[00000030h]6_2_012A395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A395E mov eax, dword ptr fs:[00000030h]6_2_012A395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137F1B5 mov eax, dword ptr fs:[00000030h]6_2_0137F1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137F1B5 mov eax, dword ptr fs:[00000030h]6_2_0137F1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013251BE mov eax, dword ptr fs:[00000030h]6_2_013251BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013251BE mov eax, dword ptr fs:[00000030h]6_2_013251BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013251BE mov eax, dword ptr fs:[00000030h]6_2_013251BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013251BE mov eax, dword ptr fs:[00000030h]6_2_013251BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B61A7 mov eax, dword ptr fs:[00000030h]6_2_012B61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B61A7 mov eax, dword ptr fs:[00000030h]6_2_012B61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B61A7 mov eax, dword ptr fs:[00000030h]6_2_012B61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B61A7 mov eax, dword ptr fs:[00000030h]6_2_012B61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D61A0 mov eax, dword ptr fs:[00000030h]6_2_012D61A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D61A0 mov eax, dword ptr fs:[00000030h]6_2_012D61A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D99BC mov eax, dword ptr fs:[00000030h]6_2_012D99BC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013649A4 mov eax, dword ptr fs:[00000030h]6_2_013649A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013649A4 mov eax, dword ptr fs:[00000030h]6_2_013649A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013649A4 mov eax, dword ptr fs:[00000030h]6_2_013649A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013649A4 mov eax, dword ptr fs:[00000030h]6_2_013649A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DC9BF mov eax, dword ptr fs:[00000030h]6_2_012DC9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DC9BF mov eax, dword ptr fs:[00000030h]6_2_012DC9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov eax, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov eax, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov eax, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov ecx, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C99BF mov eax, dword ptr fs:[00000030h]6_2_012C99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013269A6 mov eax, dword ptr fs:[00000030h]6_2_013269A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DA185 mov eax, dword ptr fs:[00000030h]6_2_012DA185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CC182 mov eax, dword ptr fs:[00000030h]6_2_012CC182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A519E mov eax, dword ptr fs:[00000030h]6_2_012A519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A519E mov ecx, dword ptr fs:[00000030h]6_2_012A519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A8190 mov ecx, dword ptr fs:[00000030h]6_2_012A8190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2990 mov eax, dword ptr fs:[00000030h]6_2_012D2990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4190 mov eax, dword ptr fs:[00000030h]6_2_012D4190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136A189 mov eax, dword ptr fs:[00000030h]6_2_0136A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136A189 mov ecx, dword ptr fs:[00000030h]6_2_0136A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CD1EF mov eax, dword ptr fs:[00000030h]6_2_012CD1EF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A31E0 mov eax, dword ptr fs:[00000030h]6_2_012A31E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AB1E1 mov eax, dword ptr fs:[00000030h]6_2_012AB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AB1E1 mov eax, dword ptr fs:[00000030h]6_2_012AB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AB1E1 mov eax, dword ptr fs:[00000030h]6_2_012AB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013789E7 mov eax, dword ptr fs:[00000030h]6_2_013789E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013341E8 mov eax, dword ptr fs:[00000030h]6_2_013341E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BC1C0 mov eax, dword ptr fs:[00000030h]6_2_012BC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B99C7 mov eax, dword ptr fs:[00000030h]6_2_012B99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B99C7 mov eax, dword ptr fs:[00000030h]6_2_012B99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B99C7 mov eax, dword ptr fs:[00000030h]6_2_012B99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B99C7 mov eax, dword ptr fs:[00000030h]6_2_012B99C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013619D8 mov eax, dword ptr fs:[00000030h]6_2_013619D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D002D mov eax, dword ptr fs:[00000030h]6_2_012D002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D002D mov eax, dword ptr fs:[00000030h]6_2_012D002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D002D mov eax, dword ptr fs:[00000030h]6_2_012D002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D002D mov eax, dword ptr fs:[00000030h]6_2_012D002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D002D mov eax, dword ptr fs:[00000030h]6_2_012D002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB02A mov eax, dword ptr fs:[00000030h]6_2_012BB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB02A mov eax, dword ptr fs:[00000030h]6_2_012BB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB02A mov eax, dword ptr fs:[00000030h]6_2_012BB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB02A mov eax, dword ptr fs:[00000030h]6_2_012BB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4020 mov edi, dword ptr fs:[00000030h]6_2_012D4020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA830 mov eax, dword ptr fs:[00000030h]6_2_012CA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA830 mov eax, dword ptr fs:[00000030h]6_2_012CA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA830 mov eax, dword ptr fs:[00000030h]6_2_012CA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA830 mov eax, dword ptr fs:[00000030h]6_2_012CA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01374015 mov eax, dword ptr fs:[00000030h]6_2_01374015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01374015 mov eax, dword ptr fs:[00000030h]6_2_01374015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01327016 mov eax, dword ptr fs:[00000030h]6_2_01327016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01327016 mov eax, dword ptr fs:[00000030h]6_2_01327016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01327016 mov eax, dword ptr fs:[00000030h]6_2_01327016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A6800 mov eax, dword ptr fs:[00000030h]6_2_012A6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A6800 mov eax, dword ptr fs:[00000030h]6_2_012A6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A6800 mov eax, dword ptr fs:[00000030h]6_2_012A6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D mov eax, dword ptr fs:[00000030h]6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D mov eax, dword ptr fs:[00000030h]6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D mov eax, dword ptr fs:[00000030h]6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D mov eax, dword ptr fs:[00000030h]6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D mov eax, dword ptr fs:[00000030h]6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D701D mov eax, dword ptr fs:[00000030h]6_2_012D701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CF86D mov eax, dword ptr fs:[00000030h]6_2_012CF86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01371074 mov eax, dword ptr fs:[00000030h]6_2_01371074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362073 mov eax, dword ptr fs:[00000030h]6_2_01362073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361843 mov eax, dword ptr fs:[00000030h]6_2_01361843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5050 mov eax, dword ptr fs:[00000030h]6_2_012A5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5050 mov eax, dword ptr fs:[00000030h]6_2_012A5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5050 mov eax, dword ptr fs:[00000030h]6_2_012A5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C0050 mov eax, dword ptr fs:[00000030h]6_2_012C0050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C0050 mov eax, dword ptr fs:[00000030h]6_2_012C0050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A7057 mov eax, dword ptr fs:[00000030h]6_2_012A7057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E90AF mov eax, dword ptr fs:[00000030h]6_2_012E90AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28AE mov eax, dword ptr fs:[00000030h]6_2_012B28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28AE mov eax, dword ptr fs:[00000030h]6_2_012B28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28AE mov eax, dword ptr fs:[00000030h]6_2_012B28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28AE mov ecx, dword ptr fs:[00000030h]6_2_012B28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28AE mov eax, dword ptr fs:[00000030h]6_2_012B28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28AE mov eax, dword ptr fs:[00000030h]6_2_012B28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A0 mov eax, dword ptr fs:[00000030h]6_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A0 mov eax, dword ptr fs:[00000030h]6_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A0 mov eax, dword ptr fs:[00000030h]6_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A0 mov eax, dword ptr fs:[00000030h]6_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A0 mov eax, dword ptr fs:[00000030h]6_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D20A0 mov eax, dword ptr fs:[00000030h]6_2_012D20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D78A0 mov eax, dword ptr fs:[00000030h]6_2_012D78A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DF0BF mov ecx, dword ptr fs:[00000030h]6_2_012DF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DF0BF mov eax, dword ptr fs:[00000030h]6_2_012DF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DF0BF mov eax, dword ptr fs:[00000030h]6_2_012DF0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9080 mov eax, dword ptr fs:[00000030h]6_2_012A9080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A3880 mov eax, dword ptr fs:[00000030h]6_2_012A3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A3880 mov eax, dword ptr fs:[00000030h]6_2_012A3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01323884 mov eax, dword ptr fs:[00000030h]6_2_01323884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01323884 