Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Variant.Bulz.349164.25568.5993

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Bulz.349164.25568.5993 (renamed file extension from 5993 to exe)
Analysis ID:433042
MD5:c66fe399ec0cb598b2167a348c17f6a2
SHA1:fcc9984283b3596fb575523fb90eb80ce702abe2
SHA256:57f599e4ae63304de5795909f694122665f7c492df8078f7c5abb084d09baa2d
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains method to dynamically call methods (often used by packers)
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rep.place/pba2/"], "decoy": ["marshabenjamin.com", "ipx-tv.com", "1826bet.net", "free-story-civilizatiom.com", "projecteightstudio.com", "blaxies3.com", "knowyourpharmacy.com", "daviddelavariservices.space", "hawaiidreamevents.com", "chickdeal.net", "toko363.com", "flextech.design", "americanprimativeguitar.com", "sourcesfloor.com", "project6212.com", "eggbeaterhub.xyz", "homefittness.com", "eigenguard.com", "bridgessd.com", "wordabbler.com", "432524.com", "blumlifestyle.com", "cn-liangyu.com", "earwaxsux.com", "n2keg.com", "kthetwobrothers.com", "freetoplaymedia.com", "ncunlimited.com", "mckinleygroupcommandforyou.com", "y-beautyplus.com", "plny.xyz", "luckyliars.com", "succozero.com", "zoorack.net", "myloveclubs.com", "cashstreamsonline.club", "23237a2371.info", "live-now20.xyz", "followtea.com", "xn--vhqqb70qmrhwmvnh0e.xyz", "thocudian.net", "trueradiencesolutions.net", "dictionarykick.com", "banbochfm.com", "privacyphonecover.com", "towandastorage.com", "livingthesustainablelife.com", "freeagencevoyage.com", "veritasfertilityandsurgery.com", "thehindufestival.com", "ollipsisparents.com", "caphesachnguyenchat.com", "xn--egegncel-95a.com", "americanpoolnbilliards.com", "wonderfulwanfield.com", "sheya360.com", "solterasalos40.com", "astarswimschools.net", "vcnse.com", "jinshifj.com", "washingtonreversemtgloans.com", "mutieudao.online", "fluatrec.com", "maggionsurvey.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0xc41f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xc4582:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x2b0178:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x2b0502:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xd0295:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x2bc215:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0xcfd81:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x2bbd01:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0xd0397:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x2bc317:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0xd050f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x2bc48f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xc4f9a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x2b0f1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0xceffc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x2baf7c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xc5d12:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x2b1c92:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0xd5387:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x2c1307:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xd642a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 6 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166a9:$sqlite3step: 68 34 1C 7B E1
        • 0x167bc:$sqlite3step: 68 34 1C 7B E1
        • 0x166d8:$sqlite3text: 68 38 2A 90 C5
        • 0x167fd:$sqlite3text: 68 38 2A 90 C5
        • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
        3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.rep.place/pba2/"], "decoy": ["marshabenjamin.com", "ipx-tv.com", "1826bet.net", "free-story-civilizatiom.com", "projecteightstudio.com", "blaxies3.com", "knowyourpharmacy.com", "daviddelavariservices.space", "hawaiidreamevents.com", "chickdeal.net", "toko363.com", "flextech.design", "americanprimativeguitar.com", "sourcesfloor.com", "project6212.com", "eggbeaterhub.xyz", "homefittness.com", "eigenguard.com", "bridgessd.com", "wordabbler.com", "432524.com", "blumlifestyle.com", "cn-liangyu.com", "earwaxsux.com", "n2keg.com", "kthetwobrothers.com", "freetoplaymedia.com", "ncunlimited.com", "mckinleygroupcommandforyou.com", "y-beautyplus.com", "plny.xyz", "luckyliars.com", "succozero.com", "zoorack.net", "myloveclubs.com", "cashstreamsonline.club", "23237a2371.info", "live-now20.xyz", "followtea.com", "xn--vhqqb70qmrhwmvnh0e.xyz", "thocudian.net", "trueradiencesolutions.net", "dictionarykick.com", "banbochfm.com", "privacyphonecover.com", "towandastorage.com", "livingthesustainablelife.com", "freeagencevoyage.com", "veritasfertilityandsurgery.com", "thehindufestival.com", "ollipsisparents.com", "caphesachnguyenchat.com", "xn--egegncel-95a.com", "americanpoolnbilliards.com", "wonderfulwanfield.com", "sheya360.com", "solterasalos40.com", "astarswimschools.net", "vcnse.com", "jinshifj.com", "washingtonreversemtgloans.com", "mutieudao.online", "fluatrec.com", "maggionsurvey.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeVirustotal: Detection: 45%Perma Link
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeReversingLabs: Detection: 34%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.664522711.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeJoe Sandbox ML: detected
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: IsolatedStorageSecurityOptions.pdbh2 source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: Binary string: IsolatedStorageSecurityOptions.pdb source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000003.00000002.665726046.0000000001930000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04F22250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04F23570
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04F23560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_04F22240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then pop esi3_2_0041582C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then pop ebx3_2_00406A94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 4x nop then pop edi3_2_0041566C

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.rep.place/pba2/
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664163112.0000000002EE1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.664522711.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.664522711.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.664522711.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_004181B0 NtCreateFile,3_2_004181B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00418260 NtReadFile,3_2_00418260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_004182E0 NtClose,3_2_004182E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00418390 NtAllocateVirtualMemory,3_2_00418390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041825B NtReadFile,3_2_0041825B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041838A NtAllocateVirtualMemory,3_2_0041838A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999860 NtQuerySystemInformation,LdrInitializeThunk,3_2_01999860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019996E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_019996E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_01999660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019999A0 NtCreateSection,3_2_019999A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019999D0 NtCreateProcessEx,3_2_019999D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999910 NtAdjustPrivilegesToken,3_2_01999910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999950 NtQueueApcThread,3_2_01999950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019998A0 NtWriteVirtualMemory,3_2_019998A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019998F0 NtReadVirtualMemory,3_2_019998F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999820 NtEnumerateKey,3_2_01999820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0199B040 NtSuspendThread,3_2_0199B040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999840 NtDelayExecution,3_2_01999840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0199A3B0 NtGetContextThread,3_2_0199A3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999B00 NtSetValueKey,3_2_01999B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999A80 NtOpenDirectoryObject,3_2_01999A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999A10 NtQuerySection,3_2_01999A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999A00 NtProtectVirtualMemory,3_2_01999A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999A20 NtResumeThread,3_2_01999A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999A50 NtCreateFile,3_2_01999A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019995D0 NtClose,3_2_019995D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019995F0 NtQueryInformationFile,3_2_019995F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0199AD30 NtSetContextThread,3_2_0199AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999520 NtWaitForSingleObject,3_2_01999520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999540 NtReadFile,3_2_01999540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999560 NtWriteFile,3_2_01999560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999780 NtMapViewOfSection,3_2_01999780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019997A0 NtUnmapViewOfSection,3_2_019997A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999FE0 NtCreateMutant,3_2_01999FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999710 NtQueryInformationToken,3_2_01999710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0199A710 NtOpenProcessToken,3_2_0199A710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999730 NtQueryVirtualMemory,3_2_01999730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0199A770 NtOpenThread,3_2_0199A770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999770 NtSetInformationFile,3_2_01999770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999760 NtOpenProcess,3_2_01999760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019996D0 NtCreateKey,3_2_019996D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 0_2_04F22B080_2_04F22B08
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 0_2_04F200400_2_04F20040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 0_2_04F200340_2_04F20034
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 0_2_04F202AE0_2_04F202AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 0_2_04F202530_2_04F20253
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 0_2_04F2025F0_2_04F2025F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041C1943_2_0041C194
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041BA283_2_0041BA28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041BB843_2_0041BB84
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00408C4B3_2_00408C4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00408C503_2_00408C50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00408C0A3_2_00408C0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041C5E43_2_0041C5E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00402D8B3_2_00402D8B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041B6423_2_0041B642
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041BF983_2_0041BF98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019729903_2_01972990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196C1C03_2_0196C1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195F9003_2_0195F900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019741203_2_01974120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196B0903_2_0196B090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A220A83_2_01A220A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A03_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A228EC3_2_01A228EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A2E8243_2_01A2E824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019568003_2_01956800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A110023_2_01A11002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A8303_2_0197A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197EB9A3_2_0197EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198138B3_2_0198138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019FEB8A3_2_019FEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198EBB03_2_0198EBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198ABD83_2_0198ABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A023E33_2_01A023E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019A8BE83_2_019A8BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1DBD23_2_01A1DBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A103DA3_2_01A103DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A22B283_2_01A22B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A3093_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1231B3_2_01A1231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019FCB4F3_2_019FCB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197AB403_2_0197AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019733603_2_01973360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A232A93_2_01A232A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A222AE3_2_01A222AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1E2C53_2_01A1E2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A0FA2B3_2_01A0FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B2363_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019825813_2_01982581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A12D823_2_01A12D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019865A03_2_019865A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196D5E03_2_0196D5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A225DD3_2_01A225DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A22D073_2_01A22D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01950D203_2_01950D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01972D503_2_01972D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A21D553_2_01A21D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A144963_2_01A14496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01984CD43_2_01984CD4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196841F3_2_0196841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019724303_2_01972430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1D4663_2_01A1D466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B4773_2_0197B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A167E23_2_01A167E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A21FF13_2_01A21FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A2DFCE3_2_01A2DFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A01EB63_2_01A01EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A22EF73_2_01A22EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: String function: 019AD08C appears 39 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: String function: 019E5720 appears 74 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: String function: 0195B150 appears 153 times
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000000.654505180.0000000000B86000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIsolatedStorageSecurityOptions.exe< vs SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.669811504.0000000006080000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000003.00000002.667569220.0000000001BDF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000003.00000000.662192891.0000000000F76000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIsolatedStorageSecurityOptions.exe< vs SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeBinary or memory string: OriginalFilenameIsolatedStorageSecurityOptions.exe< vs SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.662601270.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.664811462.0000000003EE9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.664522711.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.664522711.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.2.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.2.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.1.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.1.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/1@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Variant.Bulz.349164.25568.exe.logJump to behavior
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeVirustotal: Detection: 45%
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeReversingLabs: Detection: 34%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: IsolatedStorageSecurityOptions.pdbh2 source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: Binary string: IsolatedStorageSecurityOptions.pdb source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000003.00000002.665726046.0000000001930000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe

          Data Obfuscation:

          barindex
          .NET source code contains method to dynamically call methods (often used by packers)Show sources
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 0.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 0.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.2.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.1.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041607F push ecx; retf 3_2_00416085
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_004152EE pushad ; retf 3_2_004152FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0040AB63 push 00000066h; retf 3_2_0040AB65
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041B3F2 push eax; ret 3_2_0041B3F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041B3FB push eax; ret 3_2_0041B462
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041B3A5 push eax; ret 3_2_0041B3F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0041B45C push eax; ret 3_2_0041B462
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00414D10 pushfd ; ret 3_2_00414D21
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_00414D22 pushfd ; ret 3_2_00414D21
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019AD0D1 push ecx; ret 3_2_019AD0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.85673320535
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'A6FAOa', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 0.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'A6FAOa', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 0.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.ac0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'A6FAOa', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.2.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'A6FAOa', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 3.0.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.0.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'A6FAOa', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: 3.2.SecuriteInfo.com.Variant.Bulz.349164.25568.exe.eb0000.1.unpack, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.csHigh entropy of concatenated method names: '.cctor', 'A6FAOa', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Bulz.349164.25568.exe PID: 6776, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_004088A0 rdtsc 3_2_004088A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe TID: 6780Thread sleep time: -99739s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exe TID: 6828Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeThread delayed: delay time: 99739Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: SecuriteInfo.com.Variant.Bulz.349164.25568.exe, 00000000.00000002.664247776.0000000002F1F000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_004088A0 rdtsc 3_2_004088A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01999860 NtQuerySystemInformation,LdrInitializeThunk,3_2_01999860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A149A4 mov eax, dword ptr fs:[00000030h]3_2_01A149A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A149A4 mov eax, dword ptr fs:[00000030h]3_2_01A149A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A149A4 mov eax, dword ptr fs:[00000030h]3_2_01A149A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A149A4 mov eax, dword ptr fs:[00000030h]3_2_01A149A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01982990 mov eax, dword ptr fs:[00000030h]3_2_01982990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01984190 mov eax, dword ptr fs:[00000030h]3_2_01984190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195519E mov eax, dword ptr fs:[00000030h]3_2_0195519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195519E mov ecx, dword ptr fs:[00000030h]3_2_0195519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197C182 mov eax, dword ptr fs:[00000030h]3_2_0197C182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A2F1B5 mov eax, dword ptr fs:[00000030h]3_2_01A2F1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A2F1B5 mov eax, dword ptr fs:[00000030h]3_2_01A2F1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198A185 mov eax, dword ptr fs:[00000030h]3_2_0198A185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D51BE mov eax, dword ptr fs:[00000030h]3_2_019D51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D51BE mov eax, dword ptr fs:[00000030h]3_2_019D51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D51BE mov eax, dword ptr fs:[00000030h]3_2_019D51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D51BE mov eax, dword ptr fs:[00000030h]3_2_019D51BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198C9BF mov eax, dword ptr fs:[00000030h]3_2_0198C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198C9BF mov eax, dword ptr fs:[00000030h]3_2_0198C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov eax, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov eax, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov eax, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov ecx, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019799BF mov eax, dword ptr fs:[00000030h]3_2_019799BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1A189 mov eax, dword ptr fs:[00000030h]3_2_01A1A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1A189 mov ecx, dword ptr fs:[00000030h]3_2_01A1A189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019661A7 mov eax, dword ptr fs:[00000030h]3_2_019661A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019661A7 mov eax, dword ptr fs:[00000030h]3_2_019661A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019661A7 mov eax, dword ptr fs:[00000030h]3_2_019661A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019661A7 mov eax, dword ptr fs:[00000030h]3_2_019661A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019861A0 mov eax, dword ptr fs:[00000030h]3_2_019861A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019861A0 mov eax, dword ptr fs:[00000030h]3_2_019861A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D69A6 mov eax, dword ptr fs:[00000030h]3_2_019D69A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A289E7 mov eax, dword ptr fs:[00000030h]3_2_01A289E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019699C7 mov eax, dword ptr fs:[00000030h]3_2_019699C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019699C7 mov eax, dword ptr fs:[00000030h]3_2_019699C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019699C7 mov eax, dword ptr fs:[00000030h]3_2_019699C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019699C7 mov eax, dword ptr fs:[00000030h]3_2_019699C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196C1C0 mov eax, dword ptr fs:[00000030h]3_2_0196C1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195B1E1 mov eax, dword ptr fs:[00000030h]3_2_0195B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195B1E1 mov eax, dword ptr fs:[00000030h]3_2_0195B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195B1E1 mov eax, dword ptr fs:[00000030h]3_2_0195B1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019531E0 mov eax, dword ptr fs:[00000030h]3_2_019531E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019E41E8 mov eax, dword ptr fs:[00000030h]3_2_019E41E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A119D8 mov eax, dword ptr fs:[00000030h]3_2_01A119D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01959100 mov eax, dword ptr fs:[00000030h]3_2_01959100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01959100 mov eax, dword ptr fs:[00000030h]3_2_01959100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01959100 mov eax, dword ptr fs:[00000030h]3_2_01959100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01960100 mov eax, dword ptr fs:[00000030h]3_2_01960100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01960100 mov eax, dword ptr fs:[00000030h]3_2_01960100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01960100 mov eax, dword ptr fs:[00000030h]3_2_01960100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198513A mov eax, dword ptr fs:[00000030h]3_2_0198513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198513A mov eax, dword ptr fs:[00000030h]3_2_0198513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01953138 mov ecx, dword ptr fs:[00000030h]3_2_01953138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01974120 mov eax, dword ptr fs:[00000030h]3_2_01974120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01974120 mov eax, dword ptr fs:[00000030h]3_2_01974120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01974120 mov eax, dword ptr fs:[00000030h]3_2_01974120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01974120 mov eax, dword ptr fs:[00000030h]3_2_01974120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01974120 mov ecx, dword ptr fs:[00000030h]3_2_01974120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1E962 mov eax, dword ptr fs:[00000030h]3_2_01A1E962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A28966 mov eax, dword ptr fs:[00000030h]3_2_01A28966
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195395E mov eax, dword ptr fs:[00000030h]3_2_0195395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195395E mov eax, dword ptr fs:[00000030h]3_2_0195395E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B944 mov eax, dword ptr fs:[00000030h]3_2_0197B944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B944 mov eax, dword ptr fs:[00000030h]3_2_0197B944
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195B171 mov eax, dword ptr fs:[00000030h]3_2_0195B171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195B171 mov eax, dword ptr fs:[00000030h]3_2_0195B171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A11951 mov eax, dword ptr fs:[00000030h]3_2_01A11951
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195C962 mov eax, dword ptr fs:[00000030h]3_2_0195C962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01959080 mov eax, dword ptr fs:[00000030h]3_2_01959080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01953880 mov eax, dword ptr fs:[00000030h]3_2_01953880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01953880 mov eax, dword ptr fs:[00000030h]3_2_01953880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D3884 mov eax, dword ptr fs:[00000030h]3_2_019D3884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D3884 mov eax, dword ptr fs:[00000030h]3_2_019D3884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198F0BF mov ecx, dword ptr fs:[00000030h]3_2_0198F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198F0BF mov eax, dword ptr fs:[00000030h]3_2_0198F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198F0BF mov eax, dword ptr fs:[00000030h]3_2_0198F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019990AF mov eax, dword ptr fs:[00000030h]3_2_019990AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A0 mov eax, dword ptr fs:[00000030h]3_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A0 mov eax, dword ptr fs:[00000030h]3_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A0 mov eax, dword ptr fs:[00000030h]3_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A0 mov eax, dword ptr fs:[00000030h]3_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A0 mov eax, dword ptr fs:[00000030h]3_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019820A0 mov eax, dword ptr fs:[00000030h]3_2_019820A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628AE mov eax, dword ptr fs:[00000030h]3_2_019628AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628AE mov eax, dword ptr fs:[00000030h]3_2_019628AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628AE mov eax, dword ptr fs:[00000030h]3_2_019628AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628AE mov ecx, dword ptr fs:[00000030h]3_2_019628AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628AE mov eax, dword ptr fs:[00000030h]3_2_019628AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628AE mov eax, dword ptr fs:[00000030h]3_2_019628AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019878A0 mov eax, dword ptr fs:[00000030h]3_2_019878A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019578D6 mov eax, dword ptr fs:[00000030h]3_2_019578D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019578D6 mov eax, dword ptr fs:[00000030h]3_2_019578D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019578D6 mov ecx, dword ptr fs:[00000030h]3_2_019578D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019EB8D0 mov eax, dword ptr fs:[00000030h]3_2_019EB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019EB8D0 mov ecx, dword ptr fs:[00000030h]3_2_019EB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019EB8D0 mov eax, dword ptr fs:[00000030h]3_2_019EB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019EB8D0 mov eax, dword ptr fs:[00000030h]3_2_019EB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019EB8D0 mov eax, dword ptr fs:[00000030h]3_2_019EB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019EB8D0 mov eax, dword ptr fs:[00000030h]3_2_019EB8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019570C0 mov eax, dword ptr fs:[00000030h]3_2_019570C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019570C0 mov eax, dword ptr fs:[00000030h]3_2_019570C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A118CA mov eax, dword ptr fs:[00000030h]3_2_01A118CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628FD mov eax, dword ptr fs:[00000030h]3_2_019628FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628FD mov eax, dword ptr fs:[00000030h]3_2_019628FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019628FD mov eax, dword ptr fs:[00000030h]3_2_019628FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B8E4 mov eax, dword ptr fs:[00000030h]3_2_0197B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B8E4 mov eax, dword ptr fs:[00000030h]3_2_0197B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019540E1 mov eax, dword ptr fs:[00000030h]3_2_019540E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019540E1 mov eax, dword ptr fs:[00000030h]3_2_019540E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019540E1 mov eax, dword ptr fs:[00000030h]3_2_019540E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019558EC mov eax, dword ptr fs:[00000030h]3_2_019558EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D mov eax, dword ptr fs:[00000030h]3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D mov eax, dword ptr fs:[00000030h]3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D mov eax, dword ptr fs:[00000030h]3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D mov eax, dword ptr fs:[00000030h]3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D mov eax, dword ptr fs:[00000030h]3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198701D mov eax, dword ptr fs:[00000030h]3_2_0198701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D7016 mov eax, dword ptr fs:[00000030h]3_2_019D7016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D7016 mov eax, dword ptr fs:[00000030h]3_2_019D7016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D7016 mov eax, dword ptr fs:[00000030h]3_2_019D7016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01956800 mov eax, dword ptr fs:[00000030h]3_2_01956800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01956800 mov eax, dword ptr fs:[00000030h]3_2_01956800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01956800 mov eax, dword ptr fs:[00000030h]3_2_01956800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A830 mov eax, dword ptr fs:[00000030h]3_2_0197A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A830 mov eax, dword ptr fs:[00000030h]3_2_0197A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A830 mov eax, dword ptr fs:[00000030h]3_2_0197A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A830 mov eax, dword ptr fs:[00000030h]3_2_0197A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198002D mov eax, dword ptr fs:[00000030h]3_2_0198002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198002D mov eax, dword ptr fs:[00000030h]3_2_0198002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198002D mov eax, dword ptr fs:[00000030h]3_2_0198002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198002D mov eax, dword ptr fs:[00000030h]3_2_0198002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198002D mov eax, dword ptr fs:[00000030h]3_2_0198002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A24015 mov eax, dword ptr fs:[00000030h]3_2_01A24015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A24015 mov eax, dword ptr fs:[00000030h]3_2_01A24015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01984020 mov edi, dword ptr fs:[00000030h]3_2_01984020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196B02A mov eax, dword ptr fs:[00000030h]3_2_0196B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196B02A mov eax, dword ptr fs:[00000030h]3_2_0196B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196B02A mov eax, dword ptr fs:[00000030h]3_2_0196B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196B02A mov eax, dword ptr fs:[00000030h]3_2_0196B02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01957057 mov eax, dword ptr fs:[00000030h]3_2_01957057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955050 mov eax, dword ptr fs:[00000030h]3_2_01955050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955050 mov eax, dword ptr fs:[00000030h]3_2_01955050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955050 mov eax, dword ptr fs:[00000030h]3_2_01955050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01970050 mov eax, dword ptr fs:[00000030h]3_2_01970050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01970050 mov eax, dword ptr fs:[00000030h]3_2_01970050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A12073 mov eax, dword ptr fs:[00000030h]3_2_01A12073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A21074 mov eax, dword ptr fs:[00000030h]3_2_01A21074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A11843 mov eax, dword ptr fs:[00000030h]3_2_01A11843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197F86D mov eax, dword ptr fs:[00000030h]3_2_0197F86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01954B94 mov edi, dword ptr fs:[00000030h]3_2_01954B94
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A25BA5 mov eax, dword ptr fs:[00000030h]3_2_01A25BA5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198B390 mov eax, dword ptr fs:[00000030h]3_2_0198B390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A11BA8 mov eax, dword ptr fs:[00000030h]3_2_01A11BA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197EB9A mov eax, dword ptr fs:[00000030h]3_2_0197EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197EB9A mov eax, dword ptr fs:[00000030h]3_2_0197EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01982397 mov eax, dword ptr fs:[00000030h]3_2_01982397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198138B mov eax, dword ptr fs:[00000030h]3_2_0198138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198138B mov eax, dword ptr fs:[00000030h]3_2_0198138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198138B mov eax, dword ptr fs:[00000030h]3_2_0198138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A28BB6 mov eax, dword ptr fs:[00000030h]3_2_01A28BB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019FEB8A mov ecx, dword ptr fs:[00000030h]3_2_019FEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019FEB8A mov eax, dword ptr fs:[00000030h]3_2_019FEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019FEB8A mov eax, dword ptr fs:[00000030h]3_2_019FEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019FEB8A mov eax, dword ptr fs:[00000030h]3_2_019FEB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01961B8F mov eax, dword ptr fs:[00000030h]3_2_01961B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01961B8F mov eax, dword ptr fs:[00000030h]3_2_01961B8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A29BBE mov eax, dword ptr fs:[00000030h]3_2_01A29BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A0D380 mov ecx, dword ptr fs:[00000030h]3_2_01A0D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1138A mov eax, dword ptr fs:[00000030h]3_2_01A1138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01984BAD mov eax, dword ptr fs:[00000030h]3_2_01984BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01984BAD mov eax, dword ptr fs:[00000030h]3_2_01984BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01984BAD mov eax, dword ptr fs:[00000030h]3_2_01984BAD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A023E3 mov ecx, dword ptr fs:[00000030h]3_2_01A023E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A023E3 mov ecx, dword ptr fs:[00000030h]3_2_01A023E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A023E3 mov eax, dword ptr fs:[00000030h]3_2_01A023E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D53CA mov eax, dword ptr fs:[00000030h]3_2_019D53CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019D53CA mov eax, dword ptr fs:[00000030h]3_2_019D53CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019853C5 mov eax, dword ptr fs:[00000030h]3_2_019853C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019803E2 mov eax, dword ptr fs:[00000030h]3_2_019803E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019803E2 mov eax, dword ptr fs:[00000030h]3_2_019803E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019803E2 mov eax, dword ptr fs:[00000030h]3_2_019803E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019803E2 mov eax, dword ptr fs:[00000030h]3_2_019803E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019803E2 mov eax, dword ptr fs:[00000030h]3_2_019803E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019803E2 mov eax, dword ptr fs:[00000030h]3_2_019803E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01951BE9 mov eax, dword ptr fs:[00000030h]3_2_01951BE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197DBE9 mov eax, dword ptr fs:[00000030h]3_2_0197DBE9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A309 mov eax, dword ptr fs:[00000030h]3_2_0197A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1131B mov eax, dword ptr fs:[00000030h]3_2_01A1131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01983B5A mov eax, dword ptr fs:[00000030h]3_2_01983B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01983B5A mov eax, dword ptr fs:[00000030h]3_2_01983B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01983B5A mov eax, dword ptr fs:[00000030h]3_2_01983B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01983B5A mov eax, dword ptr fs:[00000030h]3_2_01983B5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195F358 mov eax, dword ptr fs:[00000030h]3_2_0195F358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195DB40 mov eax, dword ptr fs:[00000030h]3_2_0195DB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01983B7A mov eax, dword ptr fs:[00000030h]3_2_01983B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01983B7A mov eax, dword ptr fs:[00000030h]3_2_01983B7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196F370 mov eax, dword ptr fs:[00000030h]3_2_0196F370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196F370 mov eax, dword ptr fs:[00000030h]3_2_0196F370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196F370 mov eax, dword ptr fs:[00000030h]3_2_0196F370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195DB60 mov ecx, dword ptr fs:[00000030h]3_2_0195DB60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A28B58 mov eax, dword ptr fs:[00000030h]3_2_01A28B58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019E6365 mov eax, dword ptr fs:[00000030h]3_2_019E6365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019E6365 mov eax, dword ptr fs:[00000030h]3_2_019E6365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019E6365 mov eax, dword ptr fs:[00000030h]3_2_019E6365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198D294 mov eax, dword ptr fs:[00000030h]3_2_0198D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198D294 mov eax, dword ptr fs:[00000030h]3_2_0198D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198DA88 mov eax, dword ptr fs:[00000030h]3_2_0198DA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198DA88 mov eax, dword ptr fs:[00000030h]3_2_0198DA88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019812BD mov esi, dword ptr fs:[00000030h]3_2_019812BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019812BD mov eax, dword ptr fs:[00000030h]3_2_019812BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019812BD mov eax, dword ptr fs:[00000030h]3_2_019812BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196AAB0 mov eax, dword ptr fs:[00000030h]3_2_0196AAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196AAB0 mov eax, dword ptr fs:[00000030h]3_2_0196AAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0198FAB0 mov eax, dword ptr fs:[00000030h]3_2_0198FAB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019552A5 mov eax, dword ptr fs:[00000030h]3_2_019552A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019552A5 mov eax, dword ptr fs:[00000030h]3_2_019552A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019552A5 mov eax, dword ptr fs:[00000030h]3_2_019552A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019552A5 mov eax, dword ptr fs:[00000030h]3_2_019552A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019552A5 mov eax, dword ptr fs:[00000030h]3_2_019552A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01951AA0 mov eax, dword ptr fs:[00000030h]3_2_01951AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019662A0 mov eax, dword ptr fs:[00000030h]3_2_019662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019662A0 mov eax, dword ptr fs:[00000030h]3_2_019662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019662A0 mov eax, dword ptr fs:[00000030h]3_2_019662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019662A0 mov eax, dword ptr fs:[00000030h]3_2_019662A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01985AA0 mov eax, dword ptr fs:[00000030h]3_2_01985AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01985AA0 mov eax, dword ptr fs:[00000030h]3_2_01985AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1129A mov eax, dword ptr fs:[00000030h]3_2_01A1129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_019512D4 mov eax, dword ptr fs:[00000030h]3_2_019512D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A14AEF mov eax, dword ptr fs:[00000030h]3_2_01A14AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01982ACB mov eax, dword ptr fs:[00000030h]3_2_01982ACB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955AC0 mov eax, dword ptr fs:[00000030h]3_2_01955AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955AC0 mov eax, dword ptr fs:[00000030h]3_2_01955AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955AC0 mov eax, dword ptr fs:[00000030h]3_2_01955AC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01953ACA mov eax, dword ptr fs:[00000030h]3_2_01953ACA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01982AE4 mov eax, dword ptr fs:[00000030h]3_2_01982AE4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A28ADD mov eax, dword ptr fs:[00000030h]3_2_01A28ADD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195AA16 mov eax, dword ptr fs:[00000030h]3_2_0195AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0195AA16 mov eax, dword ptr fs:[00000030h]3_2_0195AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955210 mov eax, dword ptr fs:[00000030h]3_2_01955210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955210 mov ecx, dword ptr fs:[00000030h]3_2_01955210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955210 mov eax, dword ptr fs:[00000030h]3_2_01955210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01955210 mov eax, dword ptr fs:[00000030h]3_2_01955210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A11229 mov eax, dword ptr fs:[00000030h]3_2_01A11229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01973A1C mov eax, dword ptr fs:[00000030h]3_2_01973A1C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov ecx, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0196BA00 mov eax, dword ptr fs:[00000030h]3_2_0196BA00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01968A0A mov eax, dword ptr fs:[00000030h]3_2_01968A0A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B236 mov eax, dword ptr fs:[00000030h]3_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B236 mov eax, dword ptr fs:[00000030h]3_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B236 mov eax, dword ptr fs:[00000030h]3_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B236 mov eax, dword ptr fs:[00000030h]3_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B236 mov eax, dword ptr fs:[00000030h]3_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197B236 mov eax, dword ptr fs:[00000030h]3_2_0197B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01958239 mov eax, dword ptr fs:[00000030h]3_2_01958239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01958239 mov eax, dword ptr fs:[00000030h]3_2_01958239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01958239 mov eax, dword ptr fs:[00000030h]3_2_01958239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01994A2C mov eax, dword ptr fs:[00000030h]3_2_01994A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01994A2C mov eax, dword ptr fs:[00000030h]3_2_01994A2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01954A20 mov eax, dword ptr fs:[00000030h]3_2_01954A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01954A20 mov eax, dword ptr fs:[00000030h]3_2_01954A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1AA16 mov eax, dword ptr fs:[00000030h]3_2_01A1AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_01A1AA16 mov eax, dword ptr fs:[00000030h]3_2_01A1AA16
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Bulz.349164.25568.exeCode function: 3_2_0197A229 mov eax, dword ptr fs:[00000030h]3_2_0197A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.V