Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Zusy.394472.15672.20727

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Zusy.394472.15672.20727 (renamed file extension from 20727 to exe)
Analysis ID:452434
MD5:89cfb542cda6a428cc5c02feaf3c55f8
SHA1:9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d
SHA256:b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.yjhlgg.com/grve/"], "decoy": ["jrvinganimalexterminator.com", "smallsyalls.com", "po1c3.com", "mencg.com", "aussieenjoyment.today", "espace22.com", "aanmelding-desk.info", "gallopshoes.com", "nftsexy.com", "ricosdulcesmexicanos.com", "riseswift.com", "thechicthirty.com", "matdcg.com", "alternet.today", "creativehuesdesigns.com", "rjkcrafts.com", "lowdosemortgage.com", "adoptahamster.com", "wellness-sense.com", "jacardcapital.com", "pastiindonesia.com", "lindsaynathan2021.com", "brisbanemagicians.com", "tvglanz.com", "388384.com", "mitgrim.com", "endonelatrading.com", "political.singles", "ganjegirls.com", "democratscancelled.com", "ytzhubao.com", "roiskylands.com", "zamlgroup.com", "winstonsalemathleticclub.com", "62qtz2.com", "caddyys.com", "ecorarte.com", "coonier.com", "cbgmanhattan-hub.com", "givanon.com", "tioniis11.com", "variceselite.com", "tasaciona.com", "hiphopeconomicdevelopment.com", "citrixfile.com", "piebuilder.com", "drmetalpublishing.com", "themesthatyoulike.com", "vinhomes-phamhung.info", "ardecentro.com", "gameshowsatwork.com", "go-rillathebrand.com", "virtualppo.com", "nogodbeforeme.net", "fabrezeairpurifiers.com", "roorisor.com", "elaraberentcar.com", "rugpat.com", "renewalbyheather.com", "innocox.com", "ztsj10086.com", "channelarmor.info", "thecarbonbox.store", "edicionesvita.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 4 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x175f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1770c:$sqlite3step: 68 34 1C 7B E1
        • 0x17628:$sqlite3text: 68 38 2A 90 C5
        • 0x1774d:$sqlite3text: 68 38 2A 90 C5
        • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
        3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: www.yjhlgg.com/grve/Avira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.yjhlgg.com/grve/"], "decoy": ["jrvinganimalexterminator.com", "smallsyalls.com", "po1c3.com", "mencg.com", "aussieenjoyment.today", "espace22.com", "aanmelding-desk.info", "gallopshoes.com", "nftsexy.com", "ricosdulcesmexicanos.com", "riseswift.com", "thechicthirty.com", "matdcg.com", "alternet.today", "creativehuesdesigns.com", "rjkcrafts.com", "lowdosemortgage.com", "adoptahamster.com", "wellness-sense.com", "jacardcapital.com", "pastiindonesia.com", "lindsaynathan2021.com", "brisbanemagicians.com", "tvglanz.com", "388384.com", "mitgrim.com", "endonelatrading.com", "political.singles", "ganjegirls.com", "democratscancelled.com", "ytzhubao.com", "roiskylands.com", "zamlgroup.com", "winstonsalemathleticclub.com", "62qtz2.com", "caddyys.com", "ecorarte.com", "coonier.com", "cbgmanhattan-hub.com", "givanon.com", "tioniis11.com", "variceselite.com", "tasaciona.com", "hiphopeconomicdevelopment.com", "citrixfile.com", "piebuilder.com", "drmetalpublishing.com", "themesthatyoulike.com", "vinhomes-phamhung.info", "ardecentro.com", "gameshowsatwork.com", "go-rillathebrand.com", "virtualppo.com", "nogodbeforeme.net", "fabrezeairpurifiers.com", "roorisor.com", "elaraberentcar.com", "rugpat.com", "renewalbyheather.com", "innocox.com", "ztsj10086.com", "channelarmor.info", "thecarbonbox.store", "edicionesvita.com"]}
          Multi AV Scanner detection for domain / URLShow sources
          Source: www.yjhlgg.com/grve/Virustotal: Detection: 8%Perma Link
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeVirustotal: Detection: 51%Perma Link
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeMetadefender: Detection: 22%Perma Link
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeReversingLabs: Detection: 60%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeJoe Sandbox ML: detected
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.5c0000.2.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 4x nop then pop edi3_2_0040E376
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 4x nop then pop edi3_2_0040E37A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 4x nop then pop edi3_2_0040E3C8

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.yjhlgg.com/grve/
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000002.644990740.000000000063A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419D50 NtCreateFile,3_2_00419D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419E00 NtReadFile,3_2_00419E00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419E80 NtClose,3_2_00419E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419F30 NtAllocateVirtualMemory,3_2_00419F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419DFB NtReadFile,3_2_00419DFB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419E7A NtClose,3_2_00419E7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419F2A NtAllocateVirtualMemory,3_2_00419F2A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A296E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A29660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A29860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2B040 NtSuspendThread,3_2_00A2B040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2A3B0 NtGetContextThread,3_2_00A2A3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A295F0 NtQueryInformationFile,3_2_00A295F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A295D0 NtClose,3_2_00A295D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29520 NtWaitForSingleObject,3_2_00A29520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29560 NtWriteFile,3_2_00A29560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29540 NtReadFile,3_2_00A29540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A296D0 NtCreateKey,3_2_00A296D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29610 NtEnumerateValueKey,3_2_00A29610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29670 NtQueryInformationProcess,3_2_00A29670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29650 