mov eax, dword ptr fs:[00000030h]6_2_01323884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013660F5 mov eax, dword ptr fs:[00000030h]6_2_013660F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013660F5 mov eax, dword ptr fs:[00000030h]6_2_013660F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013660F5 mov eax, dword ptr fs:[00000030h]6_2_013660F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013660F5 mov eax, dword ptr fs:[00000030h]6_2_013660F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A58EC mov eax, dword ptr fs:[00000030h]6_2_012A58EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB8E4 mov eax, dword ptr fs:[00000030h]6_2_012CB8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB8E4 mov eax, dword ptr fs:[00000030h]6_2_012CB8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A40E1 mov eax, dword ptr fs:[00000030h]6_2_012A40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A40E1 mov eax, dword ptr fs:[00000030h]6_2_012A40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A40E1 mov eax, dword ptr fs:[00000030h]6_2_012A40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28FD mov eax, dword ptr fs:[00000030h]6_2_012B28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28FD mov eax, dword ptr fs:[00000030h]6_2_012B28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B28FD mov eax, dword ptr fs:[00000030h]6_2_012B28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0133B8D0 mov eax, dword ptr fs:[00000030h]6_2_0133B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0133B8D0 mov ecx, dword ptr fs:[00000030h]6_2_0133B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0133B8D0 mov eax, dword ptr fs:[00000030h]6_2_0133B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0133B8D0 mov eax, dword ptr fs:[00000030h]6_2_0133B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0133B8D0 mov eax, dword ptr fs:[00000030h]6_2_0133B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0133B8D0 mov eax, dword ptr fs:[00000030h]6_2_0133B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A70C0 mov eax, dword ptr fs:[00000030h]6_2_012A70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A70C0 mov eax, dword ptr fs:[00000030h]6_2_012A70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013618CA mov eax, dword ptr fs:[00000030h]6_2_013618CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A78D6 mov eax, dword ptr fs:[00000030h]6_2_012A78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A78D6 mov eax, dword ptr fs:[00000030h]6_2_012A78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A78D6 mov ecx, dword ptr fs:[00000030h]6_2_012A78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA309 mov eax, dword ptr fs:[00000030h]6_2_012CA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136131B mov eax, dword ptr fs:[00000030h]6_2_0136131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012ADB60 mov ecx, dword ptr fs:[00000030h]6_2_012ADB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01336365 mov eax, dword ptr fs:[00000030h]6_2_01336365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01336365 mov eax, dword ptr fs:[00000030h]6_2_01336365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01336365 mov eax, dword ptr fs:[00000030h]6_2_01336365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3B7A mov eax, dword ptr fs:[00000030h]6_2_012D3B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3B7A mov eax, dword ptr fs:[00000030h]6_2_012D3B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A7B70 mov eax, dword ptr fs:[00000030h]6_2_012A7B70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BF370 mov eax, dword ptr fs:[00000030h]6_2_012BF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BF370 mov eax, dword ptr fs:[00000030h]6_2_012BF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BF370 mov eax, dword ptr fs:[00000030h]6_2_012BF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012ADB40 mov eax, dword ptr fs:[00000030h]6_2_012ADB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378B58 mov eax, dword ptr fs:[00000030h]6_2_01378B58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AF358 mov eax, dword ptr fs:[00000030h]6_2_012AF358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3B5A mov eax, dword ptr fs:[00000030h]6_2_012D3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3B5A mov eax, dword ptr fs:[00000030h]6_2_012D3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3B5A mov eax, dword ptr fs:[00000030h]6_2_012D3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3B5A mov eax, dword ptr fs:[00000030h]6_2_012D3B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4BAD mov eax, dword ptr fs:[00000030h]6_2_012D4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4BAD mov eax, dword ptr fs:[00000030h]6_2_012D4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4BAD mov eax, dword ptr fs:[00000030h]6_2_012D4BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378BB6 mov eax, dword ptr fs:[00000030h]6_2_01378BB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01379BBE mov eax, dword ptr fs:[00000030h]6_2_01379BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01375BA5 mov eax, dword ptr fs:[00000030h]6_2_01375BA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361BA8 mov eax, dword ptr fs:[00000030h]6_2_01361BA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B1B8F mov eax, dword ptr