Windows Analysis Report SecuriteInfo.com.Variant.Zusy.394472.15672.20727

AV Detection:

Antivirus detection for URL or domain

Source: www.yjhlgg.com/grve/

Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.yjhlgg.com/grve/"], "decoy": ["jrvinganimalexterminator.com", "smallsyalls.com", "po1c3.com", "mencg.com", "aussieenjoyment.today", "espace22.com", "aanmelding-desk.info", "gallopshoes.com", "nftsexy.com", "ricosdulcesmexicanos.com", "riseswift.com", "thechicthirty.com", "matdcg.com", "alternet.today", "creativehuesdesigns.com", "rjkcrafts.com", "lowdosemortgage.com", "adoptahamster.com", "wellness-sense.com", "jacardcapital.com", "pastiindonesia.com", "lindsaynathan2021.com", "brisbanemagicians.com", "tvglanz.com", "388384.com", "mitgrim.com", "endonelatrading.com", "political.singles", "ganjegirls.com", "democratscancelled.com", "ytzhubao.com", "roiskylands.com", "zamlgroup.com", "winstonsalemathleticclub.com", "62qtz2.com", "caddyys.com", "ecorarte.com", "coonier.com", "cbgmanhattan-hub.com", "givanon.com", "tioniis11.com", "variceselite.com", "tasaciona.com", "hiphopeconomicdevelopment.com", "citrixfile.com", "piebuilder.com", "drmetalpublishing.com", "themesthatyoulike.com", "vinhomes-phamhung.info", "ardecentro.com", "gameshowsatwork.com", "go-rillathebrand.com", "virtualppo.com", "nogodbeforeme.net", "fabrezeairpurifiers.com", "roorisor.com", "elaraberentcar.com", "rugpat.com", "renewalbyheather.com", "innocox.com", "ztsj10086.com", "channelarmor.info", "thecarbonbox.store", "edicionesvita.com"]}

Multi AV Scanner detection for domain / URL

Source: www.yjhlgg.com/grve/

Virustotal: Detection: 8%

Perma Link

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Virustotal: Detection: 51%			Perma Link
Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Metadefender: Detection: 22%			Perma Link
Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe	ReversingLabs: Detection: 60%

Yara detected FormBook

Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

Machine Learning detection for sample

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.5c0000.2.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Compliance:

Uses 32bit PE files

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Binary contains paths to debug symbols

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Software Vulnerabilities:

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 4x nop then pop edi		3_2_0040E376
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 4x nop then pop edi		3_2_0040E37A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 4x nop then pop edi		3_2_0040E3C8

Networking:

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: www.yjhlgg.com/grve/

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Creates a DirectInput object (often for capturing keystrokes)

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000002.644990740.000000000063A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected FormBook

Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

System Summary:

Malicious sample detected (through community Yara rule)

Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419D50 NtCreateFile,		3_2_00419D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419E00 NtReadFile,		3_2_00419E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419E80 NtClose,		3_2_00419E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419F30 NtAllocateVirtualMemory,		3_2_00419F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419DFB NtReadFile,		3_2_00419DFB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419E7A NtClose,		3_2_00419E7A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00419F2A NtAllocateVirtualMemory,		3_2_00419F2A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,		3_2_00A296E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29660 NtAllocateVirtualMemory,LdrInitializeThunk,		3_2_00A29660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29860 NtQuerySystemInformation,LdrInitializeThunk,		3_2_00A29860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A2B040 NtSuspendThread,		3_2_00A2B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A2A3B0 NtGetContextThread,		3_2_00A2A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A295F0 NtQueryInformationFile,		3_2_00A295F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A295D0 NtClose,		3_2_00A295D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29520 NtWaitForSingleObject,		3_2_00A29520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29560 NtWriteFile,		3_2_00A29560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29540 NtReadFile,		3_2_00A29540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A296D0 NtCreateKey,		3_2_00A296D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29610 NtEnumerateValueKey,		3_2_00A29610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29670 NtQueryInformationProcess,		3_2_00A29670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29650 NtQueryValueKey,		3_2_00A29650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A297A0 NtUnmapViewOfSection,		3_2_00A297A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29780 NtMapViewOfSection,		3_2_00A29780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29730 NtQueryVirtualMemory,		3_2_00A29730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29710 NtQueryInformationToken,		3_2_00A29710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A2A710 NtOpenProcessToken,		3_2_00A2A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29760 NtOpenProcess,		3_2_00A29760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A2A770 NtOpenThread,		3_2_00A2A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29770 NtSetInformationFile,		3_2_00A29770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A298A0 NtWriteVirtualMemory,		3_2_00A298A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A298F0 NtReadVirtualMemory,		3_2_00A298F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29820 NtEnumerateKey,		3_2_00A29820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29840 NtDelayExecution,		3_2_00A29840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A299A0 NtCreateSection,		3_2_00A299A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A299D0 NtCreateProcessEx,		3_2_00A299D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29910 NtAdjustPrivilegesToken,		3_2_00A29910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29950 NtQueueApcThread,		3_2_00A29950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29A80 NtOpenDirectoryObject,		3_2_00A29A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29A20 NtResumeThread,		3_2_00A29A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29A00 NtProtectVirtualMemory,		3_2_00A29A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29A10 NtQuerySection,		3_2_00A29A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29A50 NtCreateFile,		3_2_00A29A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29B00 NtSetValueKey,		3_2_00A29B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A2AD30 NtSetContextThread,		3_2_00A2AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A29FE0 NtCreateMutant,		3_2_00A29FE0