NtQueryValueKey,3_2_00A29650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A297A0 NtUnmapViewOfSection,3_2_00A297A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29780 NtMapViewOfSection,3_2_00A29780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29730 NtQueryVirtualMemory,3_2_00A29730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29710 NtQueryInformationToken,3_2_00A29710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2A710 NtOpenProcessToken,3_2_00A2A710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29760 NtOpenProcess,3_2_00A29760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2A770 NtOpenThread,3_2_00A2A770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29770 NtSetInformationFile,3_2_00A29770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A298A0 NtWriteVirtualMemory,3_2_00A298A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A298F0 NtReadVirtualMemory,3_2_00A298F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29820 NtEnumerateKey,3_2_00A29820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29840 NtDelayExecution,3_2_00A29840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A299A0 NtCreateSection,3_2_00A299A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A299D0 NtCreateProcessEx,3_2_00A299D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29910 NtAdjustPrivilegesToken,3_2_00A29910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29950 NtQueueApcThread,3_2_00A29950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A80 NtOpenDirectoryObject,3_2_00A29A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A20 NtResumeThread,3_2_00A29A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A00 NtProtectVirtualMemory,3_2_00A29A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A10 NtQuerySection,3_2_00A29A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A50 NtCreateFile,3_2_00A29A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29B00 NtSetValueKey,3_2_00A29B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2AD30 NtSetContextThread,3_2_00A2AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29FE0 NtCreateMutant,3_2_00A29FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041D18D3_2_0041D18D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041E20E3_2_0041E20E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00402D873_2_00402D87
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409E2C3_2_00409E2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409E303_2_00409E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041DFA83_2_0041DFA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A03_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB20A83_2_00AB20A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB0903_2_009FB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F53_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA10023_2_00AA1002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FC1C03_2_009FC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A041203_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB32A93_2_00AB32A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB22AE3_2_00AB22AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAE2C53_2_00AAE2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B2363_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C225E3_2_009C225E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C33823_2_009C3382
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E33_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA03DA3_2_00AA03DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A3093_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA231B3_2_00AA231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A033603_2_00A03360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C337D3_2_009C337D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C94B83_2_009C94B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA44963_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F841F3_2_009F841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A024303_2_00A02430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAD4663_2_00AAD466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B4773_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A03_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A125813_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB25DD3_2_00AB25DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FD5E03_2_009FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C03_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A056003_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAD6163_2_00AAD616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E96603_2_009E9660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA67E23_2_00AA67E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB28EC3_2_00AB28EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E03_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABE8243_2_00ABE824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A8303_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E68003_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A029903_2_00A02990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EF9003_2_009EF900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4AEF3_2_00AA4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9FA2B3_2_00A9FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA5A4F3_2_00AA5A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1EBB03_2_00A1EBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A8EB8A3_2_00A8EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0EB9A3_2_00A0EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A38BE83_2_00A38BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AADBD23_2_00AADBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1ABD83_2_00A1ABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB2B283_2_00AB2B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0AB403_2_00A0AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A8CB4F3_2_00A8CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14CD43_2_00A14CD4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AACC773_2_00AACC77
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA2D823_2_00AA2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB2D073_2_00AB2D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E0D203_2_009E0D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A02D503_2_00A02D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB1D553_2_00AB1D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A91EB63_2_00A91EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB2EF73_2_00AB2EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A06E303_2_00A06E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A6AE603_2_00A6AE60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB1FF13_2_00AB1FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABDFCE3_2_00ABDFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: String function: 00A75720 appears 85 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: String function: 009EB150 appears 177 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: String function: 00A3D08C appears 50 times
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.644541453.000000000250F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000002.644776222.0000000000420000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsvfw32.dll.muij% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647485358.0000000000ADF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/0@0/0
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeVirustotal: Detection: 51%
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeMetadefender: Detection: 22%
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeReversingLabs: Detection: 60%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe' Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeUnpacked PE file: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack .text:ER;.rdata:R; vs .text:ER;
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041684E push edi; ret 3_2_0041685B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00417AF6 push eax; retf 3_2_00417AF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00417B5D push ebp; ret 3_2_00417B5E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CEF2 push eax; ret 3_2_0041CEF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CEFB push eax; ret 3_2_0041CF62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CEA5 push eax; ret 3_2_0041CEF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CF5C push eax; ret 3_2_0041CF62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A3D0D1 push ecx; ret 3_2_00A3D0E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C4288 pushad ; retf 3_2_009C4289
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C322C push eax; retf 3_2_009C321C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C225E push eax; retf 3_2_009C321C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C427E pushad ; retf 000Dh3_2_009C427F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C9271 push es; iretd 3_2_009C9278
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009CA7C0 push es; iretd 3_2_009CA7C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C3F9F pushad ; ret 3_2_009C3FA0

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409A80 rdtsc 3_2_00409A80
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409A80 rdtsc 3_2_00409A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A296E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A290AF mov eax, dword ptr fs:[00000030h]3_2_00A290AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A1F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F0BF mov eax, dword ptr fs:[00000030h]3_2_00A1F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F0BF mov eax, dword ptr fs:[00000030h]3_2_00A1F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9080 mov eax, dword ptr fs:[00000030h]3_2_009E9080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E70C0 mov eax, dword ptr fs:[00000030h]3_2_009E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E70C0 mov eax, dword ptr fs:[00000030h]3_2_009E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB0C7 mov eax, dword ptr fs:[00000030h]3_2_00AAB0C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB0C7 mov eax, dword ptr fs:[00000030h]3_2_00AAB0C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]3_2_009E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]3_2_009E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]3_2_009E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14020 mov edi, dword ptr fs:[00000030h]3_2_00A14020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]3_2_00A67016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]3_2_00A67016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]3_2_00A67016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB4015 mov eax, dword ptr fs:[00000030h]3_2_00AB4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB4015 mov eax, dword ptr fs:[00000030h]3_2_00AB4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A73019 mov eax, dword ptr fs:[00000030h]3_2_00A73019
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E7057 mov eax, dword ptr fs:[00000030h]3_2_009E7057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]3_2_009E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]3_2_009E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]3_2_009E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA2073 mov eax, dword ptr fs:[00000030h]3_2_00AA2073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB1074 mov eax, dword ptr fs:[00000030h]3_2_00AB1074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A00050 mov eax, dword ptr fs:[00000030h]3_2_00A00050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A00050 mov eax, dword ptr fs:[00000030h]3_2_00A00050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E519E mov eax, dword ptr fs:[00000030h]3_2_009E519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E519E mov ecx, dword ptr fs:[00000030h]3_2_009E519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A161A0 mov eax, dword ptr fs:[00000030h]3_2_00A161A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A161A0 mov eax, dword ptr fs:[00000030h]3_2_00A161A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8190 mov ecx, dword ptr fs:[00000030h]3_2_009E8190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABF1B5 mov eax, dword ptr fs:[00000030h]3_2_00ABF1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABF1B5 mov eax, dword ptr fs:[00000030h]3_2_00ABF1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0C182 mov eax, dword ptr fs:[00000030h]3_2_00A0C182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAA189 mov eax, dword ptr fs:[00000030h]3_2_00AAA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAA189 mov ecx, dword ptr fs:[00000030h]3_2_00AAA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A185 mov eax, dword ptr fs:[00000030h]3_2_00A1A185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14190 mov eax, dword ptr fs:[00000030h]3_2_00A14190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A741E8 mov eax, dword ptr fs:[00000030h]3_2_00A741E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0D1EF mov eax, dword ptr fs:[00000030h]3_2_00A0D1EF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FC1C0 mov eax, dword ptr fs:[00000030h]3_2_009FC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov ecx, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov ecx, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E31E0 mov eax, dword ptr fs:[00000030h]3_2_009E31E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]3_2_009EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]3_2_009EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]3_2_009EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov ecx, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1513A mov eax, dword ptr fs:[00000030h]3_2_00A1513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1513A mov eax, dword ptr fs:[00000030h]3_2_00A1513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]3_2_009E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]3_2_009E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]3_2_009E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]3_2_009F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]3_2_009F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]3_2_009F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3138 mov ecx, dword ptr fs:[00000030h]3_2_009E3138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB171 mov eax, dword ptr fs:[00000030h]3_2_009EB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB171 mov eax, dword ptr fs:[00000030h]3_2_009EB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A112BD mov esi, dword ptr fs:[00000030h]3_2_00A112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A112BD mov eax, dword ptr fs:[00000030h]3_2_00A112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A112BD mov eax, dword ptr fs:[00000030h]3_2_00A112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA129A mov eax, dword ptr fs:[00000030h]3_2_00AA129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D294 mov eax, dword ptr fs:[00000030h]3_2_00A1D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D294 mov eax, dword ptr fs:[00000030h]3_2_00A1D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E12D4 mov eax, dword ptr fs:[00000030h]3_2_009E12D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1229 mov eax, dword ptr fs:[00000030h]3_2_00AA1229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov ecx, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]3_2_009E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]3_2_009E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]3_2_009E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9B260 mov eax, dword ptr fs:[00000030h]3_2_00A9B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9B260 mov eax, dword ptr fs:[00000030h]3_2_00A9B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2927A mov eax, dword ptr fs:[00000030h]3_2_00A2927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A74257 mov eax, dword ptr fs:[00000030h]3_2_00A74257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA138A mov eax, dword ptr fs:[00000030h]3_2_00AA138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9D380 mov ecx, dword ptr fs:[00000030h]3_2_00A9D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1B390 mov eax, dword ptr fs:[00000030h]3_2_00A1B390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12397 mov eax, dword ptr fs:[00000030h]3_2_00A12397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E3 mov ecx, dword ptr fs:[00000030h]3_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E3 mov ecx, dword ptr fs:[00000030h]3_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E3 mov eax, dword ptr fs:[00000030h]3_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A153C5 mov eax, dword ptr fs:[00000030h]3_2_00A153C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A653CA mov eax, dword ptr fs:[00000030h]3_2_00A653CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A653CA mov eax, dword ptr fs:[00000030h]3_2_00A653CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA131B mov eax, dword ptr fs:[00000030h]3_2_00AA131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]3_2_00A76365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]3_2_00A76365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]3_2_00A76365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EF358 mov eax, dword ptr fs:[00000030h]3_2_009EF358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]3_2_009FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]3_2_009FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]3_2_009FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F849B mov eax, dword ptr fs:[00000030h]3_2_009F849B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E649B mov eax, dword ptr fs:[00000030h]3_2_009E649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E649B mov eax, dword ptr fs:[00000030h]3_2_009E649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]3_2_00A734A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]3_2_00A734A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]3_2_00A734A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D4B0 mov eax, dword ptr fs:[00000030h]3_2_00A1D4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A764B5 mov eax, dword ptr fs:[00000030h]3_2_00A764B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A764B5 mov eax, dword ptr fs:[00000030h]3_2_00A764B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E1480 mov eax, dword ptr fs:[00000030h]3_2_009E1480
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F34B1 mov eax, dword ptr fs:[00000030h]3_2_009F34B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F34B1 mov eax, dword ptr fs:[00000030h]3_2_009F34B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F14A9 mov eax, dword ptr fs:[00000030h]3_2_009F14A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F14A9 mov ecx, dword ptr fs:[00000030h]3_2_009F14A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA14FB mov eax, dword ptr fs:[00000030h]3_2_00AA14FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8410 mov eax, dword ptr fs:[00000030h]3_2_009E8410
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A02430 mov eax, dword ptr fs:[00000030h]3_2_00A02430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A02430 mov eax, dword ptr fs:[00000030h]3_2_00A02430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]3_2_00AB740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]3_2_00AB740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]3_2_00AB740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E4439 mov eax, dword ptr fs:[00000030h]3_2_009E4439
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]3_2_009FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]3_2_009FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]3_2_009FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0746D mov eax, dword ptr fs:[00000030h]3_2_00A0746D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9450 mov eax, dword ptr fs:[00000030h]3_2_009E9450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A44B mov eax, dword ptr fs:[00000030h]3_2_00A1A44B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7C450 mov eax, dword ptr fs:[00000030h]3_2_00A7C450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7C450 mov eax, dword ptr fs:[00000030h]3_2_00A7C450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8466 mov eax, dword ptr fs:[00000030h]3_2_009E8466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8466 mov eax, dword ptr fs:[00000030h]3_2_009E8466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB8450 mov eax, dword ptr fs:[00000030h]3_2_00AB8450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A135A1 mov eax, dword ptr fs:[00000030h]3_2_00A135A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]3_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]3_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]3_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB05AC mov eax, dword ptr fs:[00000030h]3_2_00AB05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB05AC mov eax, dword ptr fs:[00000030h]3_2_00AB05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3591 mov eax, dword ptr fs:[00000030h]3_2_009E3591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A195EC mov eax, dword ptr fs:[00000030h]3_2_00A195EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E15C1 mov eax, dword ptr fs:[00000030h]3_2_009E15C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E95F0 mov eax, dword ptr fs:[00000030h]3_2_009E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E95F0 mov ecx, dword ptr fs:[00000030h]3_2_009E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FD5E0 mov eax, dword ptr fs:[00000030h]3_2_009FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FD5E0 mov eax, dword ptr fs:[00000030h]3_2_009FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]3_2_00A1F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]3_2_00A1F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]3_2_00A1F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9515 mov ecx, dword ptr fs:[00000030h]3_2_009E9515
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A6A537 mov eax, dword ptr fs:[00000030h]3_2_00A6A537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAE539 mov eax, dword ptr fs:[00000030h]3_2_00AAE539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]3_2_00AA3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]3_2_00AA3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]3_2_00AA3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E354C mov eax, dword ptr fs:[00000030h]3_2_009E354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E354C mov eax, dword ptr fs:[00000030h]3_2_009E354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0C577 mov eax, dword ptr fs:[00000030h]3_2_00A0C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0C577 mov eax, dword ptr fs:[00000030h]3_2_00A0C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A63540 mov eax, dword ptr fs:[00000030h]3_2_00A63540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A646A7 mov eax, dword ptr fs:[00000030h]3_2_00A646A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA56B6 mov eax, dword ptr fs:[00000030h]3_2_00AA56B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA56B6 mov eax, dword ptr fs:[00000030h]3_2_00AA56B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E86A0 mov eax, dword ptr fs:[00000030h]3_2_009E86A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A116E0 mov ecx, dword ptr fs:[00000030h]3_2_00A116E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov ecx, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A136CC mov eax, dword ptr fs:[00000030h]3_2_00A136CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F76E2 mov eax, dword ptr fs:[00000030h]3_2_009F76E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E1618 mov eax, dword ptr fs:[00000030h]3_2_009E1618
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C63D mov eax, dword ptr fs:[00000030h]3_2_00A1C63D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]3_2_009EC600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]3_2_009EC600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]3_2_009EC600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1608 mov eax, dword ptr fs:[00000030h]3_2_00AA1608
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EA63B mov eax, dword ptr fs:[00000030h]3_2_009EA63B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EA63B mov eax, dword ptr fs:[00000030h]3_2_009EA63B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB62E mov eax, dword ptr fs:[00000030h]3_2_009FB62E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB62E mov eax, dword ptr fs:[00000030h]3_2_009FB62E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A61C mov eax, dword ptr fs:[00000030h]3_2_00A1A61C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A61C mov eax, dword ptr fs:[00000030h]3_2_00A1A61C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EE620 mov eax, dword ptr fs:[00000030h]3_2_009EE620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F766D mov eax, dword ptr fs:[00000030h]3_2_009F766D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76652 mov eax, dword ptr fs:[00000030h]3_2_00A76652
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F8794 mov eax, dword ptr fs:[00000030h]3_2_009F8794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]3_2_00A67794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]3_2_00A67794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]3_2_00A67794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A237F5 mov eax, dword ptr fs:[00000030h]3_2_00A237F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB87CF mov eax, dword ptr fs:[00000030h]3_2_00AB87CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D7CA mov eax, dword ptr fs:[00000030h]3_2_00A1D7CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D7CA mov eax, dword ptr fs:[00000030h]3_2_00A1D7CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA17D2 mov eax, dword ptr fs:[00000030h]3_2_00AA17D2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1E730 mov eax, dword ptr fs:[00000030h]3_2_00A1E730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B73D mov eax, dword ptr fs:[00000030h]3_2_00A0B73D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B73D mov eax, dword ptr fs:[00000030h]3_2_00A0B73D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB070D mov eax, dword ptr fs:[00000030h]3_2_00AB070D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB070D mov eax, dword ptr fs:[00000030h]3_2_00AB070D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C707 mov eax, dword ptr fs:[00000030h]3_2_00A1C707
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C707 mov ecx, dword ptr fs:[00000030h]3_2_00A1C707
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C707 mov eax, dword ptr fs:[00000030h]3_2_00A1C707
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]3_2_009E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]3_2_009E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]3_2_009E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A70E mov eax, dword ptr fs:[00000030h]3_2_00A1A70E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A70E mov eax, dword ptr fs:[00000030h]3_2_00A1A70E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14710 mov eax, dword ptr fs:[00000030h]3_2_00A14710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D715 mov eax, dword ptr fs:[00000030h]3_2_00A1D715
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D715 mov eax, dword ptr fs:[00000030h]3_2_00A1D715
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0F716 mov eax, dword ptr fs:[00000030h]3_2_00A0F716
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0E760 mov eax, dword ptr fs:[00000030h]3_2_00A0E760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0E760 mov eax, dword ptr fs:[00000030h]3_2_00A0E760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EA745 mov eax, dword ptr fs:[00000030h]3_2_009EA745
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1751 mov eax, dword ptr fs:[00000030h]3_2_00AA1751
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov ecx, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3880 mov eax, dword ptr fs:[00000030h]3_2_009E3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3880 mov eax, dword ptr fs:[00000030h]3_2_009E3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A63884 mov eax, dword ptr fs:[00000030h]3_2_00A63884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A63884 mov eax, dword ptr fs:[00000030h]3_2_00A63884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov ecx, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A0B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A0B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E78D6 mov eax, dword ptr fs:[00000030h]3_2_009E78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E78D6 mov eax, dword ptr fs:[00000030h]3_2_009E78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E78D6 mov ecx, dword ptr fs:[00000030h]3_2_009E78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB98FE mov eax, dword ptr fs:[00000030h]3_2_00AB98FE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA18CA mov eax, dword ptr fs:[00000030h]3_2_00AA18CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]3_2_009F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]3_2_009F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]3_2_009F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E58EC mov eax, dword ptr fs:[00000030h]3_2_009E58EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]3_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]3_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]3_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0F86D mov eax, dword ptr fs:[00000030h]3_2_00A0F86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1843 mov eax, dword ptr fs:[00000030h]3_2_00AA1843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A669A6 mov eax, dword ptr fs:[00000030h]3_2_00A669A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A199BC mov eax, dword ptr fs:[00000030h]3_2_00A199BC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C9BF mov eax, dword ptr fs:[00000030h]3_2_00A1C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C9BF mov eax, dword ptr fs:[00000030h]3_2_00A1C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]