fs:[00000030h]6_2_012B1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B1B8F mov eax, dword ptr fs:[00000030h]6_2_012B1B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D138B mov eax, dword ptr fs:[00000030h]6_2_012D138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D138B mov eax, dword ptr fs:[00000030h]6_2_012D138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D138B mov eax, dword ptr fs:[00000030h]6_2_012D138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0135D380 mov ecx, dword ptr fs:[00000030h]6_2_0135D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CEB9A mov eax, dword ptr fs:[00000030h]6_2_012CEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CEB9A mov eax, dword ptr fs:[00000030h]6_2_012CEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2397 mov eax, dword ptr fs:[00000030h]6_2_012D2397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136138A mov eax, dword ptr fs:[00000030h]6_2_0136138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DB390 mov eax, dword ptr fs:[00000030h]6_2_012DB390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134EB8A mov ecx, dword ptr fs:[00000030h]6_2_0134EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134EB8A mov eax, dword ptr fs:[00000030h]6_2_0134EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134EB8A mov eax, dword ptr fs:[00000030h]6_2_0134EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134EB8A mov eax, dword ptr fs:[00000030h]6_2_0134EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A4B94 mov edi, dword ptr fs:[00000030h]6_2_012A4B94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A1BE9 mov eax, dword ptr fs:[00000030h]6_2_012A1BE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CDBE9 mov eax, dword ptr fs:[00000030h]6_2_012CDBE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D03E2 mov eax, dword ptr fs:[00000030h]6_2_012D03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D03E2 mov eax, dword ptr fs:[00000030h]6_2_012D03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D03E2 mov eax, dword ptr fs:[00000030h]6_2_012D03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D03E2 mov eax, dword ptr fs:[00000030h]6_2_012D03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D03E2 mov eax, dword ptr fs:[00000030h]6_2_012D03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D03E2 mov eax, dword ptr fs:[00000030h]6_2_012D03E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013523E3 mov ecx, dword ptr fs:[00000030h]6_2_013523E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013523E3 mov ecx, dword ptr fs:[00000030h]6_2_013523E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013523E3 mov eax, dword ptr fs:[00000030h]6_2_013523E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D53C5 mov eax, dword ptr fs:[00000030h]6_2_012D53C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013253CA mov eax, dword ptr fs:[00000030h]6_2_013253CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013253CA mov eax, dword ptr fs:[00000030h]6_2_013253CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E4A2C mov eax, dword ptr fs:[00000030h]6_2_012E4A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E4A2C mov eax, dword ptr fs:[00000030h]6_2_012E4A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CA229 mov eax, dword ptr fs:[00000030h]6_2_012CA229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A4A20 mov eax, dword ptr fs:[00000030h]6_2_012A4A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A4A20 mov eax, dword ptr fs:[00000030h]6_2_012A4A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A8239 mov eax, dword ptr fs:[00000030h]6_2_012A8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A8239 mov eax, dword ptr fs:[00000030h]6_2_012A8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A8239 mov eax, dword ptr fs:[00000030h]6_2_012A8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB236 mov eax, dword ptr fs:[00000030h]6_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB236 mov eax, dword ptr fs:[00000030h]6_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB236 mov eax, dword ptr fs:[00000030h]6_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB236 mov eax, dword ptr fs:[00000030h]6_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB236 mov eax, dword ptr fs:[00000030h]6_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CB236 mov eax, dword ptr fs:[00000030h]6_2_012CB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361229 mov eax, dword ptr fs:[00000030h]6_2_01361229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136AA16 mov eax, dword ptr fs:[00000030h]6_2_0136AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136AA16 mov eax, dword ptr fs:[00000030h]6_2_0136AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B8A0A mov eax, dword ptr fs:[00000030h]6_2_012B8A0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov ecx, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BBA00 mov eax, dword ptr fs:[00000030h]6_2_012BBA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C3A1C mov eax, dword ptr fs:[00000030h]6_2_012C3A1C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5210 mov eax, dword ptr fs:[00000030h]6_2_012A5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5210 mov ecx, dword ptr fs:[00000030h]6_2_012A5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5210 mov eax, dword ptr fs:[00000030h]6_2_012A5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5210 mov eax, dword ptr fs:[00000030h]6_2_012A5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AAA16 mov eax, dword ptr fs:[00000030h]6_2_012AAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AAA16 mov eax, dword ptr fs:[00000030h]6_2_012AAA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E5A69 mov eax, dword ptr fs:[00000030h]6_2_012E5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E5A69 mov eax, dword ptr fs:[00000030h]6_2_012E5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E5A69 mov eax, dword ptr fs:[00000030h]6_2_012E5A69
