Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.generic.ml.13800

Overview

General Information

Sample Name:SecuriteInfo.com.generic.ml.13800 (renamed file extension from 13800 to exe)
Analysis ID:289550
MD5:fe849766195a6d7581ecac3b6c9fb82a
SHA1:e10d60efdf776a24201e8983d822e1c1da1def97
SHA256:bc2e03ca292da305602c8755453fa87073810a6359f2ec9a0935fe3bb51ef886

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM_3
Binary contains a suspicious time stamp
Contains functionality to hide a thread from the debugger
Contains functionality to register a low level keyboard hook
Creates an undocumented autostart registry key
Drops PE files to the startup folder
Hides threads from debuggers
Injects a PE file into a foreign processes
Installs a global keyboard hook
May check the online IP address of the machine
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • SecuriteInfo.com.generic.ml.exe (PID: 6868 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe' MD5: FE849766195A6D7581ECAC3B6C9FB82A)
    • timeout.exe (PID: 6960 cmdline: timeout 4 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
      • conhost.exe (PID: 6968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • WerFault.exe (PID: 7124 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 1756 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • SecuriteInfo.com.generic.ml.exe (PID: 6412 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe' MD5: FE849766195A6D7581ECAC3B6C9FB82A)
    • timeout.exe (PID: 6288 cmdline: timeout 4 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
      • conhost.exe (PID: 3936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • WerFault.exe (PID: 2232 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 944 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • SecuriteInfo.com.generic.ml.exe (PID: 4512 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe' MD5: FE849766195A6D7581ECAC3B6C9FB82A)
    • timeout.exe (PID: 4392 cmdline: timeout 4 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
      • conhost.exe (PID: 1548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • SecuriteInfo.com.generic.ml.exe (PID: 5676 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe' MD5: FE849766195A6D7581ECAC3B6C9FB82A)
    • timeout.exe (PID: 5580 cmdline: timeout 4 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
      • conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • SecuriteInfo.com.generic.ml.exe (PID: 7060 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe MD5: FE849766195A6D7581ECAC3B6C9FB82A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000017.00000002.286937430.0000000003621000.00000004.00000001.sdmpSUSP_XORed_MSDOS_Stub_MessageDetects suspicious XORed MSDOS stub messageFlorian Roth
  • 0x2cad6:$xo1: Vjkq"rpmepco"acllmv"`g"pwl"kl"FMQ"omfg
00000002.00000002.213178610.00000000040D9000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000001D.00000002.456573342.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.212702190.0000000003FE1000.00000004.00000001.sdmpSUSP_XORed_MSDOS_Stub_MessageDetects suspicious XORed MSDOS stub messageFlorian Roth
      • 0x2cad6:$xo1: Vjkq"rpmepco"acllmv"`g"pwl"kl"FMQ"omfg
      00000009.00000002.256751336.0000000003AC1000.00000004.00000001.sdmpSUSP_XORed_MSDOS_Stub_MessageDetects suspicious XORed MSDOS stub messageFlorian Roth
      • 0x2cad6:$xo1: Vjkq"rpmepco"acllmv"`g"pwl"kl"FMQ"omfg
      Click to see the 15 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      15.2.SecuriteInfo.com.generic.ml.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        29.2.SecuriteInfo.com.generic.ml.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          5.2.SecuriteInfo.com.generic.ml.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

            Sigma Overview

            No Sigma rule has matched

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus / Scanner detection for submitted sampleShow sources
            Source: SecuriteInfo.com.generic.ml.exeAvira: detected
            Antivirus detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeAvira: detection malicious, Label: TR/Kryptik.ecshz
            Multi AV Scanner detection for submitted fileShow sources
            Source: SecuriteInfo.com.generic.ml.exeVirustotal: Detection: 9%Perma Link
            Source: 15.2.SecuriteInfo.com.generic.ml.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
            Source: 29.2.SecuriteInfo.com.generic.ml.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
            Source: 5.2.SecuriteInfo.com.generic.ml.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

            Networking:

