Windows Analysis Report SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Overview

General Information

Sample Name: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Analysis ID: 451828
MD5: 19cac1ee3a6e5e9f83054616f5d5ce6f
SHA1: 5b7f16098760f887b0bdc5fee9223d022e0597fb
SHA256: 3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3
Tags: exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
GuLoader behavior detected
Multi AV Scanner detection for submitted file
Yara detected Generic Dropper
Yara detected GuLoader
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"}
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Virustotal: Detection: 14% Perma Link
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe ReversingLabs: Detection: 19%

Compliance:

barindex
Uses 32bit PE files
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: unknown HTTPS traffic detected: 133.130.104.18:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://kinmirai.org/wp-content/bin_lOulvHP91.bip
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown DNS traffic detected: queries for: kinmirai.org
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe String found in binary or memory: https://www.digicert.com/CPS0
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown HTTPS traffic detected: 133.130.104.18:443 -> 192.168.2.4:49756 version: TLS 1.2

System Summary:

barindex
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148605 NtWriteVirtualMemory,NtProtectVirtualMemory, 1_2_02148605
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148B51 NtSetInformationThread, 1_2_02148B51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02146D5C NtWriteVirtualMemory, 1_2_02146D5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140947 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, 1_2_02140947
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021453F6 NtAllocateVirtualMemory, 1_2_021453F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142407 NtWriteVirtualMemory, 1_2_02142407
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143437 NtWriteVirtualMemory, 1_2_02143437
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214444B NtWriteVirtualMemory, 1_2_0214444B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214207C NtWriteVirtualMemory, 1_2_0214207C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148C81 NtSetInformationThread, 1_2_02148C81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143EB2 NtWriteVirtualMemory, 1_2_02143EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021440EF NtWriteVirtualMemory, 1_2_021440EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214293F NtWriteVirtualMemory,LoadLibraryA, 1_2_0214293F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148B5E NtSetInformationThread, 1_2_02148B5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02144345 NtWriteVirtualMemory, 1_2_02144345
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02145541 NtAllocateVirtualMemory, 1_2_02145541
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142567 NtWriteVirtualMemory, 1_2_02142567
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FA8 NtWriteVirtualMemory, 1_2_02143FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FC2 NtWriteVirtualMemory, 1_2_02143FC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021447FF NtWriteVirtualMemory, 1_2_021447FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FE9 NtWriteVirtualMemory, 1_2_02143FE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9660 NtAllocateVirtualMemory,LdrInitializeThunk, 8_2_1E3D9660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D96E0 NtFreeVirtualMemory,LdrInitializeThunk, 8_2_1E3D96E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9860 NtQuerySystemInformation,LdrInitializeThunk, 8_2_1E3D9860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9610 NtEnumerateValueKey, 8_2_1E3D9610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9670 NtQueryInformationProcess, 8_2_1E3D9670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9650 NtQueryValueKey, 8_2_1E3D9650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D96D0 NtCreateKey, 8_2_1E3D96D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9730 NtQueryVirtualMemory, 8_2_1E3D9730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3DA710 NtOpenProcessToken, 8_2_1E3DA710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9710 NtQueryInformationToken, 8_2_1E3D9710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3DA770 NtOpenThread, 8_2_1E3DA770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9770 NtSetInformationFile, 8_2_1E3D9770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9760 NtOpenProcess, 8_2_1E3D9760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D97A0 NtUnmapViewOfSection, 8_2_1E3D97A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9780 NtMapViewOfSection, 8_2_1E3D9780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9FE0 NtCreateMutant, 8_2_1E3D9FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3DAD30 NtSetContextThread, 8_2_1E3DAD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9520 NtWaitForSingleObject, 8_2_1E3D9520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9560 NtWriteFile, 8_2_1E3D9560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9540 NtReadFile, 8_2_1E3D9540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D95F0 NtQueryInformationFile, 8_2_1E3D95F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D95D0 NtClose, 8_2_1E3D95D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9A20 NtResumeThread, 8_2_1E3D9A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9A10 NtQuerySection, 8_2_1E3D9A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9A00 NtProtectVirtualMemory, 8_2_1E3D9A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9A50 NtCreateFile, 8_2_1E3D9A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9A80 NtOpenDirectoryObject, 8_2_1E3D9A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9B00 NtSetValueKey, 8_2_1E3D9B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3DA3B0 NtGetContextThread, 8_2_1E3DA3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9820 NtEnumerateKey, 8_2_1E3D9820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3DB040 NtSuspendThread, 8_2_1E3DB040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9840 NtDelayExecution, 8_2_1E3D9840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D98A0 NtWriteVirtualMemory, 8_2_1E3D98A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D98F0 NtReadVirtualMemory, 8_2_1E3D98F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9910 NtAdjustPrivilegesToken, 8_2_1E3D9910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D9950 NtQueueApcThread, 8_2_1E3D9950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D99A0 NtCreateSection, 8_2_1E3D99A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D99D0 NtCreateProcessEx, 8_2_1E3D99D0