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E927A mov eax, dword ptr fs:[00000030h]6_2_012E927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0135B260 mov eax, dword ptr fs:[00000030h]6_2_0135B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0135B260 mov eax, dword ptr fs:[00000030h]6_2_0135B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378A62 mov eax, dword ptr fs:[00000030h]6_2_01378A62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136EA55 mov eax, dword ptr fs:[00000030h]6_2_0136EA55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01334257 mov eax, dword ptr fs:[00000030h]6_2_01334257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361A5F mov eax, dword ptr fs:[00000030h]6_2_01361A5F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9240 mov eax, dword ptr fs:[00000030h]6_2_012A9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9240 mov eax, dword ptr fs:[00000030h]6_2_012A9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9240 mov eax, dword ptr fs:[00000030h]6_2_012A9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A9240 mov eax, dword ptr fs:[00000030h]6_2_012A9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01365A4F mov eax, dword ptr fs:[00000030h]6_2_01365A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01365A4F mov eax, dword ptr fs:[00000030h]6_2_01365A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01365A4F mov eax, dword ptr fs:[00000030h]6_2_01365A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01365A4F mov eax, dword ptr fs:[00000030h]6_2_01365A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A1AA0 mov eax, dword ptr fs:[00000030h]6_2_012A1AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B62A0 mov eax, dword ptr fs:[00000030h]6_2_012B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B62A0 mov eax, dword ptr fs:[00000030h]6_2_012B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B62A0 mov eax, dword ptr fs:[00000030h]6_2_012B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B62A0 mov eax, dword ptr fs:[00000030h]6_2_012B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D5AA0 mov eax, dword ptr fs:[00000030h]6_2_012D5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D5AA0 mov eax, dword ptr fs:[00000030h]6_2_012D5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A52A5 mov eax, dword ptr fs:[00000030h]6_2_012A52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A52A5 mov eax, dword ptr fs:[00000030h]6_2_012A52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A52A5 mov eax, dword ptr fs:[00000030h]6_2_012A52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A52A5 mov eax, dword ptr fs:[00000030h]6_2_012A52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A52A5 mov eax, dword ptr fs:[00000030h]6_2_012A52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D12BD mov esi, dword ptr fs:[00000030h]6_2_012D12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D12BD mov eax, dword ptr fs:[00000030h]6_2_012D12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D12BD mov eax, dword ptr fs:[00000030h]6_2_012D12BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BAAB0 mov eax, dword ptr fs:[00000030h]6_2_012BAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BAAB0 mov eax, dword ptr fs:[00000030h]6_2_012BAAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DFAB0 mov eax, dword ptr fs:[00000030h]6_2_012DFAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DDA88 mov eax, dword ptr fs:[00000030h]6_2_012DDA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DDA88 mov eax, dword ptr fs:[00000030h]6_2_012DDA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136129A mov eax, dword ptr fs:[00000030h]6_2_0136129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DD294 mov eax, dword ptr fs:[00000030h]6_2_012DD294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DD294 mov eax, dword ptr fs:[00000030h]6_2_012DD294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2AE4 mov eax, dword ptr fs:[00000030h]6_2_012D2AE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01364AEF mov eax, dword ptr fs:[00000030h]6_2_01364AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A3ACA mov eax, dword ptr fs:[00000030h]6_2_012A3ACA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2ACB mov eax, dword ptr fs:[00000030h]6_2_012D2ACB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5AC0 mov eax, dword ptr fs:[00000030h]6_2_012A5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5AC0 mov eax, dword ptr fs:[00000030h]6_2_012A5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A5AC0 mov eax, dword ptr fs:[00000030h]6_2_012A5AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378ADD mov eax, dword ptr fs:[00000030h]6_2_01378ADD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A12D4 mov eax, dword ptr fs:[00000030h]6_2_012A12D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378D34 mov eax, dword ptr fs:[00000030h]6_2_01378D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0132A537 mov eax, dword ptr fs:[00000030h]6_2_0132A537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DF527 mov eax, dword ptr fs:[00000030h]6_2_012DF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DF527 mov eax, dword ptr fs:[00000030h]6_2_012DF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DF527 mov eax, dword ptr fs:[00000030h]6_2_012DF527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136E539 mov eax, dword ptr fs:[00000030h]6_2_0136E539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4D3B mov eax, dword ptr fs:[00000030h]6_2_012D4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4D3B mov eax, dword ptr fs:[00000030h]6_2_012D4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D4D3B mov eax, dword ptr fs:[00000030h]6_2_012D4D3B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012AAD30 mov eax, dword ptr fs:[00000030h]6_2_012AAD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012B3D34 mov eax, dword ptr fs:[00000030h]6_2_012B3D34
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01363518 mov eax, dword ptr fs:[00000030h]6_2_01363518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01363518 mov eax, dword ptr fs:[00000030h]6_2_01363518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01363518 mov eax, dword ptr fs:[00000030h]6_2_01363518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A751A mov eax, dword ptr fs:[00000030h]6_2_012A751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A751A mov eax, dword ptr fs:[00000030h]6_2_012A751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A751A mov eax, dword ptr fs:[00000030h]6_2_012A751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A751A mov eax, dword ptr fs:[00000030h]6_2_012A751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0134CD04 mov eax, dword ptr fs:[00000030h]6_2_0134CD04
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C8D76 mov eax, dword ptr fs:[00000030h]6_2_012C8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C8D76 mov eax, dword ptr fs:[00000030h]6_2_012C8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C8D76 mov eax, dword ptr fs:[00000030h]6_2_012C8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C8D76 mov eax, dword ptr fs:[00000030h]6_2_012C8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C8D76 mov eax, dword ptr fs:[00000030h]6_2_012C8D76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CC577 mov eax, dword ptr fs:[00000030h]6_2_012CC577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012CC577 mov eax, dword ptr fs:[00000030h]6_2_012CC577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A354C mov eax, dword ptr fs:[00000030h]6_2_012A354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A354C mov eax, dword ptr fs:[00000030h]6_2_012A354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E3D43 mov eax, dword ptr fs:[00000030h]6_2_012E3D43
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01323540 mov eax, dword ptr fs:[00000030h]6_2_01323540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01358D47 mov eax, dword ptr fs:[00000030h]6_2_01358D47
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01353D40 mov eax, dword ptr fs:[00000030h]6_2_01353D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C7D50 mov eax, dword ptr fs:[00000030h]6_2_012C7D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E4D51 mov eax, dword ptr fs:[00000030h]6_2_012E4D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012E4D51 mov eax, dword ptr fs:[00000030h]6_2_012E4D51
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D35A1 mov eax, dword ptr fs:[00000030h]6_2_012D35A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D65A0 mov eax, dword ptr fs:[00000030h]6_2_012D65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D65A0 mov eax, dword ptr fs:[00000030h]6_2_012D65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D65A0 mov eax, dword ptr fs:[00000030h]6_2_012D65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D1DB5 mov eax, dword ptr fs:[00000030h]6_2_012D1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D1DB5 mov eax, dword ptr fs:[00000030h]6_2_012D1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D1DB5 mov eax, dword ptr fs:[00000030h]6_2_012D1DB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013705AC mov eax, dword ptr fs:[00000030h]6_2_013705AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_013705AC mov eax, dword ptr fs:[00000030h]6_2_013705AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A2D8A mov eax, dword ptr fs:[00000030h]6_2_012A2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A2D8A mov eax, dword ptr fs:[00000030h]6_2_012A2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A2D8A mov eax, dword ptr fs:[00000030h]6_2_012A2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A2D8A mov eax, dword ptr fs:[00000030h]6_2_012A2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A2D8A mov eax, dword ptr fs:[00000030h]6_2_012A2D8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2581 mov eax, dword ptr fs:[00000030h]6_2_012D2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2581 mov eax, dword ptr fs:[00000030h]6_2_012D2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2581 mov eax, dword ptr fs:[00000030h]6_2_012D2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D2581 mov eax, dword ptr fs:[00000030h]6_2_012D2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01362D82 mov eax, dword ptr fs:[00000030h]6_2_01362D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DFD9B mov eax, dword ptr fs:[00000030h]6_2_012DFD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DFD9B mov eax, dword ptr fs:[00000030h]6_2_012DFD9B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136B581 mov eax, dword ptr fs:[00000030h]6_2_0136B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136B581 mov eax, dword ptr fs:[00000030h]6_2_0136B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136B581 mov eax, dword ptr fs:[00000030h]6_2_0136B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136B581 mov eax, dword ptr fs:[00000030h]6_2_0136B581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A3591 mov eax, dword ptr fs:[00000030h]6_2_012A3591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D95EC mov eax, dword ptr fs:[00000030h]6_2_012D95EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01358DF1 mov eax, dword ptr fs:[00000030h]6_2_01358DF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BD5E0 mov eax, dword ptr fs:[00000030h]6_2_012BD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BD5E0 mov eax, dword ptr fs:[00000030h]6_2_012BD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136FDE2 mov eax, dword ptr fs:[00000030h]6_2_0136FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136FDE2 mov eax, dword ptr fs:[00000030h]6_2_0136FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136FDE2 mov eax, dword ptr fs:[00000030h]6_2_0136FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0136FDE2 mov eax, dword ptr fs:[00000030h]6_2_0136FDE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A95F0 mov eax, dword ptr fs:[00000030h]6_2_012A95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A95F0 mov ecx, dword ptr fs:[00000030h]6_2_012A95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0135FDD3 mov eax, dword ptr fs:[00000030h]6_2_0135FDD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A15C1 mov eax, dword ptr fs:[00000030h]6_2_012A15C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326DC9 mov eax, dword ptr fs:[00000030h]6_2_01326DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326DC9 mov eax, dword ptr fs:[00000030h]6_2_01326DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326DC9 mov eax, dword ptr fs:[00000030h]6_2_01326DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326DC9 mov ecx, dword ptr fs:[00000030h]6_2_01326DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326DC9 mov eax, dword ptr fs:[00000030h]6_2_01326DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326DC9 mov eax, dword ptr fs:[00000030h]6_2_01326DC9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DBC2C mov eax, dword ptr fs:[00000030h]6_2_012DBC2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3C3E mov eax, dword ptr fs:[00000030h]6_2_012D3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3C3E mov eax, dword ptr fs:[00000030h]6_2_012D3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012D3C3E mov eax, dword ptr fs:[00000030h]6_2_012D3C3E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A4439 mov eax, dword ptr fs:[00000030h]6_2_012A4439
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB433 mov eax, dword ptr fs:[00000030h]6_2_012BB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB433 mov eax, dword ptr fs:[00000030h]6_2_012BB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012BB433 mov eax, dword ptr fs:[00000030h]6_2_012BB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C2430 mov eax, dword ptr fs:[00000030h]6_2_012C2430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C2430 mov eax, dword ptr fs:[00000030h]6_2_012C2430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378C14 mov eax, dword ptr fs:[00000030h]6_2_01378C14
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01361C06 mov eax, dword ptr fs:[00000030h]6_2_01361C06
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326C0A mov eax, dword ptr fs:[00000030h]6_2_01326C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326C0A mov eax, dword ptr fs:[00000030h]6_2_01326C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326C0A mov eax, dword ptr fs:[00000030h]6_2_01326C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01326C0A mov eax, dword ptr fs:[00000030h]6_2_01326C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137740D mov eax, dword ptr fs:[00000030h]6_2_0137740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137740D mov eax, dword ptr fs:[00000030h]6_2_0137740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_0137740D mov eax, dword ptr fs:[00000030h]6_2_0137740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012A8410 mov eax, dword ptr fs:[00000030h]6_2_012A8410
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012C746D mov eax, dword ptr fs:[00000030h]6_2_012C746D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_01378C75 mov eax, dword ptr fs:[00000030h]6_2_01378C75
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeCode function: 6_2_012DAC7B mov eax, dword ptr fs:[00000030h]6_2_012DAC7B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe {path}Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Fareit-FZVA14157D843C5.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to beha