            barindex
            May check the online IP address of the machineShow sources
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: Joe Sandbox ViewIP Address: 23.21.109.69 23.21.109.69
            Source: Joe Sandbox ViewIP Address: 23.21.109.69 23.21.109.69
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS traffic detected: queries for: paste.nrecom.net
            Source: SecuriteInfo.com.generic.ml.exe, 00000005.00000002.251986367.0000000002BD1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461301127.0000000002B11000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.460864988.00000000029E1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.460864988.00000000029E1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461542269.0000000002BDA000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.org
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211171416.0000000002EF5000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.252955138.00000000029D5000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284741785.0000000002535000.00000004.00000001.sdmpString found in binary or memory: http://cert.int-x3.letsencrypt.org/0
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211171416.0000000002EF5000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.252955138.00000000029D5000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284741785.0000000002535000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.466755287.0000000005F60000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.466755287.0000000005F60000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461542269.0000000002BDA000.00000004.00000001.sdmpString found in binary or memory: http://elb097307-934924932.us-east-1.elb.amazonaws.com
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.466755287.0000000005F60000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://ocsp.digicert.com0C
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: http://ocsp.digicert.com0O
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211171416.0000000002EF5000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.252955138.00000000029D5000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284741785.0000000002535000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.int-x3.letsencrypt.org0/
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211146024.0000000002EC1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.252603345.00000000029A1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461428761.0000000002BA2000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284687022.0000000002501000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.460864988.00000000029E1000.00000004.00000001.sdmpString found in binary or memory: http://tyfapw.com
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461428761.0000000002BA2000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461428761.0000000002BA2000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org/
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461428761.0000000002BA2000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org4
            Source: SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.460864988.00000000029E1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.orgGETMozilla/5.0
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.213178610.00000000040D9000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000005.00000002.250213465.0000000000402000.00000040.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.256921983.0000000003BBB000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.456599653.0000000000402000.00000040.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.287229622.000000000371A000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.456573342.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/
            Source: SecuriteInfo.com.generic.ml.exe, 00000005.00000002.251986367.0000000002BD1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461301127.0000000002B11000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.460864988.00000000029E1000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211146024.0000000002EC1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.252603345.00000000029A1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284687022.0000000002501000.00000004.00000001.sdmpString found in binary or memory: https://paste.nrecom.net
            Source: SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284687022.0000000002501000.00000004.00000001.sdmpString found in binary or memory: https://paste.nrecom.net/view/raw/be94a73d
            Source: SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284687022.0000000002501000.00000004.00000001.sdmpString found in binary or memory: https://paste.nrecom.net/view/raw/c21f28f9
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211146024.0000000002EC1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.252603345.00000000029A1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284687022.0000000002501000.00000004.00000001.sdmpString found in binary or memory: https://paste.nrecom.net/view/raw/fa428ca9
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.213178610.00000000040D9000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000002.00000002.211203867.0000000002F0C000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.253008043.00000000029EC000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.256921983.0000000003BBB000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.284795004.000000000254C000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.287229622.000000000371A000.00000004.00000001.sdmpString found in binary or memory: https://pastebin.com/raw/W63zsRav
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.466755287.0000000005F60000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: https://www.digicert.com/CPS0
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.213178610.00000000040D9000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000005.00000002.250213465.0000000000402000.00000040.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.256921983.0000000003BBB000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.456599653.0000000000402000.00000040.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 00000017.00000002.287229622.000000000371A000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.456573342.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
            Source: SecuriteInfo.com.generic.ml.exe, 00000005.00000002.251986367.0000000002BD1000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.461301127.0000000002B11000.00000004.00000001.sdmp, SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.460864988.00000000029E1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735

            Key, Mouse, Clipboard, Microphone and Screen Capturing:

            barindex
            Contains functionality to register a low level keyboard hookShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_05CAD95C SetWindowsHookExW 0000000D,00000000,?,?15_2_05CAD95C
            Installs a global keyboard hookShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeWindow created: window name: CLIPBRDWNDCLASS
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8D168 NtSetInformationThread,2_2_02E8D168
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8E17A NtSetInformationThread,2_2_02E8E17A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E0D168 NtSetInformationThread,9_2_00E0D168
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E0E17A NtSetInformationThread,9_2_00E0E17A
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BD168 NtSetInformationThread,23_2_023BD168
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BE17B NtSetInformationThread,23_2_023BE17B
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_00BCD7C92_2_00BCD7C9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8D3E02_2_02E8D3E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E860242_2_02E86024
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E867A82_2_02E867A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E897802_2_02E89780
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E81DEC2_2_02E81DEC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8D3A02_2_02E8D3A0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8D4DB2_2_02E8D4DB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8D5642_2_02E8D564
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8D5512_2_02E8D551
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E828A62_2_02E828A6
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E818B82_2_02E818B8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD46E05_2_00FD46E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD35EC5_2_00FD35EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD3D805_2_00FD3D80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD45EF5_2_00FD45EF
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD46D85_2_00FD46D8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD53D05_2_00FD53D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FDD3205_2_00FDD320
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_00FD35E05_2_00FD35E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_05FF75305_2_05FF7530
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_05FF90F05_2_05FF90F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_05FF69185_2_05FF6918
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 5_2_05FF6C605_2_05FF6C60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_0062D7C99_2_0062D7C9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E0D3D09_2_00E0D3D0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E067A89_2_00E067A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E028B09_2_00E028B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E0D4DB9_2_00E0D4DB
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E0D5649_2_00E0D564
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E0D5519_2_00E0D551
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E028A89_2_00E028A8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E018B89_2_00E018B8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 13_2_0032D7C913_2_0032D7C9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 14_2_009CD7C914_2_009CD7C9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 14_2_012B28B014_2_012B28B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 14_2_012B28A714_2_012B28A7
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 14_2_012B18B814_2_012B18B8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0070D7C915_2_0070D7C9
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_011046E015_2_011046E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_011035EC15_2_011035EC
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_01103D8015_2_01103D80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_011046D215_2_011046D2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0110D33015_2_0110D330
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_011053B015_2_011053B0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_011035E015_2_011035E0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_05CA753015_2_05CA7530
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_05CA691815_2_05CA6918
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_05CA90F015_2_05CA90F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_05CAFC4015_2_05CAFC40
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_05CA6C6015_2_05CA6C60
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_062856B815_2_062856B8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_06284F8015_2_06284F80
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628495815_2_06284958
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628A34915_2_0628A349
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628156015_2_06281560
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_001FD7C923_2_001FD7C9
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BD3E023_2_023BD3E0
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023B603023_2_023B6030
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023B28B023_2_023B28B0
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BD3D023_2_023BD3D0
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BD4DB23_2_023BD4DB
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BD56423_2_023BD564
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023BD55123_2_023BD551
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023B18B823_2_023B18B8
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_023B28A623_2_023B28A6
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_005AD7C929_2_005AD7C9
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_029046E029_2_029046E0
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_029035EC29_2_029035EC
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_029045EF29_2_029045EF
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_029053B029_2_029053B0
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_029035E029_2_029035E0
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 29_2_0290DA4029_2_0290DA40
            Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 1756
            Source: SecuriteInfo.com.generic.ml.exeStatic PE information: invalid certificate
            Source: SecuriteInfo.com.generic.ml.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SecuriteInfo.com.generic.ml.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.213178610.00000000040D9000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.213178610.00000000040D9000.00000004.00000001.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.214975128.00000000054E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000005.00000002.250393069.0000000000804000.00000002.00020000.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000005.00000002.254587654.0000000005E70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000009.00000000.228086244.0000000000654000.00000002.00020000.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.260041018.0000000004FC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.256921983.0000000003BBB000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000000D.00000002.245985151.0000000000354000.00000002.00020000.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000000E.00000002.250352583.00000000009F4000.00000002.00020000.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000000.246612603.0000000000734000.00000002.00020000.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.466062344.0000000005B10000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.458023942.0000000000AF7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000000F.00000002.467141734.00000000063B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000017.00000002.283625674.0000000000224000.00000002.00020000.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000017.00000002.287229622.000000000371A000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 00000017.00000002.289159086.0000000004C00000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exe, 0000001D.00000002.456753585.0000000000438000.00000040.00000001.sdmpBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: SecuriteInfo.com.generic.ml.exeBinary or memory string: OriginalFilename>T>T) vs SecuriteInfo.com.generic.ml.exe
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dllJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: phoneinfo.dll
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dll
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: ext-ms-win-xblauth-console-l1.dll
            Source: 00000017.00000002.286937430.0000000003621000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
            Source: 00000002.00000002.212702190.0000000003FE1000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
            Source: 00000009.00000002.256751336.0000000003AC1000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
            Source: SecuriteInfo.com.generic.ml.exe, ???????????????.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: SecuriteInfo.com.generic.ml.exe.2.dr, ???????????????.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: 2.0.SecuriteInfo.com.generic.ml.exe.bb0000.0.unpack, ???????????????.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: 2.2.SecuriteInfo.com.generic.ml.exe.bb0000.0.unpack, ???????????????.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: 5.0.SecuriteInfo.com.generic.ml.exe.7c0000.0.unpack, ???????????????.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: 5.2.SecuriteInfo.com.generic.ml.exe.7c0000.1.unpack, ???????????????.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@26/11@8/2
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6968:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3936:120:WilError_01
            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6412
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1548:120:WilError_01
            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6868
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_01
            Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER2757.tmpJump to behavior
            Source: SecuriteInfo.com.generic.ml.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
            Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: SecuriteInfo.com.generic.ml.exeVirustotal: Detection: 9%
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stop
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stopqStep Recorder wasn't stopped and saved successfully: {0}
            Source: SecuriteInfo.com.generic.ml.exeString found in binary or memory: /stopqStep Recorder wasn't stopped and saved successfully: {0}
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe 'C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe'
            Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4
            Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe
            Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 1756
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe 'C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe'
            Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4
            Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe 'C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe'
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe
            Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4
            Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 944
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe'
            Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4
            Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exe C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 4
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: SecuriteInfo.com.generic.ml.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: SecuriteInfo.com.generic.ml.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
            Source: Binary string: System.Core.ni.pdbRSDSD source: WER2757.tmp.dmp.7.dr
            Source: Binary string: SecuriteInfo.com.generic.ml.PDBL source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.250744111.0000000000AF8000.00000004.00000010.sdmp
            Source: Binary string: System.Xml.ni.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.ni.pdbRSDS source: WER2757.tmp.dmp.7.dr
            Source: Binary string: kVisualBasic.pdb source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.250744111.0000000000AF8000.00000004.00000010.sdmp
            Source: Binary string: System.Core.pdbT* source: WER6F3E.tmp.dmp.19.dr
            Source: Binary string: System.Configuration.ni.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: mscorlib.ni.pdbRSDS source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Configuration.pdb0Dnj source: WER6F3E.tmp.dmp.19.dr
            Source: Binary string: jVisualBasic.pdb source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.210533114.0000000000DB8000.00000004.00000010.sdmp
            Source: Binary string: System.Configuration.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: (PykLC:\Windows\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.250744111.0000000000AF8000.00000004.00000010.sdmp
            Source: Binary string: .pdb68 source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.250744111.0000000000AF8000.00000004.00000010.sdmp
            Source: Binary string: System.Xml.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: Microsoft.VisualBasic.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Core.ni.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Windows.Forms.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: SecuriteInfo.com.generic.ml.PDB source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.210533114.0000000000DB8000.00000004.00000010.sdmp
            Source: Binary string: (PwjLC:\Windows\Microsoft.VisualBasic.pdb source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.210533114.0000000000DB8000.00000004.00000010.sdmp
            Source: Binary string: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.PDB source: SecuriteInfo.com.generic.ml.exe, 00000009.00000002.250744111.0000000000AF8000.00000004.00000010.sdmp
            Source: Binary string: mscorlib.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: mscorlib.ni.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Core.pdb source: WER2757.tmp.dmp.7.dr
            Source: Binary string: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.PDBFw source: SecuriteInfo.com.generic.ml.exe, 00000002.00000002.210533114.0000000000DB8000.00000004.00000010.sdmp, SecuriteInfo.com.generic.ml.exe, 00000009.00000002.250744111.0000000000AF8000.00000004.00000010.sdmp
            Source: Binary string: System.Configuration.pdb+k@ source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Xml.ni.pdbRSDS source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.Xml.pdb@ source: WER2757.tmp.dmp.7.dr
            Source: Binary string: System.ni.pdb source: WER2757.tmp.dmp.7.dr

            Data Obfuscation:

            barindex
            Binary contains a suspicious time stampShow sources
            Source: initial sampleStatic PE information: 0x86B174AF [Sat Aug 10 19:44:47 2041 UTC]
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_00BB3070 push cs; ret 2_2_00BB3071
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8916F push FFFFFFE8h; retf 2_2_02E89171
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E894CB push 0000003Bh; ret 2_2_02E894CD
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8949D push 0000003Bh; ret 2_2_02E8949F
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 2_2_02E8DD8D push esp; iretd 2_2_02E8DD8E
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00613070 push cs; ret 9_2_00613071
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 9_2_00E01F2D pushfd ; retn 0000h9_2_00E01F3A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0102D31C pushfd ; ret 15_2_0102D31D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0102DC2A push esp; ret 15_2_0102DC49
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0102DC4A pushad ; ret 15_2_0102DC69
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0102D25C push esp; ret 15_2_0102D25D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0102DC6A pushfd ; ret 15_2_0102DD09
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0102D27C pushad ; ret 15_2_0102D27D
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628AA26 push es; iretd 15_2_0628B314
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628B6E9 push es; ret 15_2_0628B864
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628A6CF push es; iretd 15_2_0628B314
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628B6C3 push es; retf 15_2_0628B6E8
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628B300 push es; iretd 15_2_0628B314
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628A717 push es; iretd 15_2_0628B314
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628A779 push es; iretd 15_2_0628B314
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeCode function: 15_2_0628B8D8 push es; iretd 15_2_0628C538
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeCode function: 23_2_001E3070 push cs; ret 23_2_001E3071
            Source: initial sampleStatic PE information: section name: .text entropy: 6.94491847243
            Source: initial sampleStatic PE information: section name: .text entropy: 6.94491847243
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeJump to dropped file

            Boot Survival:

            barindex
            Creates an undocumented autostart registry key Show sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon shellJump to behavior
            Drops PE files to the startup folderShow sources
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SecuriteInfo.com.generic.ml.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SecuriteInfo.com.generic.ml.exe
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecuriteInfo.com.generic.ml.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SecuriteInfo.com.generic.ml.exe
            Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
            Source: C:\Windows\SysWOW64\WerFault.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363} DeviceTicketJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.generic.ml.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\