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00401030		3_2_00401030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041D18D		3_2_0041D18D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041E20E		3_2_0041E20E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00402D87		3_2_00402D87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00402D90		3_2_00402D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00409E2C		3_2_00409E2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00409E30		3_2_00409E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041DFA8		3_2_0041DFA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00402FB0		3_2_00402FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB20A8		3_2_00AB20A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB090		3_2_009FB090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA60F5		3_2_00AA60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA1002		3_2_00AA1002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FC1C0		3_2_009FC1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04120		3_2_00A04120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB32A9		3_2_00AB32A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB22AE		3_2_00AB22AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAE2C5		3_2_00AAE2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C225E		3_2_009C225E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C3382		3_2_009C3382
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1138B		3_2_00A1138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A923E3		3_2_00A923E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA03DA		3_2_00AA03DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA231B		3_2_00AA231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A03360		3_2_00A03360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C337D		3_2_009C337D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C94B8		3_2_009C94B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F841F		3_2_009F841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A02430		3_2_00A02430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAD466		3_2_00AAD466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A165A0		3_2_00A165A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A12581		3_2_00A12581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB25DD		3_2_00AB25DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FD5E0		3_2_009FD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAD616		3_2_00AAD616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9660		3_2_009E9660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA67E2		3_2_00AA67E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB28EC		3_2_00AB28EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00ABE824		3_2_00ABE824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A830		3_2_00A0A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6800		3_2_009E6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A02990		3_2_00A02990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EF900		3_2_009EF900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4AEF		3_2_00AA4AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A9FA2B		3_2_00A9FA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA5A4F		3_2_00AA5A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1EBB0		3_2_00A1EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A8EB8A		3_2_00A8EB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0EB9A		3_2_00A0EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A38BE8		3_2_00A38BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AADBD2		3_2_00AADBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1ABD8		3_2_00A1ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB2B28		3_2_00AB2B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0AB40		3_2_00A0AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A8CB4F		3_2_00A8CB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A14CD4		3_2_00A14CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AACC77		3_2_00AACC77
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA2D82		3_2_00AA2D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB2D07		3_2_00AB2D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E0D20		3_2_009E0D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A02D50		3_2_00A02D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB1D55		3_2_00AB1D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A91EB6		3_2_00A91EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB2EF7		3_2_00AB2EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A06E30		3_2_00A06E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A6AE60		3_2_00A6AE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB1FF1		3_2_00AB1FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00ABDFCE		3_2_00ABDFCE

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: String function: 00A75720 appears 85 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: String function: 009EB150 appears 177 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: String function: 00A3D08C appears 50 times

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.644541453.000000000250F000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000002.644776222.0000000000420000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemsvfw32.dll.muij% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647485358.0000000000ADF000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Yara signature match

Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research

Classification label

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@0/0

PE file has an executable .text section and no other executable section

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Reads software policies

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Sample is known by Antivirus

Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Virustotal: Detection: 51%
Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Metadefender: Detection: 22%
Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe	ReversingLabs: Detection: 60%

Sample reads its own file content

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'			Jump to behavior

Binary contains paths to debug symbols

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Data Obfuscation:

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Unpacked PE file: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack .text:ER;.rdata:R; vs .text:ER;

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041684E push edi; ret		3_2_0041685B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00417AF6 push eax; retf		3_2_00417AF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00417B5D push ebp; ret		3_2_00417B5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041CEF2 push eax; ret		3_2_0041CEF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041CEFB push eax; ret		3_2_0041CF62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041CEA5 push eax; ret		3_2_0041CEF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_0041CF5C push eax; ret		3_2_0041CF62
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A3D0D1 push ecx; ret		3_2_00A3D0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C4288 pushad ; retf		3_2_009C4289
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C322C push eax; retf		3_2_009C321C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C225E push eax; retf		3_2_009C321C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C427E pushad ; retf 000Dh		3_2_009C427F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C9271 push es; iretd		3_2_009C9278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009CA7C0 push es; iretd		3_2_009CA7C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009C3F9F pushad ; ret		3_2_009C3FA0

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	RDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	RDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Code function: 3_2_00409A80 rdtsc

3_2_00409A80

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Queries a list of all running processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Process queried: DebugPort

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Code function: 3_2_00409A80 rdtsc

3_2_00409A80

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Code function: 3_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,

