Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Graftor.981190.24096.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Graftor.981190.24096.exe
Analysis ID:451828
MD5:19cac1ee3a6e5e9f83054616f5d5ce6f
SHA1:5b7f16098760f887b0bdc5fee9223d022e0597fb
SHA256:3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3
Tags:exe
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
GuLoader behavior detected
Multi AV Scanner detection for submitted file
Yara detected Generic Dropper
Yara detected GuLoader
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains strange resources
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Variant.Graftor.981190.24096.exeJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000000.647926510.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
      00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
        00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          00000008.00000000.743106384.0000000000401000.00000020.00020000.sdmpJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
            Process Memory Space: SecuriteInfo.com.Variant.Graftor.981190.24096.exe PID: 2212JoeSecurity_GenericDropperYara detected Generic DropperJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              1.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
                1.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security
                  8.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpackJoeSecurity_GuLoader_1Yara detected GuLoaderJoe Security

                    Sigma Overview

                    No Sigma rule has matched

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeMalware Configuration Extractor: GuLoader {"Payload URL": "https://kinmirai.org/wp-content/bin_lOulvHP91.bip"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeVirustotal: Detection: 14%Perma Link
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeReversingLabs: Detection: 19%
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: unknownHTTPS traffic detected: 133.130.104.18:443 -> 192.168.2.4:49756 version: TLS 1.2
                    Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

                    Networking:

                    barindex
                    C2 URLs / IPs found in malware configurationShow sources
                    Source: Malware configuration extractorURLs: https://kinmirai.org/wp-content/bin_lOulvHP91.bip
                    Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: unknownDNS traffic detected: queries for: kinmirai.org
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://ocsp.digicert.com0C
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://ocsp.digicert.com0O
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: http://www.digicert.com/CPS0
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeString found in binary or memory: https://www.digicert.com/CPS0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownHTTPS traffic detected: 133.130.104.18:443 -> 192.168.2.4:49756 version: TLS 1.2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess Stats: CPU usage > 98%
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 NtWriteVirtualMemory,NtProtectVirtualMemory,1_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B51 NtSetInformationThread,1_2_02148B51
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146D5C NtWriteVirtualMemory,1_2_02146D5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140947 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,1_2_02140947
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021453F6 NtAllocateVirtualMemory,1_2_021453F6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142407 NtWriteVirtualMemory,1_2_02142407
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143437 NtWriteVirtualMemory,1_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214444B NtWriteVirtualMemory,1_2_0214444B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214207C NtWriteVirtualMemory,1_2_0214207C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148C81 NtSetInformationThread,1_2_02148C81
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EB2 NtWriteVirtualMemory,1_2_02143EB2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021440EF NtWriteVirtualMemory,1_2_021440EF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F NtWriteVirtualMemory,LoadLibraryA,1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B5E NtSetInformationThread,1_2_02148B5E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02144345 NtWriteVirtualMemory,1_2_02144345
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02145541 NtAllocateVirtualMemory,1_2_02145541
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142567 NtWriteVirtualMemory,1_2_02142567
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA8 NtWriteVirtualMemory,1_2_02143FA8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FC2 NtWriteVirtualMemory,1_2_02143FC2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021447FF NtWriteVirtualMemory,1_2_021447FF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FE9 NtWriteVirtualMemory,1_2_02143FE9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9660 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_1E3D9660
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D96E0 NtFreeVirtualMemory,LdrInitializeThunk,8_2_1E3D96E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9860 NtQuerySystemInformation,LdrInitializeThunk,8_2_1E3D9860
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9610 NtEnumerateValueKey,8_2_1E3D9610
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9670 NtQueryInformationProcess,8_2_1E3D9670
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9650 NtQueryValueKey,8_2_1E3D9650
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D96D0 NtCreateKey,8_2_1E3D96D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9730 NtQueryVirtualMemory,8_2_1E3D9730
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DA710 NtOpenProcessToken,8_2_1E3DA710
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9710 NtQueryInformationToken,8_2_1E3D9710
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DA770 NtOpenThread,8_2_1E3DA770
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9770 NtSetInformationFile,8_2_1E3D9770
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9760 NtOpenProcess,8_2_1E3D9760
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D97A0 NtUnmapViewOfSection,8_2_1E3D97A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9780 NtMapViewOfSection,8_2_1E3D9780
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9FE0 NtCreateMutant,8_2_1E3D9FE0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DAD30 NtSetContextThread,8_2_1E3DAD30
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9520 NtWaitForSingleObject,8_2_1E3D9520
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9560 NtWriteFile,8_2_1E3D9560
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9540 NtReadFile,8_2_1E3D9540
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D95F0 NtQueryInformationFile,8_2_1E3D95F0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D95D0 NtClose,8_2_1E3D95D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A20 NtResumeThread,8_2_1E3D9A20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A10 NtQuerySection,8_2_1E3D9A10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A00 NtProtectVirtualMemory,8_2_1E3D9A00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A50 NtCreateFile,8_2_1E3D9A50
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9A80 NtOpenDirectoryObject,8_2_1E3D9A80
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9B00 NtSetValueKey,8_2_1E3D9B00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DA3B0 NtGetContextThread,8_2_1E3DA3B0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9820 NtEnumerateKey,8_2_1E3D9820
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3DB040 NtSuspendThread,8_2_1E3DB040
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9840 NtDelayExecution,8_2_1E3D9840
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D98A0 NtWriteVirtualMemory,8_2_1E3D98A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D98F0 NtReadVirtualMemory,8_2_1E3D98F0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9910 NtAdjustPrivilegesToken,8_2_1E3D9910
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D9950 NtQueueApcThread,8_2_1E3D9950
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D99A0 NtCreateSection,8_2_1E3D99A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D99D0 NtCreateProcessEx,8_2_1E3D99D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021486051_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021404C01_2_021404C0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B511_2_02148B51
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146D5C1_2_02146D5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021409471_2_02140947
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021451A41_2_021451A4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021453F61_2_021453F6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021424071_2_02142407
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021434371_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021406261_2_02140626
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021472291_2_02147229
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140E5C1_2_02140E5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021458441_2_02145844
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142A431_2_02142A43
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214824D1_2_0214824D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214104E1_2_0214104E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214444B1_2_0214444B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214207C1_2_0214207C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140E9A1_2_02140E9A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148C811_2_02148C81
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021438B41_2_021438B4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147EB41_2_02147EB4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147CB71_2_02147CB7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EB21_2_02143EB2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140ABB1_2_02140ABB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021458D61_2_021458D6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021406D21_2_021406D2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EC01_2_02143EC0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021426CA1_2_021426CA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147AF51_2_02147AF5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021406E21_2_021406E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021440EF1_2_021440EF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021417061_2_02141706
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214770F1_2_0214770F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214093C1_2_0214093C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02141B241_2_02141B24
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02141B2E1_2_02141B2E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148B5E1_2_02148B5E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140D5A1_2_02140D5A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021443451_2_02144345
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146F731_2_02146F73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214357C1_2_0214357C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021425671_2_02142567
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214118E1_2_0214118E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021475BE1_2_021475BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021475BB1_2_021475BB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021437A51_2_021437A5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021409AE1_2_021409AE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA81_2_02143FA8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021405D81_2_021405D8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021421DB1_2_021421DB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021411C61_2_021411C6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FC21_2_02143FC2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021447FF1_2_021447FF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143BE21_2_02143BE2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021401E91_2_021401E9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FE91_2_02143FE9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B6E308_2_1E3B6E30
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45D6168_2_1E45D616
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E462EF78_2_1E462EF7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E461FF18_2_1E461FF1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45D4668_2_1E45D466
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A841F8_2_1E3A841F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E461D558_2_1E461D55
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E390D208_2_1E390D20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E462D078_2_1E462D07
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4625DD8_2_1E4625DD
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C25818_2_1E3C2581
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AD5E08_2_1E3AD5E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4622AE8_2_1E4622AE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E462B288_2_1E462B28
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CEBB08_2_1E3CEBB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45DBD28_2_1E45DBD2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4510028_2_1E451002
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46E8248_2_1E46E824
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C20A08_2_1E3C20A0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AB0908_2_1E3AB090
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4628EC8_2_1E4628EC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4620A88_2_1E4620A8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3B41208_2_1E3B4120
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39F9008_2_1E39F900
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: String function: 1E39B150 appears 35 times
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: invalid certificate
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.746113951.0000000000435000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734938567.000000001E61F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734295205.000000001DD90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000000.743496412.0000000000435000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734330843.000000001DEE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeBinary or memory string: OriginalFilenametypo.exe vs SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@1/1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile created: C:\Users\user\AppData\Local\Temp\~DF417CDC9232525881.TMPJump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeVirustotal: Detection: 14%
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeReversingLabs: Detection: 19%
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe'
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exe' Jump to behavior
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\typo.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe
                    Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000008.00000002.1734370574.000000001E370000.00000040.00000001.sdmp
                    Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe

                    Data Obfuscation:

                    barindex
                    Yara detected GuLoaderShow sources
                    Source: Yara matchFile source: 00000001.00000002.750130399.0000000002140000.00000040.00000001.sdmp, type: MEMORY
                    Yara detected GuLoaderShow sources
                    Source: Yara matchFile source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, type: SAMPLE
                    Source: Yara matchFile source: 1.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.0.SecuriteInfo.com.Variant.Graftor.981190.24096.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000000.647926510.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.745251859.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000000.743106384.0000000000401000.00000020.00020000.sdmp, type: MEMORY
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149656 push esp; iretd 1_2_02149659
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214965A push esp; iretd 1_2_0214965D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214964E push esp; iretd 1_2_02149655
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149676 push esp; iretd 1_2_02149679
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149672 push esp; iretd 1_2_02149675
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149666 push esp; iretd 1_2_02149669
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02149662 push esp; iretd 1_2_02149665
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214966E push esp; iretd 1_2_02149671
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214966A push esp; iretd 1_2_0214966D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214634A push 00000020h; retf 1_2_0214634C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA8 push ebp; retf 1_2_02143FC5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3ED0D1 push ecx; ret 8_2_1E3ED0E4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569656 push esp; iretd 8_2_00569659
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056965A push esp; iretd 8_2_0056965D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056964E push esp; iretd 8_2_00569655
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569676 push esp; iretd 8_2_00569679
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569672 push esp; iretd 8_2_00569675
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569666 push esp; iretd 8_2_00569669
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_00569662 push esp; iretd 8_2_00569665
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056966E push esp; iretd 8_2_00569671
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_0056966A push esp; iretd 8_2_0056966D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 NtWriteVirtualMemory,NtProtectVirtualMemory,1_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021404C0 EnumWindows,1_2_021404C0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146D5C NtWriteVirtualMemory,1_2_02146D5C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140947 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA,1_2_02140947
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142407 NtWriteVirtualMemory,1_2_02142407
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143437 NtWriteVirtualMemory,1_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214207C NtWriteVirtualMemory,1_2_0214207C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147EB4 1_2_02147EB4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147CB7 LoadLibraryA,1_2_02147CB7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143EB2 NtWriteVirtualMemory,1_2_02143EB2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02140ABB TerminateProcess,1_2_02140ABB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021440EF NtWriteVirtualMemory,1_2_021440EF
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214093C TerminateProcess,1_2_0214093C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F NtWriteVirtualMemory,LoadLibraryA,1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02144345 NtWriteVirtualMemory,1_2_02144345
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02142567 NtWriteVirtualMemory,1_2_02142567
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021409AE TerminateProcess,1_2_021409AE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FA8 NtWriteVirtualMemory,1_2_02143FA8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021421DB 1_2_021421DB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FC2 NtWriteVirtualMemory,1_2_02143FC2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143FE9 NtWriteVirtualMemory,1_2_02143FE9
                    Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140712 second address: 0000000002140712 instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002146E7B second address: 0000000002146E7B instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140D49 second address: 0000000002140DE7 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor eax, EB5A589Ch 0x0000000f jmp 00007FB40C97036Eh 0x00000011 test ch, FFFFFFECh 0x00000014 xor eax, BE5B7B4Ah 0x00000019 cmp dx, cx 0x0000001c add eax, 864E8424h 0x00000021 push eax 0x00000022 test dx, ax 0x00000025 mov eax, dword ptr [ebp+00000190h] 0x0000002b fnop 0x0000002d cmp ebx, ebx 0x0000002f push 43F8D37Fh 0x00000034 cmp edx, 081C3CCEh 0x0000003a xor dword ptr [esp], 2E08F881h 0x00000041 cmp edx, edx 0x00000043 xor dword ptr [esp], 8C9FD1FFh 0x0000004a add dword ptr [esp], 1E90062Fh 0x00000051 push dword ptr [ebp+0000009Ch] 0x00000057 push si 0x00000059 mov si, 35EAh 0x0000005d pop si 0x0000005f mov dword ptr [ebp+0000017Eh], edi 0x00000065 mov edi, eax 0x00000067 push edi 0x00000068 mov edi, dword ptr [ebp+0000017Eh] 0x0000006e pushad 0x0000006f lfence 0x00000072 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002144E1F second address: 0000000002144E1F instructions:
                    Tries to detect Any.runShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
                    Tries to detect virtualization through RDTSC time measurementsShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002147535 second address: 0000000002147535 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 702F7768h 0x00000013 xor eax, BAD33913h 0x00000018 xor eax, 29F9B82Ah 0x0000001d add eax, 1CFA09B0h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FB40C9709A3h 0x0000002e cmp dx, bx 0x00000031 cmp ecx, edx 0x00000033 popad 0x00000034 jmp 00007FB40C97036Ah 0x00000036 test al, al 0x00000038 call 00007FB40C970463h 0x0000003d lfence 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000021406EB second address: 0000000002140712 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 push ebx 0x00000004 mov ebx, dword ptr [ebp+0000027Bh] 0x0000000a mov dword ptr [ebp+00000235h], edi 0x00000010 mov edi, D6C95C11h 0x00000015 cmp cx, FCD6h 0x0000001a xor edi, E9377D93h 0x00000020 xor edi, 468CFA5Dh 0x00000026 pushad 0x00000027 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140712 second address: 0000000002140712 instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002146E7B second address: 0000000002146E7B instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000021453D5 second address: 00000000021453F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, ebx 0x0000000d push dword ptr fs:[000000C0h] 0x00000014 pop dword ptr [ebp+48h] 0x00000017 pushad 0x00000018 mov ecx, 000000C1h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140D2F second address: 0000000002140D49 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp bx, ax 0x0000000e mov dword ptr [ebp+00000190h], eax 0x00000014 mov eax, 2CB05809h 0x00000019 pushad 0x0000001a rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002140D49 second address: 0000000002140DE7 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor eax, EB5A589Ch 0x0000000f jmp 00007FB40C97036Eh 0x00000011 test ch, FFFFFFECh 0x00000014 xor eax, BE5B7B4Ah 0x00000019 cmp dx, cx 0x0000001c add eax, 864E8424h 0x00000021 push eax 0x00000022 test dx, ax 0x00000025 mov eax, dword ptr [ebp+00000190h] 0x0000002b fnop 0x0000002d cmp ebx, ebx 0x0000002f push 43F8D37Fh 0x00000034 cmp edx, 081C3CCEh 0x0000003a xor dword ptr [esp], 2E08F881h 0x00000041 cmp edx, edx 0x00000043 xor dword ptr [esp], 8C9FD1FFh 0x0000004a add dword ptr [esp], 1E90062Fh 0x00000051 push dword ptr [ebp+0000009Ch] 0x00000057 push si 0x00000059 mov si, 35EAh 0x0000005d pop si 0x0000005f mov dword ptr [ebp+0000017Eh], edi 0x00000065 mov edi, eax 0x00000067 push edi 0x00000068 mov edi, dword ptr [ebp+0000017Eh] 0x0000006e pushad 0x0000006f lfence 0x00000072 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000002144E1F second address: 0000000002144E1F instructions:
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000021443C4 second address: 000000000214441B instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add dword ptr [edi+0Ch], AA027753h 0x00000012 test ch, ch 0x00000014 mov dword ptr [edi+10h], C4A9BE9Bh 0x0000001b test edx, ecx 0x0000001d xor dword ptr [edi+10h], 81B5164Fh 0x00000024 xor dword ptr [edi+10h], 1A4BFCCEh 0x0000002b cmp dl, bl 0x0000002d add dword ptr [edi+10h], A0A8ABE6h 0x00000034 mov dword ptr [edi+14h], 2AEEC3BEh 0x0000003b sub dword ptr [edi+14h], 174CCDEEh 0x00000042 test dh, FFFFFFBAh 0x00000045 xor dword ptr [edi+14h], C024DED6h 0x0000004c xor dword ptr [edi+14h], D3852B06h 0x00000053 pushad 0x00000054 lfence 0x00000057 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000000567535 second address: 0000000000567535 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 702F7768h 0x00000013 xor eax, BAD33913h 0x00000018 xor eax, 29F9B82Ah 0x0000001d add eax, 1CFA09B0h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007FB40C366B33h 0x0000002e cmp dx, bx 0x00000031 cmp ecx, edx 0x00000033 popad 0x00000034 jmp 00007FB40C3664FAh 0x00000036 test al, al 0x00000038 call 00007FB40C3665F3h 0x0000003d lfence 0x00000040 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000005653D5 second address: 00000000005653F2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, ebx 0x0000000d push dword ptr fs:[000000C0h] 0x00000014 pop dword ptr [ebp+48h] 0x00000017 pushad 0x00000018 mov ecx, 000000C1h 0x0000001d rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000000560D2F second address: 0000000000560DE7 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp bx, ax 0x0000000e mov dword ptr [ebp+00000190h], eax 0x00000014 mov eax, 2CB05809h 0x00000019 pushad 0x0000001a nop 0x0000001b nop 0x0000001c mov eax, 00000001h 0x00000021 cpuid 0x00000023 popad 0x00000024 xor eax, EB5A589Ch 0x00000029 jmp 00007FB40C3664FEh 0x0000002b test ch, FFFFFFECh 0x0000002e xor eax, BE5B7B4Ah 0x00000033 cmp dx, cx 0x00000036 add eax, 864E8424h 0x0000003b push eax 0x0000003c test dx, ax 0x0000003f mov eax, dword ptr [ebp+00000190h] 0x00000045 fnop 0x00000047 cmp ebx, ebx 0x00000049 push 43F8D37Fh 0x0000004e cmp edx, 081C3CCEh 0x00000054 xor dword ptr [esp], 2E08F881h 0x0000005b cmp edx, edx 0x0000005d xor dword ptr [esp], 8C9FD1FFh 0x00000064 add dword ptr [esp], 1E90062Fh 0x0000006b push dword ptr [ebp+0000009Ch] 0x00000071 push si 0x00000073 mov si, 35EAh 0x00000077 pop si 0x00000079 mov dword ptr [ebp+0000017Eh], edi 0x0000007f mov edi, eax 0x00000081 push edi 0x00000082 mov edi, dword ptr [ebp+0000017Eh] 0x00000088 pushad 0x00000089 lfence 0x0000008c rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 000000000056371B second address: 000000000056375D instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 mov ebx, 987026F4h 0x00000008 test ch, ah 0x0000000a xor ebx, 1D32BE7Dh 0x00000010 cmp ch, dh 0x00000012 xor ebx, D33786A7h 0x00000018 test ecx, edx 0x0000001a add ebx, A98AE1E3h 0x00000020 push ebx 0x00000021 test bx, bx 0x00000024 mov ebx, dword ptr [ebp+000001A0h] 0x0000002a mov dword ptr [ebp+000001C7h], ebx 0x00000030 mov ebx, eax 0x00000032 push ebx 0x00000033 mov ebx, dword ptr [ebp+000001C7h] 0x00000039 test cx, ax 0x0000003c pushad 0x0000003d mov ecx, 0000001Fh 0x00000042 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 rdtsc 1_2_02148605
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exeMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
                    Source: SecuriteInfo.com.Variant.Graftor.981190.24096.exe, 00000001.00000002.750181825.0000000002150000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging:

                    barindex
                    Hides threads from debuggersShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02148605 rdtsc 1_2_02148605
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02145FFA LdrInitializeThunk,1_2_02145FFA
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143437 mov eax, dword ptr fs:[00000030h]1_2_02143437
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02145022 mov eax, dword ptr fs:[00000030h]1_2_02145022
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02147CB7 mov eax, dword ptr fs:[00000030h]1_2_02147CB7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_021470BE mov eax, dword ptr fs:[00000030h]1_2_021470BE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02146B34 mov eax, dword ptr fs:[00000030h]1_2_02146B34
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_0214293F mov eax, dword ptr fs:[00000030h]1_2_0214293F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 1_2_02143147 mov eax, dword ptr fs:[00000030h]1_2_02143147
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45AE44 mov eax, dword ptr fs:[00000030h]8_2_1E45AE44
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E45AE44 mov eax, dword ptr fs:[00000030h]8_2_1E45AE44
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39E620 mov eax, dword ptr fs:[00000030h]8_2_1E39E620
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA61C mov eax, dword ptr fs:[00000030h]8_2_1E3CA61C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA61C mov eax, dword ptr fs:[00000030h]8_2_1E3CA61C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h]8_2_1E39C600
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h]8_2_1E39C600
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E39C600 mov eax, dword ptr fs:[00000030h]8_2_1E39C600
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C8E00 mov eax, dword ptr fs:[00000030h]8_2_1E3C8E00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BAE73 mov eax, dword ptr fs:[00000030h]8_2_1E3BAE73
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E451608 mov eax, dword ptr fs:[00000030h]8_2_1E451608
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A766D mov eax, dword ptr fs:[00000030h]8_2_1E3A766D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44FE3F mov eax, dword ptr fs:[00000030h]8_2_1E44FE3F
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A7E41 mov eax, dword ptr fs:[00000030h]8_2_1E3A7E41
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E44FEC0 mov eax, dword ptr fs:[00000030h]8_2_1E44FEC0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468ED6 mov eax, dword ptr fs:[00000030h]8_2_1E468ED6
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42FE87 mov eax, dword ptr fs:[00000030h]8_2_1E42FE87
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3A76E2 mov eax, dword ptr fs:[00000030h]8_2_1E3A76E2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C16E0 mov ecx, dword ptr fs:[00000030h]8_2_1E3C16E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h]8_2_1E460EA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h]8_2_1E460EA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E460EA5 mov eax, dword ptr fs:[00000030h]8_2_1E460EA5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E4146A7 mov eax, dword ptr fs:[00000030h]8_2_1E4146A7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3C36CC mov eax, dword ptr fs:[00000030h]8_2_1E3C36CC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3D8EC7 mov eax, dword ptr fs:[00000030h]8_2_1E3D8EC7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CE730 mov eax, dword ptr fs:[00000030h]8_2_1E3CE730
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E394F2E mov eax, dword ptr fs:[00000030h]8_2_1E394F2E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E394F2E mov eax, dword ptr fs:[00000030h]8_2_1E394F2E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E468F6A mov eax, dword ptr fs:[00000030h]8_2_1E468F6A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3BF716 mov eax, dword ptr fs:[00000030h]8_2_1E3BF716
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA70E mov eax, dword ptr fs:[00000030h]8_2_1E3CA70E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3CA70E mov eax, dword ptr fs:[00000030h]8_2_1E3CA70E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46070D mov eax, dword ptr fs:[00000030h]8_2_1E46070D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E46070D mov eax, dword ptr fs:[00000030h]8_2_1E46070D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42FF10 mov eax, dword ptr fs:[00000030h]8_2_1E42FF10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E42FF10 mov eax, dword ptr fs:[00000030h]8_2_1E42FF10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AFF60 mov eax, dword ptr fs:[00000030h]8_2_1E3AFF60
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCode function: 8_2_1E3AEF40 mov eax, dword ptr fs:[00000030h]8_2_1E3AEF40
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Graftor.981190.24096.exeCod