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148605 1_2_02148605
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021404C0 1_2_021404C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148B51 1_2_02148B51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02146D5C 1_2_02146D5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140947 1_2_02140947
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021451A4 1_2_021451A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021453F6 1_2_021453F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142407 1_2_02142407
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143437 1_2_02143437
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140626 1_2_02140626
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147229 1_2_02147229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140E5C 1_2_02140E5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02145844 1_2_02145844
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142A43 1_2_02142A43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214824D 1_2_0214824D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214104E 1_2_0214104E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214444B 1_2_0214444B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214207C 1_2_0214207C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140E9A 1_2_02140E9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148C81 1_2_02148C81
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021438B4 1_2_021438B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147EB4 1_2_02147EB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147CB7 1_2_02147CB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143EB2 1_2_02143EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140ABB 1_2_02140ABB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021458D6 1_2_021458D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021406D2 1_2_021406D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143EC0 1_2_02143EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021426CA 1_2_021426CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147AF5 1_2_02147AF5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021406E2 1_2_021406E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021440EF 1_2_021440EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02141706 1_2_02141706
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214770F 1_2_0214770F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214093C 1_2_0214093C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214293F 1_2_0214293F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02141B24 1_2_02141B24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02141B2E 1_2_02141B2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148B5E 1_2_02148B5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140D5A 1_2_02140D5A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02144345 1_2_02144345
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02146F73 1_2_02146F73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214357C 1_2_0214357C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142567 1_2_02142567
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214118E 1_2_0214118E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021475BE 1_2_021475BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021475BB 1_2_021475BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021437A5 1_2_021437A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021409AE 1_2_021409AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FA8 1_2_02143FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021405D8 1_2_021405D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021421DB 1_2_021421DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021411C6 1_2_021411C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FC2 1_2_02143FC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021447FF 1_2_021447FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143BE2 1_2_02143BE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021401E9 1_2_021401E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FE9 1_2_02143FE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B6E30 8_2_1E3B6E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45D616 8_2_1E45D616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E462EF7 8_2_1E462EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E461FF1 8_2_1E461FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45D466 8_2_1E45D466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A841F 8_2_1E3A841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E461D55 8_2_1E461D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E390D20 8_2_1E390D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E462D07 8_2_1E462D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4625DD 8_2_1E4625DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2581 8_2_1E3C2581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AD5E0 8_2_1E3AD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4622AE 8_2_1E4622AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E462B28 8_2_1E462B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CEBB0 8_2_1E3CEBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45DBD2 8_2_1E45DBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451002 8_2_1E451002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E46E824 8_2_1E46E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AB090 8_2_1E3AB090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4628EC 8_2_1E4628EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4620A8 8_2_1E4620A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B4120 8_2_1E3B4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39F900 8_2_1E39F900
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: String function: 1E39B150 appears 35 times
PE / OLE file has an invalid certificate
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: invalid certificate
PE file contains strange resources
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmp Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734938567.000000001E61F000.00000040.00000001.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734295205.000000001DD90000.00000002.00000001.sdmp Binary or memory string: OriginalFilenamemswsock.dll.muij% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000000.743496412.0000000000435000.00000002.00020000.sdmp Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734330843.000000001DEE0000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Binary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@3/0@1/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File created: C:\Users\user\AppData\Local\Temp\~DF417CDC9232525881.TMP Jump to behavior
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Virustotal: Detection: 14%
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe ReversingLabs: Detection: 19%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe' Jump to behavior
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp
Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, type: MEMORY
Yara detected GuLoader
Source: Yara match File source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, type: SAMPLE
Source: Yara match File source: 1.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 8.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000000.647926510.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000000.743106384.0000000000401000.00000020.00020000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02149656 push esp; iretd 1_2_02149659
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214965A push esp; iretd 1_2_0214965D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214964E push esp; iretd 1_2_02149655
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02149676 push esp; iretd 1_2_02149679
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02149672 push esp; iretd 1_2_02149675
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02149666 push esp; iretd 1_2_02149669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02149662 push esp; iretd 1_2_02149665
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214966E push esp; iretd 1_2_02149671
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214966A push esp; iretd 1_2_0214966D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214634A push 00000020h; retf 1_2_0214634C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FA8 push ebp; retf 1_2_02143FC5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3ED0D1 push ecx; ret 8_2_1E3ED0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_00569656 push esp; iretd 8_2_00569659
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_0056965A push esp; iretd 8_2_0056965D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_0056964E push esp; iretd 8_2_00569655
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_00569676 push esp; iretd 8_2_00569679
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_00569672 push esp; iretd 8_2_00569675
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_00569666 push esp; iretd 8_2_00569669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_00569662 push esp; iretd 8_2_00569665
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_0056966E push esp; iretd 8_2_00569671
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_0056966A push esp; iretd 8_2_0056966D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148605 NtWriteVirtualMemory,NtProtectVirtualMemory, 1_2_02148605
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021404C0 EnumWindows, 1_2_021404C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02146D5C NtWriteVirtualMemory, 1_2_02146D5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140947 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, 1_2_02140947
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142407 NtWriteVirtualMemory, 1_2_02142407
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143437 NtWriteVirtualMemory, 1_2_02143437
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214207C NtWriteVirtualMemory, 1_2_0214207C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147EB4 1_2_02147EB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147CB7 LoadLibraryA, 1_2_02147CB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143EB2 NtWriteVirtualMemory, 1_2_02143EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02140ABB TerminateProcess, 1_2_02140ABB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021440EF NtWriteVirtualMemory, 1_2_021440EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214093C TerminateProcess, 1_2_0214093C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214293F NtWriteVirtualMemory,LoadLibraryA, 1_2_0214293F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02144345 NtWriteVirtualMemory, 1_2_02144345
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02142567 NtWriteVirtualMemory, 1_2_02142567
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021409AE TerminateProcess, 1_2_021409AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FA8 NtWriteVirtualMemory, 1_2_02143FA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021421DB 1_2_021421DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FC2 NtWriteVirtualMemory, 1_2_02143FC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143FE9 NtWriteVirtualMemory, 1_2_02143FE9
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002140712 second address: 0000000002140712 instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002146E7B second address: 0000000002146E7B instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002140D49 second address: 0000000002140DE7 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor eax, EB5A589Ch 0x0000000f jmp 00007FB40C97036Eh 0x00000011 test ch, FFFFFFECh 0x00000014 xor eax, BE5B7B4Ah 0x00000019 cmp dx, cx 0x0000001c add eax, 864E8424h 0x00000021 push eax 0x00000022 test dx, ax 0x00000025 mov eax, dword ptr [ebp+00000190h] 0x0000002b fnop 0x0000002d cmp ebx, ebx 0x0000002f push 43F8D37Fh 0x00000034 cmp edx, 081C3CCEh 0x0000003a xor dword ptr [esp], 2E08F881h 0x00000041 cmp edx, edx 0x00000043 xor dword ptr [esp], 8C9FD1FFh 0x0000004a add dword ptr [esp], 1E90062Fh 0x00000051 push dword ptr [ebp+0000009Ch] 0x00000057 push si 0x00000059 mov si, 35EAh 0x0000005d pop si 0x0000005f mov dword ptr [ebp+0000017Eh], edi 0x00000065 mov edi, eax 0x00000067 push edi 0x00000068 mov edi, dword ptr [ebp+0000017Eh] 0x0000006e pushad 0x0000006f lfence 0x00000072 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002144E1F second address: 0000000002144E1F instructions:
Tries to detect Any.run
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmp Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002147535 second address: 0000000002147535 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 702F7768h 0x00000013 xor eax, BAD33913h 0x00000018 xor eax, 29F9B82Ah 0x0000001d add eax, 1CFA09B0h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FB40C9709A3h 0x0000002e cmp dx, bx 0x00000031 cmp ecx, edx 0x00000033 popad 0x00000034 jmp 00007FB40C97036Ah 0x00000036 test al, al 0x00000038 call 00007FB40C970463h 0x0000003d lfence 0x00000040 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 00000000021406EB second address: 0000000002140712 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push ebx 0x00000004 mov ebx, dword ptr [ebp+0000027Bh] 0x0000000a mov dword ptr [ebp+00000235h], edi 0x00000010 mov edi, D6C95C11h 0x00000015 cmp cx, FCD6h 0x0000001a xor edi, E9377D93h 0x00000020 xor edi, 468CFA5Dh 0x00000026 pushad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002140712 second address: 0000000002140712 instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002146E7B second address: 0000000002146E7B instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 00000000021453D5 second address: 00000000021453F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, ebx 0x0000000d push dword ptr fs:[000000C0h] 0x00000014 pop dword ptr [ebp+48h] 0x00000017 pushad 0x00000018 mov ecx, 000000C1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002140D2F second address: 0000000002140D49 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp bx, ax 0x0000000e mov dword ptr [ebp+00000190h], eax 0x00000014 mov eax, 2CB05809h 0x00000019 pushad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002140D49 second address: 0000000002140DE7 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor eax, EB5A589Ch 0x0000000f jmp 00007FB40C97036Eh 0x00000011 test ch, FFFFFFECh 0x00000014 xor eax, BE5B7B4Ah 0x00000019 cmp dx, cx 0x0000001c add eax, 864E8424h 0x00000021 push eax 0x00000022 test dx, ax 0x00000025 mov eax, dword ptr [ebp+00000190h] 0x0000002b fnop 0x0000002d cmp ebx, ebx 0x0000002f push 43F8D37Fh 0x00000034 cmp edx, 081C3CCEh 0x0000003a xor dword ptr [esp], 2E08F881h 0x00000041 cmp edx, edx 0x00000043 xor dword ptr [esp], 8C9FD1FFh 0x0000004a add dword ptr [esp], 1E90062Fh 0x00000051 push dword ptr [ebp+0000009Ch] 0x00000057 push si 0x00000059 mov si, 35EAh 0x0000005d pop si 0x0000005f mov dword ptr [ebp+0000017Eh], edi 0x00000065 mov edi, eax 0x00000067 push edi 0x00000068 mov edi, dword ptr [ebp+0000017Eh] 0x0000006e pushad 0x0000006f lfence 0x00000072 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000002144E1F second address: 0000000002144E1F instructions:
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 00000000021443C4 second address: 000000000214441B instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add dword ptr [edi+0Ch], AA027753h 0x00000012 test ch, ch 0x00000014 mov dword ptr [edi+10h], C4A9BE9Bh 0x0000001b test edx, ecx 0x0000001d xor dword ptr [edi+10h], 81B5164Fh 0x00000024 xor dword ptr [edi+10h], 1A4BFCCEh 0x0000002b cmp dl, bl 0x0000002d add dword ptr [edi+10h], A0A8ABE6h 0x00000034 mov dword ptr [edi+14h], 2AEEC3BEh 0x0000003b sub dword ptr [edi+14h], 174CCDEEh 0x00000042 test dh, FFFFFFBAh 0x00000045 xor dword ptr [edi+14h], C024DED6h 0x0000004c xor dword ptr [edi+14h], D3852B06h 0x00000053 pushad 0x00000054 lfence 0x00000057 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000000567535 second address: 0000000000567535 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 702F7768h 0x00000013 xor eax, BAD33913h 0x00000018 xor eax, 29F9B82Ah 0x0000001d add eax, 1CFA09B0h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FB40C366B33h 0x0000002e cmp dx, bx 0x00000031 cmp ecx, edx 0x00000033 popad 0x00000034 jmp 00007FB40C3664FAh 0x00000036 test al, al 0x00000038 call 00007FB40C3665F3h 0x0000003d lfence 0x00000040 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 00000000005653D5 second address: 00000000005653F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, ebx 0x0000000d push dword ptr fs:[000000C0h] 0x00000014 pop dword ptr [ebp+48h] 0x00000017 pushad 0x00000018 mov ecx, 000000C1h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000000560D2F second address: 0000000000560DE7 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp bx, ax 0x0000000e mov dword ptr [ebp+00000190h], eax 0x00000014 mov eax, 2CB05809h 0x00000019 pushad 0x0000001a nop 0x0000001b nop 0x0000001c mov eax, 00000001h 0x00000021 cpuid 0x00000023 popad 0x00000024 xor eax, EB5A589Ch 0x00000029 jmp 00007FB40C3664FEh 0x0000002b test ch, FFFFFFECh 0x0000002e xor eax, BE5B7B4Ah 0x00000033 cmp dx, cx 0x00000036 add eax, 864E8424h 0x0000003b push eax 0x0000003c test dx, ax 0x0000003f mov eax, dword ptr [ebp+00000190h] 0x00000045 fnop 0x00000047 cmp ebx, ebx 0x00000049 push 43F8D37Fh 0x0000004e cmp edx, 081C3CCEh 0x00000054 xor dword ptr [esp], 2E08F881h 0x0000005b cmp edx, edx 0x0000005d xor dword ptr [esp], 8C9FD1FFh 0x00000064 add dword ptr [esp], 1E90062Fh 0x0000006b push dword ptr [ebp+0000009Ch] 0x00000071 push si 0x00000073 mov si, 35EAh 0x00000077 pop si 0x00000079 mov dword ptr [ebp+0000017Eh], edi 0x0000007f mov edi, eax 0x00000081 push edi 0x00000082 mov edi, dword ptr [ebp+0000017Eh] 0x00000088 pushad 0x00000089 lfence 0x0000008c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 000000000056371B second address: 000000000056375D instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov ebx, 987026F4h 0x00000008 test ch, ah 0x0000000a xor ebx, 1D32BE7Dh 0x00000010 cmp ch, dh 0x00000012 xor ebx, D33786A7h 0x00000018 test ecx, edx 0x0000001a add ebx, A98AE1E3h 0x00000020 push ebx 0x00000021 test bx, bx 0x00000024 mov ebx, dword ptr [ebp+000001A0h] 0x0000002a mov dword ptr [ebp+000001C7h], ebx 0x00000030 mov ebx, eax 0x00000032 push ebx 0x00000033 mov ebx, dword ptr [ebp+000001C7h] 0x00000039 test cx, ax 0x0000003c pushad 0x0000003d mov ecx, 0000001Fh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe RDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148605 rdtsc 1_2_02148605
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmp Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exeMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmp Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging:

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Thread information set: HideFromDebugger Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02148605 rdtsc 1_2_02148605
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02145FFA LdrInitializeThunk, 1_2_02145FFA
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143437 mov eax, dword ptr fs:[00000030h] 1_2_02143437
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02145022 mov eax, dword ptr fs:[00000030h] 1_2_02145022
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02147CB7 mov eax, dword ptr fs:[00000030h] 1_2_02147CB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_021470BE mov eax, dword ptr fs:[00000030h] 1_2_021470BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02146B34 mov eax, dword ptr fs:[00000030h] 1_2_02146B34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_0214293F mov eax, dword ptr fs:[00000030h] 1_2_0214293F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02143147 mov eax, dword ptr fs:[00000030h] 1_2_02143147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45AE44 mov eax, dword ptr fs:[00000030h] 8_2_1E45AE44
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45AE44 mov eax, dword ptr fs:[00000030h] 8_2_1E45AE44
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39E620 mov eax, dword ptr fs:[00000030h] 8_2_1E39E620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CA61C mov eax, dword ptr fs:[00000030h] 8_2_1E3CA61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CA61C mov eax, dword ptr fs:[00000030h] 8_2_1E3CA61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h] 8_2_1E39C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h] 8_2_1E39C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h] 8_2_1E39C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C8E00 mov eax, dword ptr fs:[00000030h] 8_2_1E3C8E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h] 8_2_1E3BAE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h] 8_2_1E3BAE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h] 8_2_1E3BAE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h] 8_2_1E3BAE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h] 8_2_1E3BAE73
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451608 mov eax, dword ptr fs:[00000030h] 8_2_1E451608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A766D mov eax, dword ptr fs:[00000030h] 8_2_1E3A766D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E44FE3F mov eax, dword ptr fs:[00000030h] 8_2_1E44FE3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h] 8_2_1E3A7E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h] 8_2_1E3A7E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h] 8_2_1E3A7E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h] 8_2_1E3A7E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h] 8_2_1E3A7E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h] 8_2_1E3A7E41
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E44FEC0 mov eax, dword ptr fs:[00000030h] 8_2_1E44FEC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E468ED6 mov eax, dword ptr fs:[00000030h] 8_2_1E468ED6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42FE87 mov eax, dword ptr fs:[00000030h] 8_2_1E42FE87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A76E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3A76E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C16E0 mov ecx, dword ptr fs:[00000030h] 8_2_1E3C16E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h] 8_2_1E460EA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h] 8_2_1E460EA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h] 8_2_1E460EA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4146A7 mov eax, dword ptr fs:[00000030h] 8_2_1E4146A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C36CC mov eax, dword ptr fs:[00000030h] 8_2_1E3C36CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D8EC7 mov eax, dword ptr fs:[00000030h] 8_2_1E3D8EC7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CE730 mov eax, dword ptr fs:[00000030h] 8_2_1E3CE730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E394F2E mov eax, dword ptr fs:[00000030h] 8_2_1E394F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E394F2E mov eax, dword ptr fs:[00000030h] 8_2_1E394F2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E468F6A mov eax, dword ptr fs:[00000030h] 8_2_1E468F6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BF716 mov eax, dword ptr fs:[00000030h] 8_2_1E3BF716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CA70E mov eax, dword ptr fs:[00000030h] 8_2_1E3CA70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CA70E mov eax, dword ptr fs:[00000030h] 8_2_1E3CA70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E46070D mov eax, dword ptr fs:[00000030h] 8_2_1E46070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E46070D mov eax, dword ptr fs:[00000030h] 8_2_1E46070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42FF10 mov eax, dword ptr fs:[00000030h] 8_2_1E42FF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42FF10 mov eax, dword ptr fs:[00000030h] 8_2_1E42FF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AFF60 mov eax, dword ptr fs:[00000030h] 8_2_1E3AFF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AEF40 mov eax, dword ptr fs:[00000030h] 8_2_1E3AEF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A8794 mov eax, dword ptr fs:[00000030h] 8_2_1E3A8794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D37F5 mov eax, dword ptr fs:[00000030h] 8_2_1E3D37F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E417794 mov eax, dword ptr fs:[00000030h] 8_2_1E417794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E417794 mov eax, dword ptr fs:[00000030h] 8_2_1E417794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E417794 mov eax, dword ptr fs:[00000030h] 8_2_1E417794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CBC2C mov eax, dword ptr fs:[00000030h] 8_2_1E3CBC2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42C450 mov eax, dword ptr fs:[00000030h] 8_2_1E42C450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42C450 mov eax, dword ptr fs:[00000030h] 8_2_1E42C450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E451C06 mov eax, dword ptr fs:[00000030h] 8_2_1E451C06
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E46740D mov eax, dword ptr fs:[00000030h] 8_2_1E46740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E46740D mov eax, dword ptr fs:[00000030h] 8_2_1E46740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E46740D mov eax, dword ptr fs:[00000030h] 8_2_1E46740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h] 8_2_1E416C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h] 8_2_1E416C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h] 8_2_1E416C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416C0A mov eax, dword ptr fs:[00000030h] 8_2_1E416C0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B746D mov eax, dword ptr fs:[00000030h] 8_2_1E3B746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CA44B mov eax, dword ptr fs:[00000030h] 8_2_1E3CA44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E468CD6 mov eax, dword ptr fs:[00000030h] 8_2_1E468CD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A849B mov eax, dword ptr fs:[00000030h] 8_2_1E3A849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416CF0 mov eax, dword ptr fs:[00000030h] 8_2_1E416CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416CF0 mov eax, dword ptr fs:[00000030h] 8_2_1E416CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416CF0 mov eax, dword ptr fs:[00000030h] 8_2_1E416CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4514FB mov eax, dword ptr fs:[00000030h] 8_2_1E4514FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E413540 mov eax, dword ptr fs:[00000030h] 8_2_1E413540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C4D3B mov eax, dword ptr fs:[00000030h] 8_2_1E3C4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C4D3B mov eax, dword ptr fs:[00000030h] 8_2_1E3C4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C4D3B mov eax, dword ptr fs:[00000030h] 8_2_1E3C4D3B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39AD30 mov eax, dword ptr fs:[00000030h] 8_2_1E39AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A3D34 mov eax, dword ptr fs:[00000030h] 8_2_1E3A3D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BC577 mov eax, dword ptr fs:[00000030h] 8_2_1E3BC577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BC577 mov eax, dword ptr fs:[00000030h] 8_2_1E3BC577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B7D50 mov eax, dword ptr fs:[00000030h] 8_2_1E3B7D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E468D34 mov eax, dword ptr fs:[00000030h] 8_2_1E468D34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E41A537 mov eax, dword ptr fs:[00000030h] 8_2_1E41A537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45E539 mov eax, dword ptr fs:[00000030h] 8_2_1E45E539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D3D43 mov eax, dword ptr fs:[00000030h] 8_2_1E3D3D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h] 8_2_1E416DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h] 8_2_1E416DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h] 8_2_1E416DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416DC9 mov ecx, dword ptr fs:[00000030h] 8_2_1E416DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h] 8_2_1E416DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E416DC9 mov eax, dword ptr fs:[00000030h] 8_2_1E416DC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C1DB5 mov eax, dword ptr fs:[00000030h] 8_2_1E3C1DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C1DB5 mov eax, dword ptr fs:[00000030h] 8_2_1E3C1DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C1DB5 mov eax, dword ptr fs:[00000030h] 8_2_1E3C1DB5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C35A1 mov eax, dword ptr fs:[00000030h] 8_2_1E3C35A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CFD9B mov eax, dword ptr fs:[00000030h] 8_2_1E3CFD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CFD9B mov eax, dword ptr fs:[00000030h] 8_2_1E3CFD9B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h] 8_2_1E45FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h] 8_2_1E45FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h] 8_2_1E45FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45FDE2 mov eax, dword ptr fs:[00000030h] 8_2_1E45FDE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h] 8_2_1E392D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h] 8_2_1E392D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h] 8_2_1E392D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h] 8_2_1E392D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E392D8A mov eax, dword ptr fs:[00000030h] 8_2_1E392D8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E448DF1 mov eax, dword ptr fs:[00000030h] 8_2_1E448DF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2581 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AD5E0 mov eax, dword ptr fs:[00000030h] 8_2_1E3AD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AD5E0 mov eax, dword ptr fs:[00000030h] 8_2_1E3AD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4605AC mov eax, dword ptr fs:[00000030h] 8_2_1E4605AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4605AC mov eax, dword ptr fs:[00000030h] 8_2_1E4605AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45EA55 mov eax, dword ptr fs:[00000030h] 8_2_1E45EA55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D4A2C mov eax, dword ptr fs:[00000030h] 8_2_1E3D4A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D4A2C mov eax, dword ptr fs:[00000030h] 8_2_1E3D4A2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E424257 mov eax, dword ptr fs:[00000030h] 8_2_1E424257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E44B260 mov eax, dword ptr fs:[00000030h] 8_2_1E44B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E44B260 mov eax, dword ptr fs:[00000030h] 8_2_1E44B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E468A62 mov eax, dword ptr fs:[00000030h] 8_2_1E468A62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B3A1C mov eax, dword ptr fs:[00000030h] 8_2_1E3B3A1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E395210 mov eax, dword ptr fs:[00000030h] 8_2_1E395210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E395210 mov ecx, dword ptr fs:[00000030h] 8_2_1E395210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E395210 mov eax, dword ptr fs:[00000030h] 8_2_1E395210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E395210 mov eax, dword ptr fs:[00000030h] 8_2_1E395210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39AA16 mov eax, dword ptr fs:[00000030h] 8_2_1E39AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39AA16 mov eax, dword ptr fs:[00000030h] 8_2_1E39AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A8A0A mov eax, dword ptr fs:[00000030h] 8_2_1E3A8A0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D927A mov eax, dword ptr fs:[00000030h] 8_2_1E3D927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45AA16 mov eax, dword ptr fs:[00000030h] 8_2_1E45AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45AA16 mov eax, dword ptr fs:[00000030h] 8_2_1E45AA16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h] 8_2_1E399240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h] 8_2_1E399240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h] 8_2_1E399240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399240 mov eax, dword ptr fs:[00000030h] 8_2_1E399240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AAAB0 mov eax, dword ptr fs:[00000030h] 8_2_1E3AAAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AAAB0 mov eax, dword ptr fs:[00000030h] 8_2_1E3AAAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CFAB0 mov eax, dword ptr fs:[00000030h] 8_2_1E3CFAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h] 8_2_1E3952A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h] 8_2_1E3952A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h] 8_2_1E3952A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h] 8_2_1E3952A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3952A5 mov eax, dword ptr fs:[00000030h] 8_2_1E3952A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CD294 mov eax, dword ptr fs:[00000030h] 8_2_1E3CD294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CD294 mov eax, dword ptr fs:[00000030h] 8_2_1E3CD294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2AE4 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2AE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2ACB mov eax, dword ptr fs:[00000030h] 8_2_1E3C2ACB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E468B58 mov eax, dword ptr fs:[00000030h] 8_2_1E468B58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C3B7A mov eax, dword ptr fs:[00000030h] 8_2_1E3C3B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C3B7A mov eax, dword ptr fs:[00000030h] 8_2_1E3C3B7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39DB60 mov ecx, dword ptr fs:[00000030h] 8_2_1E39DB60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45131B mov eax, dword ptr fs:[00000030h] 8_2_1E45131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39F358 mov eax, dword ptr fs:[00000030h] 8_2_1E39F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39DB40 mov eax, dword ptr fs:[00000030h] 8_2_1E39DB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4153CA mov eax, dword ptr fs:[00000030h] 8_2_1E4153CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4153CA mov eax, dword ptr fs:[00000030h] 8_2_1E4153CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C4BAD mov eax, dword ptr fs:[00000030h] 8_2_1E3C4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C4BAD mov eax, dword ptr fs:[00000030h] 8_2_1E3C4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C4BAD mov eax, dword ptr fs:[00000030h] 8_2_1E3C4BAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2397 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CB390 mov eax, dword ptr fs:[00000030h] 8_2_1E3CB390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A1B8F mov eax, dword ptr fs:[00000030h] 8_2_1E3A1B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3A1B8F mov eax, dword ptr fs:[00000030h] 8_2_1E3A1B8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E44D380 mov ecx, dword ptr fs:[00000030h] 8_2_1E44D380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E45138A mov eax, dword ptr fs:[00000030h] 8_2_1E45138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BDBE9 mov eax, dword ptr fs:[00000030h] 8_2_1E3BDBE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3C03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3C03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3C03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3C03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3C03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C03E2 mov eax, dword ptr fs:[00000030h] 8_2_1E3C03E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E465BA5 mov eax, dword ptr fs:[00000030h] 8_2_1E465BA5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h] 8_2_1E3AB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h] 8_2_1E3AB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h] 8_2_1E3AB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3AB02A mov eax, dword ptr fs:[00000030h] 8_2_1E3AB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h] 8_2_1E3C002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h] 8_2_1E3C002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h] 8_2_1E3C002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h] 8_2_1E3C002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C002D mov eax, dword ptr fs:[00000030h] 8_2_1E3C002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E461074 mov eax, dword ptr fs:[00000030h] 8_2_1E461074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E452073 mov eax, dword ptr fs:[00000030h] 8_2_1E452073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E464015 mov eax, dword ptr fs:[00000030h] 8_2_1E464015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E464015 mov eax, dword ptr fs:[00000030h] 8_2_1E464015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E417016 mov eax, dword ptr fs:[00000030h] 8_2_1E417016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E417016 mov eax, dword ptr fs:[00000030h] 8_2_1E417016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E417016 mov eax, dword ptr fs:[00000030h] 8_2_1E417016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B0050 mov eax, dword ptr fs:[00000030h] 8_2_1E3B0050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B0050 mov eax, dword ptr fs:[00000030h] 8_2_1E3B0050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CF0BF mov ecx, dword ptr fs:[00000030h] 8_2_1E3CF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CF0BF mov eax, dword ptr fs:[00000030h] 8_2_1E3CF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CF0BF mov eax, dword ptr fs:[00000030h] 8_2_1E3CF0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3D90AF mov eax, dword ptr fs:[00000030h] 8_2_1E3D90AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h] 8_2_1E42B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42B8D0 mov ecx, dword ptr fs:[00000030h] 8_2_1E42B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h] 8_2_1E42B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h] 8_2_1E42B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h] 8_2_1E42B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E42B8D0 mov eax, dword ptr fs:[00000030h] 8_2_1E42B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C20A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C20A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399080 mov eax, dword ptr fs:[00000030h] 8_2_1E399080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E413884 mov eax, dword ptr fs:[00000030h] 8_2_1E413884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E413884 mov eax, dword ptr fs:[00000030h] 8_2_1E413884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3958EC mov eax, dword ptr fs:[00000030h] 8_2_1E3958EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C513A mov eax, dword ptr fs:[00000030h] 8_2_1E3C513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C513A mov eax, dword ptr fs:[00000030h] 8_2_1E3C513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h] 8_2_1E3B4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h] 8_2_1E3B4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h] 8_2_1E3B4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B4120 mov eax, dword ptr fs:[00000030h] 8_2_1E3B4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3B4120 mov ecx, dword ptr fs:[00000030h] 8_2_1E3B4120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399100 mov eax, dword ptr fs:[00000030h] 8_2_1E399100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399100 mov eax, dword ptr fs:[00000030h] 8_2_1E399100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E399100 mov eax, dword ptr fs:[00000030h] 8_2_1E399100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39B171 mov eax, dword ptr fs:[00000030h] 8_2_1E39B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39B171 mov eax, dword ptr fs:[00000030h] 8_2_1E39B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39C962 mov eax, dword ptr fs:[00000030h] 8_2_1E39C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BB944 mov eax, dword ptr fs:[00000030h] 8_2_1E3BB944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BB944 mov eax, dword ptr fs:[00000030h] 8_2_1E3BB944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C61A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C61A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C61A0 mov eax, dword ptr fs:[00000030h] 8_2_1E3C61A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4241E8 mov eax, dword ptr fs:[00000030h] 8_2_1E4241E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3C2990 mov eax, dword ptr fs:[00000030h] 8_2_1E3C2990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3BC182 mov eax, dword ptr fs:[00000030h] 8_2_1E3BC182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E3CA185 mov eax, dword ptr fs:[00000030h] 8_2_1E3CA185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39B1E1 mov eax, dword ptr fs:[00000030h] 8_2_1E39B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39B1E1 mov eax, dword ptr fs:[00000030h] 8_2_1E39B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E39B1E1 mov eax, dword ptr fs:[00000030h] 8_2_1E39B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4169A6 mov eax, dword ptr fs:[00000030h] 8_2_1E4169A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h] 8_2_1E4151BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h] 8_2_1E4151BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h] 8_2_1E4151BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 8_2_1E4151BE mov eax, dword ptr fs:[00000030h] 8_2_1E4151BE

HIPS / PFW / Operating System Protection Evasion:

barindex
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe' Jump to behavior
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmp Binary or memory string: Progman
Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1729876173.0000000000E70000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe Code function: 1_2_02146E24 cpuid 1_2_02146E24

Stealing of Sensitive Information:

barindex
GuLoader behavior detected
Source: Initial file Signature Results: GuLoader behavior
Yara detected Generic Dropper
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 2212, type: MEMORY
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs