Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.Packed2.42850.4964.3326

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.Packed2.42850.4964.3326 (renamed file extension from 3326 to exe)
Analysis ID:356696
MD5:2201881c6cc2de12c71f906e43178ef9
SHA1:2b494db5e52b74df25ff068d0d2a3295aae4f658
SHA256:945ebbaf8c08902ed75eb98f5cabd2dbd88708c1aac37a35762db091c1ce0476
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.aone223.com/67d/"], "decoy": ["initiationportal.com", "priority1fleet.com", "xn--c1abvlc0ba.xn--p1acf", "foto-golyh-devushek.com", "losangeles-nightlife.com", "mynewbandname.com", "iaiibhzsbw.net", "allwest-originals.com", "peakofgoodlife.com", "traeespana.com", "prizotinstagram.online", "powerd.net", "rutharroyo.com", "spreadtheaimee.com", "tomleefamily.com", "workingcompass.net", "quallateematerial.com", "davizion.com", "ashleeramdanfit.com", "gamers-evolution.com", "bohrabiz.com", "twigandbloomfloral.com", "nhdpartners.com", "wakedcma.com", "algulotomotiv.com", "kocaelikiralikvinc.com", "listenupfoundation.net", "studiozetamilano.com", "luckybluebird.net", "xigo100.com", "hattonpalacejewellery.com", "bolsasmariabonita.com", "didierjammet.com", "wndslve.com", "wiprideinc.com", "aktiv.plus", "americanseniorcarecorp.com", "calmbears.com", "gearsevenfitness.com", "naigves.com", "stremate.webcam", "awakenedbyowls.com", "pelican-foot.com", "t-c-o-t-c.com", "disinfectingcinci.com", "buyrealestatewithchris.com", "g-grid.net", "dodadungthongminh.asia", "prospect300.com", "rjutilities.com", "mylegalmavens.com", "talalmando.com", "localheroes.space", "writinglover.site", "brink100.com", "bim3dstudio.com", "absak-lab1.net", "torontodo.com", "repwebtools.com", "films4christians.com", "raptorroofingcompany.com", "lrrestoration.com", "zhongqinglvyou.com", "jangabeach.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x13a6f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x13a962:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x166d18:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x166f82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146485:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x172aa5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x145f71:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x172591:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x146587:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x172ba7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1466ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x172d1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x13b37a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x16799a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1451ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x17180c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x13c073:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x168693:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x14c127:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x178747:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x14d12a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 1 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x183f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1850c:$sqlite3step: 68 34 1C 7B E1
        • 0x18428:$sqlite3text: 68 38 2A 90 C5
        • 0x1854d:$sqlite3text: 68 38 2A 90 C5
        • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
        5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 4 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.aone223.com/67d/"], "decoy": ["initiationportal.com", "priority1fleet.com", "xn--c1abvlc0ba.xn--p1acf", "foto-golyh-devushek.com", "losangeles-nightlife.com", "mynewbandname.com", "iaiibhzsbw.net", "allwest-originals.com", "peakofgoodlife.com", "traeespana.com", "prizotinstagram.online", "powerd.net", "rutharroyo.com", "spreadtheaimee.com", "tomleefamily.com", "workingcompass.net", "quallateematerial.com", "davizion.com", "ashleeramdanfit.com", "gamers-evolution.com", "bohrabiz.com", "twigandbloomfloral.com", "nhdpartners.com", "wakedcma.com", "algulotomotiv.com", "kocaelikiralikvinc.com", "listenupfoundation.net", "studiozetamilano.com", "luckybluebird.net", "xigo100.com", "hattonpalacejewellery.com", "bolsasmariabonita.com", "didierjammet.com", "wndslve.com", "wiprideinc.com", "aktiv.plus", "americanseniorcarecorp.com", "calmbears.com", "gearsevenfitness.com", "naigves.com", "stremate.webcam", "awakenedbyowls.com", "pelican-foot.com", "t-c-o-t-c.com", "disinfectingcinci.com", "buyrealestatewithchris.com", "g-grid.net", "dodadungthongminh.asia", "prospect300.com", "rjutilities.com", "mylegalmavens.com", "talalmando.com", "localheroes.space", "writinglover.site", "brink100.com", "bim3dstudio.com", "absak-lab1.net", "torontodo.com", "repwebtools.com", "films4christians.com", "raptorroofingcompany.com", "lrrestoration.com", "zhongqinglvyou.com", "jangabeach.com"]}
          Multi AV Scanner detection for domain / URLShow sources
          Source: www.aone223.com/67d/Virustotal: Detection: 6%Perma Link
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeVirustotal: Detection: 19%Perma Link
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeReversingLabs: Detection: 25%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Compliance:

          barindex
          Uses 32bit PE filesShow sources
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.697724037.00000000012AF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 4x nop then pop esi
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 4x nop then pop edi

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.aone223.com/67d/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://code.google.com/feeds/p/topicalmemorysystem/downloads/basic.xml
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://code.google.com/p/topicalmemorysystem/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://topicalmemorysystem.googlecode.com/files/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.biblegateway.com/passage/?search=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.biblija.net/biblija.cgi?m=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.blueletterbible.org/Bible.cfm?b=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.esvstudybible.org/search?q=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeString found in binary or memory: http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695420401.00000000012AB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419D50 NtCreateFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E00 NtReadFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E80 NtClose,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419F30 NtAllocateVirtualMemory,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419D4A NtCreateFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419DFA NtReadFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E4B NtReadFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419E7A NtClose,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00419F2B NtAllocateVirtualMemory,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9660 NtAllocateVirtualMemory,LdrInitializeThunk,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F96E0 NtFreeVirtualMemory,LdrInitializeThunk,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9910 NtAdjustPrivilegesToken,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9950 NtQueueApcThread,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F99A0 NtCreateSection,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F99D0 NtCreateProcessEx,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9820 NtEnumerateKey,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FB040 NtSuspendThread,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9840 NtDelayExecution,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F98A0 NtWriteVirtualMemory,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F98F0 NtReadVirtualMemory,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9B00 NtSetValueKey,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FA3B0 NtGetContextThread,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A10 NtQuerySection,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A00 NtProtectVirtualMemory,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A20 NtResumeThread,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A50 NtCreateFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9A80 NtOpenDirectoryObject,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FAD30 NtSetContextThread,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9520 NtWaitForSingleObject,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9540 NtReadFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9560 NtWriteFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F95D0 NtClose,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F95F0 NtQueryInformationFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9710 NtQueryInformationToken,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FA710 NtOpenProcessToken,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9730 NtQueryVirtualMemory,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011FA770 NtOpenThread,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9770 NtSetInformationFile,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9760 NtOpenProcess,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9780 NtMapViewOfSection,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F97A0 NtUnmapViewOfSection,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9FE0 NtCreateMutant,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9610 NtEnumerateValueKey,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9650 NtQueryValueKey,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9670 NtQueryInformationProcess,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F96D0 NtCreateKey,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 0_2_0157D20C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 0_2_0157F2D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 0_2_0157F2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041E038
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041D1B2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_004012FC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041E2A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409E2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041E7AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BF900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D2990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128E824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012820A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012828EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01282B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D3360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DEB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EEBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01208BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127DBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012703DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012832A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012822AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127E2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01282D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B0D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D2D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01281D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012825DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D2430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127D466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127CC77
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4CD4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012767E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01281FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128DFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D5600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D6E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127D616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0123AE60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01261EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: String function: 011BB150 appears 174 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: String function: 01245720 appears 85 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: String function: 0120D08C appears 47 times
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695420401.00000000012AB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.695000293.0000000000B32000.00000002.00020000.sdmpBinary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.702089593.0000000008DC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.698216795.000000000143F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.696595806.00000000006E2000.00000002.00020000.sdmpBinary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeBinary or memory string: OriginalFilename+ vs SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal92.troj.evad.winEXE@3/1@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.logJump to behavior
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeVirustotal: Detection: 19%
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeReversingLabs: Detection: 25%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000005.00000002.697724037.00000000012AF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_004168C9 push edi; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00416927 push edi; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00413A69 push ecx; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CEF2 push eax; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CEFB push eax; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CEA5 push eax; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0041CF5C push eax; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00416786 push ecx; retf
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0120D0D1 push ecx; ret
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409A80 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeThread delayed: delay time: 922337203685477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe TID: 7004Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess information queried: ProcessInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess queried: DebugPort
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_00409A80 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F9860 NtQuerySystemInformation,LdrInitializeThunk,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9100 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C0100 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3138 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E513A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E513A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D4120 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127E962 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B395E mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B395E mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288966 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB944 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB944 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB171 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB171 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271951 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BC962 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012749A4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012369A6 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B519E mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B519E mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8190 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2990 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4190 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EA185 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012351BE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128F1B5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0128F1B5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DC182 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EC9BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EC9BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D99BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E99BC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127A189 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127A189 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C61A7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E61A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E61A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012441E8 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012889E7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C99C7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CC1C0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DD1EF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BB1E1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B31E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012731DC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E701D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B6800 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA830 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E002D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01237016 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CB02A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01284015 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01284015 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4020 mov edi, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5050 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B7057 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D0050 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D0050 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272073 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01281074 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271843 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DF86D mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9080 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3880 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3880 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF0BF mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF0BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF0BF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01233884 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01233884 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F90AF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28AE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E20A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E78A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B78D6 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B78D6 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B78D6 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012760F5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B70C0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B70C0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B0C7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B0C7 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C28FD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012718CA mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0124B8D0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B58EC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB8E4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB8E4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B40E1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B88E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA309 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127131B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01246365 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BF358 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B5A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BDB40 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B7A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3B7A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B7B70 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CF370 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288B58 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BDB60 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DEB9A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DEB9A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2397 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01285BA5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EB390 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271BA8 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B4B94 mov edi, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C1B8F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C1B8F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E138B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01289BBE mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288BB6 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126D380 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127138A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125EB8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4BAD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012623E3 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E53C5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012353CA mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012353CA mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B1BE9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DDBE9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E03E2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D3A1C mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5210 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BAA16 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BAA16 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C8A0A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CBA00 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8239 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DB236 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127AA16 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127AA16 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4A2C mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4A2C mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DA229 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B4A20 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B4A20 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126B260 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126B260 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288A62 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9240 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F927A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01275A4F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127EA55 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01244257 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5A69 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271A5F mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011ED294 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011ED294 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EDA88 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EDA88 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E12BD mov esi, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E12BD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E12BD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CAAB0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CAAB0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EFAB0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B1AA0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C62A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127129A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B52A5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E5AA0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E5AA0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01274AEF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B12D4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B2E8 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3ACA mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2ACB mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B5AC0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288ADD mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2AE4 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B751A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B9515 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0123A537 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01288D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127E539 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0125CD04 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E4D3B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011C3D34 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011BAD30 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF527 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF527 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EF527 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01273518 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01273518 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01273518 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D7D50 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4D51 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F4D51 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B354C mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B354C mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F3D43 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01268D47 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01233540 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01263D40 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DC577 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011DC577 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011D8D76 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126FD52 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012805AC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_012805AC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EFD9B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011EFD9B mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B3591 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B2D8A mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E2581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5DBF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011F5DBF mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01272D82 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127B581 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E1DB5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E1DB5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E1DB5 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E65A0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E35A1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0127FDE2 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01243DE3 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01243DE3 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01243DE3 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01268DF1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B15C1 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01236DC9 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B95F0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B95F0 mov ecx, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E95EC mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_0126FDD3 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CD5E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011CD5E0 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011B8410 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3C3E mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3C3E mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_011E3C3E mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeCode function: 5_2_01271C06 mov eax, dword ptr fs:[00000030h]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeMemory allocated: page read and write | page guard

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe {path}
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.3fa7560.1.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Masquerading1Input Capture1Security Software Discovery12Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSSystem Information Discovery112Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.Packed2.42850.4964.exe20%VirustotalBrowse
          SecuriteInfo.com.Trojan.Packed2.42850.4964.exe25%ReversingLabsByteCode-MSIL.Trojan.Pwsx

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.esvstudybible.org/search?q=0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://topicalmemorysystem.googlecode.com/files/0%Avira URL Cloudsafe
          www.aone223.com/67d/6%VirustotalBrowse
          www.aone223.com/67d/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.aone223.com/67d/true
          • 6%, Virustotal, Browse
          • Avira URL Cloud: safe
          low

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
            high
            http://www.fontbureau.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
              high
              http://www.fontbureau.com/designersGSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                high
                http://www.fontbureau.com/designers/?SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                  high
                  http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  unknown
                  http://www.fontbureau.com/designers?SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                    high
                    http://www.biblegateway.com/passage/?search=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                      high
                      http://www.esvstudybible.org/search?q=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.tiro.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      http://www.esvstudybible.org/search?q=Whttp://www.blueletterbible.org/Bible.cfm?b=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.fontbureau.com/designersSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                        high
                        http://www.goodfont.co.krSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://topicalmemorysystem.googlecode.com/files/SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.biblija.net/biblija.cgi?m=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                          high
                          http://www.carterandcone.comlSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.sajatypeworks.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.typography.netDSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            high
                            http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://fontfabrik.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.founder.com.cn/cnSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                              high
                              http://www.blueletterbible.org/Bible.cfm?b=SecuriteInfo.com.Trojan.Packed2.42850.4964.exefalse
                                high
                                http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://www.fontbureau.com/designers8SecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                  high
                                  http://www.fonts.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    high
                                    http://www.sandoll.co.krSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.urwpp.deDPleaseSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.zhongyicts.com.cnSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.sakkal.comSecuriteInfo.com.Trojan.Packed2.42850.4964.exe, 00000000.00000002.701064703.0000000006F82000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown

                                    Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox Version:31.0.0 Emerald
                                    Analysis ID:356696
                                    Start date:23.02.2021
                                    Start time:15:07:12
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 8m 15s
                                    Hypervisor based Inspection enabled:false
                                    Report type:light
                                    Sample file name:SecuriteInfo.com.Trojan.Packed2.42850.4964.3326 (renamed file extension from 3326 to exe)
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:17
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal92.troj.evad.winEXE@3/1@0/0
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 1.1% (good quality ratio 1%)
                                    • Quality average: 71.2%
                                    • Quality standard deviation: 30.8%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Stop behavior analysis, all processes terminated
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    15:08:08API Interceptor1x Sleep call for process: SecuriteInfo.com.Trojan.Packed2.42850.4964.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASN

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe.log
                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):5.355304211458859
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                    MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                    SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                    SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                    SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                    Malicious:true
                                    Reputation:high, very likely benign file
                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):6.788526402195906
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    File size:687616
                                    MD5:2201881c6cc2de12c71f906e43178ef9
                                    SHA1:2b494db5e52b74df25ff068d0d2a3295aae4f658
                                    SHA256:945ebbaf8c08902ed75eb98f5cabd2dbd88708c1aac37a35762db091c1ce0476
                                    SHA512:4ddf35b3d8c49c9334fe4e32e0db68b2780ad8528dc31595ae7d63906625faa045aaed0ef84a4264a29c3b8db8c35054478898df914c3df0512618edea59f167
                                    SSDEEP:6144:wxwz1c/m/gGqitttttwgGTyWI+G4bNSrAxx3qK6L+/rKniN0s2sdUgBODIpFds5O:9dSTES5//6L/iYsGgBODIpFds5erS8
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4`..............0..t............... ........@.. ....................................@................................

                                    File Icon

                                    Icon Hash:00828e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x4a93da
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                    Time Stamp:0x6034A3B9 [Tue Feb 23 06:42:01 2021 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa93880x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x5bc.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000xa73e00xa7400False0.628440594638data6.79752323577IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .rsrc0xaa0000x5bc0x600False0.43359375data4.23844738633IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0xac0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_VERSION0xaa0900x32cdata
                                    RT_MANIFEST0xaa3cc0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Version Infos

                                    DescriptionData
                                    Translation0x0000 0x04b0
                                    LegalCopyrightCopyright 2016
                                    Assembly Version1.0.0.0
                                    InternalNameJ.exe
                                    FileVersion1.0.0.0
                                    CompanyName
                                    LegalTrademarks
                                    Comments
                                    ProductNameCore.Numero
                                    ProductVersion1.0.0.0
                                    FileDescriptionCore.Numero
                                    OriginalFilenameJ.exe

                                    Network Behavior

                                    No network behavior found

                                    Code Manipulations

                                    Statistics

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Start time:15:07:59
                                    Start date:23/02/2021
                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe'
                                    Imagebase:0xb30000
                                    File size:687616 bytes
                                    MD5 hash:2201881C6CC2DE12C71F906E43178EF9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:.Net C# or VB.NET
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.696593624.0000000003F59000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    General

                                    Start time:15:08:21
                                    Start date:23/02/2021
                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed2.42850.4964.exe
                                    Wow64 process (32bit):true
                                    Commandline:{path}
                                    Imagebase:0x6e0000
                                    File size:687616 bytes
                                    MD5 hash:2201881C6CC2DE12C71F906E43178EF9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.696531892.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                    Reputation:low

                                    Disassembly

                                    Code Analysis

                                    Reset < >