3_2_00A296E0

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]		3_2_00A120A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A290AF mov eax, dword ptr fs:[00000030h]		3_2_00A290AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1F0BF mov ecx, dword ptr fs:[00000030h]		3_2_00A1F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1F0BF mov eax, dword ptr fs:[00000030h]		3_2_00A1F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1F0BF mov eax, dword ptr fs:[00000030h]		3_2_00A1F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9080 mov eax, dword ptr fs:[00000030h]		3_2_009E9080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E70C0 mov eax, dword ptr fs:[00000030h]		3_2_009E70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E70C0 mov eax, dword ptr fs:[00000030h]		3_2_009E70C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]		3_2_00AA60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]		3_2_00AA60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]		3_2_00AA60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]		3_2_00AA60F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB0C7 mov eax, dword ptr fs:[00000030h]		3_2_00AAB0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB0C7 mov eax, dword ptr fs:[00000030h]		3_2_00AAB0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]		3_2_009E40E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]		3_2_009E40E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]		3_2_009E40E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A14020 mov edi, dword ptr fs:[00000030h]		3_2_00A14020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]		3_2_00A1002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]		3_2_00A1002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]		3_2_00A1002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]		3_2_00A1002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]		3_2_00A1002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]		3_2_00A67016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]		3_2_00A67016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]		3_2_00A67016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]		3_2_009FB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]		3_2_009FB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]		3_2_009FB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]		3_2_009FB02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]		3_2_00A1701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB4015 mov eax, dword ptr fs:[00000030h]		3_2_00AB4015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB4015 mov eax, dword ptr fs:[00000030h]		3_2_00AB4015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A73019 mov eax, dword ptr fs:[00000030h]		3_2_00A73019
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E7057 mov eax, dword ptr fs:[00000030h]		3_2_009E7057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]		3_2_009E5050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]		3_2_009E5050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]		3_2_009E5050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA2073 mov eax, dword ptr fs:[00000030h]		3_2_00AA2073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB1074 mov eax, dword ptr fs:[00000030h]		3_2_00AB1074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A00050 mov eax, dword ptr fs:[00000030h]		3_2_00A00050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A00050 mov eax, dword ptr fs:[00000030h]		3_2_00A00050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E519E mov eax, dword ptr fs:[00000030h]		3_2_009E519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E519E mov ecx, dword ptr fs:[00000030h]		3_2_009E519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A161A0 mov eax, dword ptr fs:[00000030h]		3_2_00A161A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A161A0 mov eax, dword ptr fs:[00000030h]		3_2_00A161A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8190 mov ecx, dword ptr fs:[00000030h]		3_2_009E8190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]		3_2_00A651BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]		3_2_00A651BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]		3_2_00A651BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]		3_2_00A651BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00ABF1B5 mov eax, dword ptr fs:[00000030h]		3_2_00ABF1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00ABF1B5 mov eax, dword ptr fs:[00000030h]		3_2_00ABF1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0C182 mov eax, dword ptr fs:[00000030h]		3_2_00A0C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAA189 mov eax, dword ptr fs:[00000030h]		3_2_00AAA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAA189 mov ecx, dword ptr fs:[00000030h]		3_2_00AAA189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1A185 mov eax, dword ptr fs:[00000030h]		3_2_00A1A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A14190 mov eax, dword ptr fs:[00000030h]		3_2_00A14190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]		3_2_009F61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]		3_2_009F61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]		3_2_009F61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]		3_2_009F61A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A741E8 mov eax, dword ptr fs:[00000030h]		3_2_00A741E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0D1EF mov eax, dword ptr fs:[00000030h]		3_2_00A0D1EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FC1C0 mov eax, dword ptr fs:[00000030h]		3_2_009FC1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov ecx, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov ecx, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]		3_2_00AA31DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E31E0 mov eax, dword ptr fs:[00000030h]		3_2_009E31E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]		3_2_009EB1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]		3_2_009EB1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]		3_2_009EB1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]		3_2_00A04120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]		3_2_00A04120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]		3_2_00A04120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]		3_2_00A04120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04120 mov ecx, dword ptr fs:[00000030h]		3_2_00A04120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1513A mov eax, dword ptr fs:[00000030h]		3_2_00A1513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1513A mov eax, dword ptr fs:[00000030h]		3_2_00A1513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]		3_2_009E9100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]		3_2_009E9100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]		3_2_009E9100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]		3_2_009F0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]		3_2_009F0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]		3_2_009F0100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E3138 mov ecx, dword ptr fs:[00000030h]		3_2_009E3138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EB171 mov eax, dword ptr fs:[00000030h]		3_2_009EB171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EB171 mov eax, dword ptr fs:[00000030h]		3_2_009EB171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A112BD mov esi, dword ptr fs:[00000030h]		3_2_00A112BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A112BD mov eax, dword ptr fs:[00000030h]		3_2_00A112BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A112BD mov eax, dword ptr fs:[00000030h]		3_2_00A112BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA129A mov eax, dword ptr fs:[00000030h]		3_2_00AA129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D294 mov eax, dword ptr fs:[00000030h]		3_2_00A1D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D294 mov eax, dword ptr fs:[00000030h]		3_2_00A1D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]		3_2_009E52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]		3_2_009E52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]		3_2_009E52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]		3_2_009E52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]		3_2_009E52A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]		3_2_009F62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]		3_2_009F62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]		3_2_009F62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]		3_2_009F62A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]		3_2_00AAB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]		3_2_00AAB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]		3_2_00AAB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]		3_2_00AAB2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E12D4 mov eax, dword ptr fs:[00000030h]		3_2_009E12D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA1229 mov eax, dword ptr fs:[00000030h]		3_2_00AA1229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]		3_2_00A0A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]		3_2_009E5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5210 mov ecx, dword ptr fs:[00000030h]		3_2_009E5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]		3_2_009E5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]		3_2_009E5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]		3_2_00A0B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]		3_2_009E8239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]		3_2_009E8239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]		3_2_009E8239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A9B260 mov eax, dword ptr fs:[00000030h]		3_2_00A9B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A9B260 mov eax, dword ptr fs:[00000030h]		3_2_00A9B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A2927A mov eax, dword ptr fs:[00000030h]		3_2_00A2927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]		3_2_009E9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]		3_2_009E9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]		3_2_009E9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]		3_2_009E9240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A74257 mov eax, dword ptr fs:[00000030h]		3_2_00A74257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA138A mov eax, dword ptr fs:[00000030h]		3_2_00AA138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A9D380 mov ecx, dword ptr fs:[00000030h]		3_2_00A9D380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]		3_2_00A1138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]		3_2_00A1138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]		3_2_00A1138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1B390 mov eax, dword ptr fs:[00000030h]		3_2_00A1B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A12397 mov eax, dword ptr fs:[00000030h]		3_2_00A12397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]		3_2_00A103E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]		3_2_00A103E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]		3_2_00A103E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]		3_2_00A103E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]		3_2_00A103E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]		3_2_00A103E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A923E3 mov ecx, dword ptr fs:[00000030h]		3_2_00A923E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A923E3 mov ecx, dword ptr fs:[00000030h]		3_2_00A923E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A923E3 mov eax, dword ptr fs:[00000030h]		3_2_00A923E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A153C5 mov eax, dword ptr fs:[00000030h]		3_2_00A153C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A653CA mov eax, dword ptr fs:[00000030h]		3_2_00A653CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A653CA mov eax, dword ptr fs:[00000030h]		3_2_00A653CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]		3_2_00A0A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA131B mov eax, dword ptr fs:[00000030h]		3_2_00AA131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]		3_2_00A76365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]		3_2_00A76365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]		3_2_00A76365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EF358 mov eax, dword ptr fs:[00000030h]		3_2_009EF358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]		3_2_009FF370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]		3_2_009FF370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]		3_2_009FF370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F849B mov eax, dword ptr fs:[00000030h]		3_2_009F849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E649B mov eax, dword ptr fs:[00000030h]		3_2_009E649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E649B mov eax, dword ptr fs:[00000030h]		3_2_009E649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]		3_2_00A734A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]		3_2_00A734A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]		3_2_00A734A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D4B0 mov eax, dword ptr fs:[00000030h]		3_2_00A1D4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A764B5 mov eax, dword ptr fs:[00000030h]		3_2_00A764B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A764B5 mov eax, dword ptr fs:[00000030h]		3_2_00A764B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E1480 mov eax, dword ptr fs:[00000030h]		3_2_009E1480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F34B1 mov eax, dword ptr fs:[00000030h]		3_2_009F34B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F34B1 mov eax, dword ptr fs:[00000030h]		3_2_009F34B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F14A9 mov eax, dword ptr fs:[00000030h]		3_2_009F14A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F14A9 mov ecx, dword ptr fs:[00000030h]		3_2_009F14A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]		3_2_00AA4496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]		3_2_00A184E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]		3_2_00A184E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]		3_2_00A184E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]		3_2_00A184E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]		3_2_00A184E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]		3_2_00A184E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA14FB mov eax, dword ptr fs:[00000030h]		3_2_00AA14FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8410 mov eax, dword ptr fs:[00000030h]		3_2_009E8410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A02430 mov eax, dword ptr fs:[00000030h]		3_2_00A02430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A02430 mov eax, dword ptr fs:[00000030h]		3_2_00A02430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]		3_2_00AB740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]		3_2_00AB740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]		3_2_00AB740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E4439 mov eax, dword ptr fs:[00000030h]		3_2_009E4439
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]		3_2_009FB433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]		3_2_009FB433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]		3_2_009FB433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0746D mov eax, dword ptr fs:[00000030h]		3_2_00A0746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9450 mov eax, dword ptr fs:[00000030h]		3_2_009E9450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]		3_2_00A0B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1A44B mov eax, dword ptr fs:[00000030h]		3_2_00A1A44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7C450 mov eax, dword ptr fs:[00000030h]		3_2_00A7C450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7C450 mov eax, dword ptr fs:[00000030h]		3_2_00A7C450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8466 mov eax, dword ptr fs:[00000030h]		3_2_009E8466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8466 mov eax, dword ptr fs:[00000030h]		3_2_009E8466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB8450 mov eax, dword ptr fs:[00000030h]		3_2_00AB8450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A135A1 mov eax, dword ptr fs:[00000030h]		3_2_00A135A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]		3_2_00A165A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]		3_2_00A165A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]		3_2_00A165A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB05AC mov eax, dword ptr fs:[00000030h]		3_2_00AB05AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB05AC mov eax, dword ptr fs:[00000030h]		3_2_00AB05AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E3591 mov eax, dword ptr fs:[00000030h]		3_2_009E3591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]		3_2_00A12581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]		3_2_00A12581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]		3_2_00A12581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]		3_2_00A12581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]		3_2_00AAB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]		3_2_00AAB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]		3_2_00AAB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]		3_2_00AAB581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A195EC mov eax, dword ptr fs:[00000030h]		3_2_00A195EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E15C1 mov eax, dword ptr fs:[00000030h]		3_2_009E15C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E95F0 mov eax, dword ptr fs:[00000030h]		3_2_009E95F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E95F0 mov ecx, dword ptr fs:[00000030h]		3_2_009E95F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FD5E0 mov eax, dword ptr fs:[00000030h]		3_2_009FD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FD5E0 mov eax, dword ptr fs:[00000030h]		3_2_009FD5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]		3_2_009E751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]		3_2_009E751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]		3_2_009E751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]		3_2_009E751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]		3_2_00A1F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]		3_2_00A1F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]		3_2_00A1F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E9515 mov ecx, dword ptr fs:[00000030h]		3_2_009E9515
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A6A537 mov eax, dword ptr fs:[00000030h]		3_2_00A6A537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AAE539 mov eax, dword ptr fs:[00000030h]		3_2_00AAE539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]		3_2_00AA3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]		3_2_00AA3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]		3_2_00AA3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E354C mov eax, dword ptr fs:[00000030h]		3_2_009E354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E354C mov eax, dword ptr fs:[00000030h]		3_2_009E354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0C577 mov eax, dword ptr fs:[00000030h]		3_2_00A0C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0C577 mov eax, dword ptr fs:[00000030h]		3_2_00A0C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A63540 mov eax, dword ptr fs:[00000030h]		3_2_00A63540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A646A7 mov eax, dword ptr fs:[00000030h]		3_2_00A646A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA56B6 mov eax, dword ptr fs:[00000030h]		3_2_00AA56B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA56B6 mov eax, dword ptr fs:[00000030h]		3_2_00AA56B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E86A0 mov eax, dword ptr fs:[00000030h]		3_2_009E86A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A116E0 mov ecx, dword ptr fs:[00000030h]		3_2_00A116E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov ecx, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]		3_2_00A106C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A136CC mov eax, dword ptr fs:[00000030h]		3_2_00A136CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F76E2 mov eax, dword ptr fs:[00000030h]		3_2_009F76E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]		3_2_00A17620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]		3_2_00A17620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]		3_2_00A17620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]		3_2_00A17620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]		3_2_00A17620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]		3_2_00A17620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]		3_2_00A65623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E1618 mov eax, dword ptr fs:[00000030h]		3_2_009E1618
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1C63D mov eax, dword ptr fs:[00000030h]		3_2_00A1C63D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]		3_2_009EC600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]		3_2_009EC600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]		3_2_009EC600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]		3_2_00A05600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA1608 mov eax, dword ptr fs:[00000030h]		3_2_00AA1608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EA63B mov eax, dword ptr fs:[00000030h]		3_2_009EA63B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EA63B mov eax, dword ptr fs:[00000030h]		3_2_009EA63B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB62E mov eax, dword ptr fs:[00000030h]		3_2_009FB62E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009FB62E mov eax, dword ptr fs:[00000030h]		3_2_009FB62E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1A61C mov eax, dword ptr fs:[00000030h]		3_2_00A1A61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1A61C mov eax, dword ptr fs:[00000030h]		3_2_00A1A61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EE620 mov eax, dword ptr fs:[00000030h]		3_2_009EE620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]		3_2_00A04670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]		3_2_00A04670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]		3_2_00A04670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]		3_2_00A04670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F766D mov eax, dword ptr fs:[00000030h]		3_2_009F766D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A76652 mov eax, dword ptr fs:[00000030h]		3_2_00A76652
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F8794 mov eax, dword ptr fs:[00000030h]		3_2_009F8794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]		3_2_00A67794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]		3_2_00A67794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]		3_2_00A67794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]		3_2_00A137EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A237F5 mov eax, dword ptr fs:[00000030h]		3_2_00A237F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB87CF mov eax, dword ptr fs:[00000030h]		3_2_00AB87CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D7CA mov eax, dword ptr fs:[00000030h]		3_2_00A1D7CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D7CA mov eax, dword ptr fs:[00000030h]		3_2_00A1D7CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA17D2 mov eax, dword ptr fs:[00000030h]		3_2_00AA17D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1E730 mov eax, dword ptr fs:[00000030h]		3_2_00A1E730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B73D mov eax, dword ptr fs:[00000030h]		3_2_00A0B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B73D mov eax, dword ptr fs:[00000030h]		3_2_00A0B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB070D mov eax, dword ptr fs:[00000030h]		3_2_00AB070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB070D mov eax, dword ptr fs:[00000030h]		3_2_00AB070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1C707 mov eax, dword ptr fs:[00000030h]		3_2_00A1C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1C707 mov ecx, dword ptr fs:[00000030h]		3_2_00A1C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1C707 mov eax, dword ptr fs:[00000030h]		3_2_00A1C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]		3_2_009E6730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]		3_2_009E6730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]		3_2_009E6730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1A70E mov eax, dword ptr fs:[00000030h]		3_2_00A1A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1A70E mov eax, dword ptr fs:[00000030h]		3_2_00A1A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A14710 mov eax, dword ptr fs:[00000030h]		3_2_00A14710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D715 mov eax, dword ptr fs:[00000030h]		3_2_00A1D715
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1D715 mov eax, dword ptr fs:[00000030h]		3_2_00A1D715
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0F716 mov eax, dword ptr fs:[00000030h]		3_2_00A0F716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0E760 mov eax, dword ptr fs:[00000030h]		3_2_00A0E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0E760 mov eax, dword ptr fs:[00000030h]		3_2_00A0E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009EA745 mov eax, dword ptr fs:[00000030h]		3_2_009EA745
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA1751 mov eax, dword ptr fs:[00000030h]		3_2_00AA1751
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov ecx, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]		3_2_009E8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]		3_2_00A178A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E3880 mov eax, dword ptr fs:[00000030h]		3_2_009E3880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E3880 mov eax, dword ptr fs:[00000030h]		3_2_009E3880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A63884 mov eax, dword ptr fs:[00000030h]		3_2_00A63884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A63884 mov eax, dword ptr fs:[00000030h]		3_2_00A63884
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]		3_2_009F28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]		3_2_009F28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]		3_2_009F28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28AE mov ecx, dword ptr fs:[00000030h]		3_2_009F28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]		3_2_009F28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]		3_2_009F28AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B8E4 mov eax, dword ptr fs:[00000030h]		3_2_00A0B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0B8E4 mov eax, dword ptr fs:[00000030h]		3_2_00A0B8E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E78D6 mov eax, dword ptr fs:[00000030h]		3_2_009E78D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E78D6 mov eax, dword ptr fs:[00000030h]		3_2_009E78D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E78D6 mov ecx, dword ptr fs:[00000030h]		3_2_009E78D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AB98FE mov eax, dword ptr fs:[00000030h]		3_2_00AB98FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA18CA mov eax, dword ptr fs:[00000030h]		3_2_00AA18CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]		3_2_009F28FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]		3_2_009F28FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]		3_2_009F28FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E58EC mov eax, dword ptr fs:[00000030h]		3_2_009E58EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]		3_2_00A7B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7B8D0 mov ecx, dword ptr fs:[00000030h]		3_2_00A7B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]		3_2_00A7B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]		3_2_00A7B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]		3_2_00A7B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]		3_2_00A7B8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]		3_2_009E88E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]		3_2_00A0A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]		3_2_00A0A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]		3_2_00A0A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]		3_2_00A0A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]		3_2_009E6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]		3_2_009E6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]		3_2_009E6800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A0F86D mov eax, dword ptr fs:[00000030h]		3_2_00A0F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA1843 mov eax, dword ptr fs:[00000030h]		3_2_00AA1843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A669A6 mov eax, dword ptr fs:[00000030h]		3_2_00A669A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]		3_2_00AA49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]		3_2_00AA49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]		3_2_00AA49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]		3_2_00AA49A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A199BC mov eax, dword ptr fs:[00000030h]		3_2_00A199BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1C9BF mov eax, dword ptr fs:[00000030h]		3_2_00A1C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A1C9BF mov eax, dword ptr fs:[00000030h]		3_2_00A1C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]		3_2_00A099BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe	Code function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]		3_2_00A099BF

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion:

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Section loaded: unknown target: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe protection: execute and read and write

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'

Jump to behavior

Stealing of Sensitive Information:

Yara detected FormBook

Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected FormBook

Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY