Windows Analysis Report
EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe

Overview

General Information

Sample Name: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
Analysis ID: 632597
MD5: f51029776cf59c102ed0e1c757484e8b
SHA1: 2331eaecdd1da03fc229c8639cddc03ccc34e18f
SHA256: aac13b3f25b043fcc1baaa1481ab241a4845ff0d978fe86a455deaf28cedd352
Infos:

Detection

GuLoader
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Snort IDS alert for network traffic
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
C2 URLs / IPs found in malware configuration
Uses an obfuscated file name to hide its real file extension (double extension)
Uses 32bit PE files
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection
barindex
Found malware configuration
Source: 00000003.00000000.840003191.0000000001660000.00000040.00000400.00020000.00000000.sdmp Malware Configuration Extractor: GuLoader {"Payload URL": "http://graphicdes.com/bin_MpLvP21.bin"}
Multi AV Scanner detection for submitted file
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Virustotal: Detection: 25% Perma Link
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe ReversingLabs: Detection: 21%
Uses 32bit PE files
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bay Jump to behavior
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: mshtml.pdb source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source: Binary string: System.Net.Quic.ni.pdb source: System.Net.Quic.dll.0.dr
Source: Binary string: wntdll.pdbUGP source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5744039182.000000001D82D000.00000040.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.973692811.000000001D556000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.968464023.000000001D3A6000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5742414100.000000001D700000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5744039182.000000001D82D000.00000040.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.973692811.000000001D556000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.968464023.000000001D3A6000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5742414100.000000001D700000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Quic\net6.0-windows-Release\System.Net.Quic.pdbRSDS source: System.Net.Quic.dll.0.dr
Source: Binary string: mshtml.pdbUGP source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Quic\net6.0-windows-Release\System.Net.Quic.pdb source: System.Net.Quic.dll.0.dr
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_00406850 FindFirstFileW,FindClose, 0_2_00406850
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_00405C26 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405C26

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2842115 ETPRO TROJAN MalDoc Requesting Payload 2020-04-21 192.168.11.20:49734 -> 166.62.28.114:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: http://graphicdes.com/bin_MpLvP21.bin
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 166.62.28.114 166.62.28.114
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /bin_MpLvP21.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: graphicdes.comCache-Control: no-cache
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.1255907520.0000000001989000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5721637452.0000000001989000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://graphicdes.com/
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5720983762.0000000001948000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://graphicdes.com/bin_MpLvP21.bin
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5720983762.0000000001948000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://graphicdes.com/bin_MpLvP21.binA
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5720983762.0000000001948000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://graphicdes.com/bin_MpLvP21.binr
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5721949719.00000000019A3000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.1255573214.00000000019A3000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.971134880.00000000019A1000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.970759625.00000000019A1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://graphicdes.com/bin_MpLvP21.binrN
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp String found in binary or memory: http://www.gopher.ftp://ftp.
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.841960173.0000000000626000.00000008.00000001.01000000.00000007.sdmp String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.841671055.00000000005F2000.00000008.00000001.01000000.00000007.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.841671055.00000000005F2000.00000008.00000001.01000000.00000007.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: System.Net.Quic.dll.0.dr String found in binary or memory: https://aka.ms/dotnetquic
Source: System.Net.Quic.dll.0.dr String found in binary or memory: https://github.com/dotnet/runtime
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: unknown DNS traffic detected: queries for: graphicdes.com
Source: global traffic HTTP traffic detected: GET /bin_MpLvP21.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: graphicdes.comCache-Control: no-cache

System Summary
barindex
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
Uses 32bit PE files
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_0040350A EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040350A
Detected potential crypto function
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_718B1BFF 0_2_718B1BFF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740D69 3_2_1D740D69
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F7D4C 3_2_1D7F7D4C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FFD27 3_2_1D7FFD27
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D749DD0 3_2_1D749DD0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D752DB0 3_2_1D752DB0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F6C69 3_2_1D7F6C69
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FEC60 3_2_1D7FEC60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EEC4C 3_2_1D7EEC4C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74AC20 3_2_1D74AC20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D730C12 3_2_1D730C12
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D80ACEB 3_2_1D80ACEB
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C7CE8 3_2_1D7C7CE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75FCE0 3_2_1D75FCE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D758CDF 3_2_1D758CDF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D9C98 3_2_1D7D9C98
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FFF63 3_2_1D7FFF63
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74CF00 3_2_1D74CF00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F1FC6 3_2_1D7F1FC6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FEFBF 3_2_1D7FEFBF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D760E50 3_2_1D760E50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D782E48 3_2_1D782E48
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D732EE8 3_2_1D732EE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F9ED2 3_2_1D7F9ED2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F0EAD 3_2_1D7F0EAD
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7099E8 3_2_1D7099E8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7859C0 3_2_1D7859C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FE9A6 3_2_1D7FE9A6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D749870 3_2_1D749870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75B870 3_2_1D75B870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B5870 3_2_1D7B5870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FF872 3_2_1D7FF872
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D726868 3_2_1D726868
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76E810 3_2_1D76E810
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743800 3_2_1D743800
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F78F3 3_2_1D7F78F3
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F18DA 3_2_1D7F18DA
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7428C0 3_2_1D7428C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B98B2 3_2_1D7B98B2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D756882 3_2_1D756882
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FFB2E 3_2_1D7FFB2E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740B10 3_2_1D740B10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D77DB19 3_2_1D77DB19
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B4BC0 3_2_1D7B4BC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FEA5B 3_2_1D7FEA5B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FCA13 3_2_1D7FCA13
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75FAA0 3_2_1D75FAA0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FFA89 3_2_1D7FFA89
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D80A526 3_2_1D80A526
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FF5C9 3_2_1D7FF5C9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F75C6 3_2_1D7F75C6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740445 3_2_1D740445
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AD480 3_2_1D7AD480
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D742760 3_2_1D742760
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74A760 3_2_1D74A760
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F6757 3_2_1D7F6757
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D764670 3_2_1D764670
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ED646 3_2_1D7ED646
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DD62C 3_2_1D7DD62C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75C600 3_2_1D75C600
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FF6F6 3_2_1D7FF6F6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73C6E0 3_2_1D73C6E0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B36EC 3_2_1D7B36EC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FA6C0 3_2_1D7FA6C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740680 3_2_1D740680
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D78717A 3_2_1D78717A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DD130 3_2_1D7DD130
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72F113 3_2_1D72F113
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D80010E 3_2_1D80010E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75B1E0 3_2_1D75B1E0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7451C0 3_2_1D7451C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EE076 3_2_1D7EE076
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F70F1 3_2_1D7F70F1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74B0D0 3_2_1D74B0D0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7300A0 3_2_1D7300A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D77508C 3_2_1D77508C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FF330 3_2_1D7FF330
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74E310 3_2_1D74E310
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D731380 3_2_1D731380
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F124C 3_2_1D7F124C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D702245 3_2_1D702245
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72D2EC 3_2_1D72D2EC
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: String function: 1D7BEF10 appears 105 times
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: String function: 1D72B910 appears 268 times
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: String function: 1D787BE4 appears 96 times
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: String function: 1D775050 appears 36 times
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: String function: 1D7AE692 appears 86 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772D10 NtQuerySystemInformation,LdrInitializeThunk, 3_2_1D772D10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772B10 NtAllocateVirtualMemory,LdrInitializeThunk, 3_2_1D772B10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772B90 NtFreeVirtualMemory,LdrInitializeThunk, 3_2_1D772B90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772D50 NtWriteVirtualMemory, 3_2_1D772D50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772DC0 NtAdjustPrivilegesToken, 3_2_1D772DC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772DA0 NtReadVirtualMemory, 3_2_1D772DA0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772C50 NtUnmapViewOfSection, 3_2_1D772C50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D773C30 NtOpenProcessToken, 3_2_1D773C30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772C30 NtMapViewOfSection, 3_2_1D772C30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772C20 NtSetInformationFile, 3_2_1D772C20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772C10 NtOpenProcess, 3_2_1D772C10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772CF0 NtDelayExecution, 3_2_1D772CF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772CD0 NtEnumerateKey, 3_2_1D772CD0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D773C90 NtOpenThread, 3_2_1D773C90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772F30 NtOpenDirectoryObject, 3_2_1D772F30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772F00 NtCreateFile, 3_2_1D772F00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772FB0 NtSetValueKey, 3_2_1D772FB0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772E50 NtCreateSection, 3_2_1D772E50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772E00 NtQueueApcThread, 3_2_1D772E00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772ED0 NtResumeThread, 3_2_1D772ED0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772EC0 NtQuerySection, 3_2_1D772EC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772EB0 NtProtectVirtualMemory, 3_2_1D772EB0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772E80 NtCreateProcessEx, 3_2_1D772E80
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7729F0 NtReadFile, 3_2_1D7729F0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7729D0 NtWaitForSingleObject, 3_2_1D7729D0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7738D0 NtGetContextThread, 3_2_1D7738D0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772B20 NtQueryInformationProcess, 3_2_1D772B20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772B00 NtQueryValueKey, 3_2_1D772B00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772BE0 NtQueryVirtualMemory, 3_2_1D772BE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772BC0 NtQueryInformationToken, 3_2_1D772BC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772B80 NtCreateKey, 3_2_1D772B80
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772A10 NtWriteFile, 3_2_1D772A10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772AC0 NtEnumerateValueKey, 3_2_1D772AC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772AA0 NtQueryInformationFile, 3_2_1D772AA0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772A80 NtClose, 3_2_1D772A80
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D774570 NtSuspendThread, 3_2_1D774570
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7734E0 NtCreateMutant, 3_2_1D7734E0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D774260 NtSetContextThread, 3_2_1D774260
PE file does not import any functions
Source: System.Net.Quic.dll.0.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5744039182.000000001D82D000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.969996991.000000001D4C9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.975310733.000000001D683000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5745976204.000000001D9D0000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
PE file contains strange resources
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Tries to load missing DLLs
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Section loaded: edgegdi.dll Jump to behavior
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Virustotal: Detection: 25%
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe ReversingLabs: Detection: 21%
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File read: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Jump to behavior
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe "C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe"
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process created: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe "C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe"
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process created: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe "C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe" Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_0040350A EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040350A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File created: C:\Users\user\AppData\Local\Temp\nsgB87A.tmp Jump to behavior
Source: classification engine Classification label: mal88.troj.evad.winEXE@3/8@1/1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File written: C:\Users\user\AppData\Local\Temp\Undergaaedes.ini Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bay Jump to behavior
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: mshtml.pdb source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source: Binary string: System.Net.Quic.ni.pdb source: System.Net.Quic.dll.0.dr
Source: Binary string: wntdll.pdbUGP source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5744039182.000000001D82D000.00000040.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.973692811.000000001D556000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.968464023.000000001D3A6000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5742414100.000000001D700000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5744039182.000000001D82D000.00000040.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.973692811.000000001D556000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.968464023.000000001D3A6000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5742414100.000000001D700000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Quic\net6.0-windows-Release\System.Net.Quic.pdbRSDS source: System.Net.Quic.dll.0.dr
Source: Binary string: mshtml.pdbUGP source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000001.842193652.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.Quic\net6.0-windows-Release\System.Net.Quic.pdb source: System.Net.Quic.dll.0.dr

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000003.00000000.840003191.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.993031916.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_718B30C0 push eax; ret 0_2_718B30EE
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7308CD push ecx; mov dword ptr [esp], ecx 3_2_1D7308D6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7097A1 push es; iretd 3_2_1D7097A8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7021AD pushad ; retf 0004h 3_2_1D70223F
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_718B1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, 0_2_718B1BFF
Binary contains a suspicious time stamp
Source: System.Net.Quic.dll.0.dr Static PE information: 0xF53C092F [Tue May 18 19:40:31 2100 UTC]
Drops PE files
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File created: C:\Users\user\AppData\Local\Temp\System.Net.Quic.dll Jump to dropped file
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File created: C:\Users\user\AppData\Local\Temp\nshBA9E.tmp\System.dll Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Uses an obfuscated file name to hide its real file extension (double extension)
Source: Possible double extension: pdf.scr Static PE information: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect Any.run
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File opened: C:\Program Files\Qemu-ga\qemu-ga.exe Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe File opened: C:\Program Files\qga\qga.exe Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Net.Quic.dll Jump to dropped file
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76FD40 rdtsc 3_2_1D76FD40
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe API coverage: 0.3 %
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_00406850 FindFirstFileW,FindClose, 0_2_00406850
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_00405C26 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00405C26
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe API call chain: ExitProcess graph end node
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Shutdown Service
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicshutdown
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V PowerShell Direct Service
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Time Synchronization Service
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicvss
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.970812411.00000000019AA000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.971234872.00000000019AA000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5721737847.000000000198D000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.1255962322.000000000198D000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.1255654924.00000000019AA000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722073070.00000000019AA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Heartbeat Service
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000003.1255770485.0000000001974000.00000004.00000020.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5721429962.0000000001974000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000000.00000002.993411477.0000000004A59000.00000004.00000800.00020000.00000000.sdmp, EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface
Source: EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe, 00000003.00000002.5722645237.00000000034B9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmicheartbeat
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_718B1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW, 0_2_718B1BFF
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76FD40 rdtsc 3_2_1D76FD40
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D6D79 mov esi, dword ptr fs:[00000030h] 3_2_1D7D6D79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BD71 mov eax, dword ptr fs:[00000030h] 3_2_1D76BD71
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BD71 mov eax, dword ptr fs:[00000030h] 3_2_1D76BD71
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D745D60 mov eax, dword ptr fs:[00000030h] 3_2_1D745D60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B5D60 mov eax, dword ptr fs:[00000030h] 3_2_1D7B5D60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D731D50 mov eax, dword ptr fs:[00000030h] 3_2_1D731D50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D731D50 mov eax, dword ptr fs:[00000030h] 3_2_1D731D50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1D5E mov eax, dword ptr fs:[00000030h] 3_2_1D7B1D5E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804DA7 mov eax, dword ptr fs:[00000030h] 3_2_1D804DA7
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D729D46 mov eax, dword ptr fs:[00000030h] 3_2_1D729D46
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D729D46 mov eax, dword ptr fs:[00000030h] 3_2_1D729D46
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D729D46 mov ecx, dword ptr fs:[00000030h] 3_2_1D729D46
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DD4D mov eax, dword ptr fs:[00000030h] 3_2_1D74DD4D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DD4D mov eax, dword ptr fs:[00000030h] 3_2_1D74DD4D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DD4D mov eax, dword ptr fs:[00000030h] 3_2_1D74DD4D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ACD40 mov eax, dword ptr fs:[00000030h] 3_2_1D7ACD40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ACD40 mov eax, dword ptr fs:[00000030h] 3_2_1D7ACD40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F5D43 mov eax, dword ptr fs:[00000030h] 3_2_1D7F5D43
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F5D43 mov eax, dword ptr fs:[00000030h] 3_2_1D7F5D43
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72FD20 mov eax, dword ptr fs:[00000030h] 3_2_1D72FD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov ecx, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AD20 mov eax, dword ptr fs:[00000030h] 3_2_1D75AD20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0D24 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0D24
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0D24 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0D24
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0D24 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0D24
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0D24 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0D24
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75CD10 mov eax, dword ptr fs:[00000030h] 3_2_1D75CD10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75CD10 mov ecx, dword ptr fs:[00000030h] 3_2_1D75CD10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 mov eax, dword ptr fs:[00000030h] 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 mov eax, dword ptr fs:[00000030h] 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 mov eax, dword ptr fs:[00000030h] 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 mov eax, dword ptr fs:[00000030h] 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 mov eax, dword ptr fs:[00000030h] 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73AD00 mov eax, dword ptr fs:[00000030h] 3_2_1D73AD00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D750D01 mov eax, dword ptr fs:[00000030h] 3_2_1D750D01
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EBD08 mov eax, dword ptr fs:[00000030h] 3_2_1D7EBD08
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EBD08 mov eax, dword ptr fs:[00000030h] 3_2_1D7EBD08
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C8D0A mov eax, dword ptr fs:[00000030h] 3_2_1D7C8D0A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72EDFA mov eax, dword ptr fs:[00000030h] 3_2_1D72EDFA
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DFDF4 mov eax, dword ptr fs:[00000030h] 3_2_1D7DFDF4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73BDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D73BDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FCDEB mov eax, dword ptr fs:[00000030h] 3_2_1D7FCDEB
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FCDEB mov eax, dword ptr fs:[00000030h] 3_2_1D7FCDEB
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75FDE0 mov eax, dword ptr fs:[00000030h] 3_2_1D75FDE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EADD6 mov eax, dword ptr fs:[00000030h] 3_2_1D7EADD6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EADD6 mov eax, dword ptr fs:[00000030h] 3_2_1D7EADD6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D728DCD mov eax, dword ptr fs:[00000030h] 3_2_1D728DCD
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72DDB0 mov eax, dword ptr fs:[00000030h] 3_2_1D72DDB0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D737DB6 mov eax, dword ptr fs:[00000030h] 3_2_1D737DB6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762DBC mov eax, dword ptr fs:[00000030h] 3_2_1D762DBC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762DBC mov ecx, dword ptr fs:[00000030h] 3_2_1D762DBC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804D4B mov eax, dword ptr fs:[00000030h] 3_2_1D804D4B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D726DA6 mov eax, dword ptr fs:[00000030h] 3_2_1D726DA6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736D91 mov eax, dword ptr fs:[00000030h] 3_2_1D736D91
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D805D65 mov eax, dword ptr fs:[00000030h] 3_2_1D805D65
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CD8A mov eax, dword ptr fs:[00000030h] 3_2_1D72CD8A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CD8A mov eax, dword ptr fs:[00000030h] 3_2_1D72CD8A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D730C79 mov eax, dword ptr fs:[00000030h] 3_2_1D730C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D730C79 mov eax, dword ptr fs:[00000030h] 3_2_1D730C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D730C79 mov eax, dword ptr fs:[00000030h] 3_2_1D730C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D738C79 mov eax, dword ptr fs:[00000030h] 3_2_1D738C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D738C79 mov eax, dword ptr fs:[00000030h] 3_2_1D738C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D738C79 mov eax, dword ptr fs:[00000030h] 3_2_1D738C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D738C79 mov eax, dword ptr fs:[00000030h] 3_2_1D738C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D738C79 mov eax, dword ptr fs:[00000030h] 3_2_1D738C79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov ecx, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov ecx, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov ecx, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov ecx, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov ecx, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov ecx, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C60 mov eax, dword ptr fs:[00000030h] 3_2_1D743C60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BC6E mov eax, dword ptr fs:[00000030h] 3_2_1D76BC6E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BC6E mov eax, dword ptr fs:[00000030h] 3_2_1D76BC6E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CC68 mov eax, dword ptr fs:[00000030h] 3_2_1D72CC68
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B3C57 mov eax, dword ptr fs:[00000030h] 3_2_1D7B3C57
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72DC40 mov eax, dword ptr fs:[00000030h] 3_2_1D72DC40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C40 mov eax, dword ptr fs:[00000030h] 3_2_1D743C40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C7C38 mov eax, dword ptr fs:[00000030h] 3_2_1D7C7C38
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F5C38 mov eax, dword ptr fs:[00000030h] 3_2_1D7F5C38
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F5C38 mov ecx, dword ptr fs:[00000030h] 3_2_1D7F5C38
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D764C3D mov eax, dword ptr fs:[00000030h] 3_2_1D764C3D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D728C3D mov eax, dword ptr fs:[00000030h] 3_2_1D728C3D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804CD2 mov eax, dword ptr fs:[00000030h] 3_2_1D804CD2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743C20 mov eax, dword ptr fs:[00000030h] 3_2_1D743C20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74AC20 mov eax, dword ptr fs:[00000030h] 3_2_1D74AC20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74AC20 mov eax, dword ptr fs:[00000030h] 3_2_1D74AC20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74AC20 mov eax, dword ptr fs:[00000030h] 3_2_1D74AC20
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762C10 mov eax, dword ptr fs:[00000030h] 3_2_1D762C10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762C10 mov eax, dword ptr fs:[00000030h] 3_2_1D762C10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762C10 mov eax, dword ptr fs:[00000030h] 3_2_1D762C10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762C10 mov eax, dword ptr fs:[00000030h] 3_2_1D762C10
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727CF1 mov eax, dword ptr fs:[00000030h] 3_2_1D727CF1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733CF0 mov eax, dword ptr fs:[00000030h] 3_2_1D733CF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733CF0 mov eax, dword ptr fs:[00000030h] 3_2_1D733CF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75ECF3 mov eax, dword ptr fs:[00000030h] 3_2_1D75ECF3
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75ECF3 mov eax, dword ptr fs:[00000030h] 3_2_1D75ECF3
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ACCF0 mov ecx, dword ptr fs:[00000030h] 3_2_1D7ACCF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C7CE8 mov eax, dword ptr fs:[00000030h] 3_2_1D7C7CE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B0CEE mov eax, dword ptr fs:[00000030h] 3_2_1D7B0CEE
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DCD1 mov eax, dword ptr fs:[00000030h] 3_2_1D74DCD1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DCD1 mov eax, dword ptr fs:[00000030h] 3_2_1D74DCD1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DCD1 mov eax, dword ptr fs:[00000030h] 3_2_1D74DCD1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76CCD1 mov ecx, dword ptr fs:[00000030h] 3_2_1D76CCD1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76CCD1 mov eax, dword ptr fs:[00000030h] 3_2_1D76CCD1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76CCD1 mov eax, dword ptr fs:[00000030h] 3_2_1D76CCD1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C3CD4 mov eax, dword ptr fs:[00000030h] 3_2_1D7C3CD4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C3CD4 mov eax, dword ptr fs:[00000030h] 3_2_1D7C3CD4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C3CD4 mov ecx, dword ptr fs:[00000030h] 3_2_1D7C3CD4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C3CD4 mov eax, dword ptr fs:[00000030h] 3_2_1D7C3CD4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C3CD4 mov eax, dword ptr fs:[00000030h] 3_2_1D7C3CD4
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D758CDF mov eax, dword ptr fs:[00000030h] 3_2_1D758CDF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D758CDF mov eax, dword ptr fs:[00000030h] 3_2_1D758CDF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B5CD0 mov eax, dword ptr fs:[00000030h] 3_2_1D7B5CD0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D726CC0 mov eax, dword ptr fs:[00000030h] 3_2_1D726CC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D726CC0 mov eax, dword ptr fs:[00000030h] 3_2_1D726CC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D726CC0 mov eax, dword ptr fs:[00000030h] 3_2_1D726CC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D766CC0 mov eax, dword ptr fs:[00000030h] 3_2_1D766CC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D769CCF mov eax, dword ptr fs:[00000030h] 3_2_1D769CCF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73FCC9 mov eax, dword ptr fs:[00000030h] 3_2_1D73FCC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804C59 mov eax, dword ptr fs:[00000030h] 3_2_1D804C59
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D9C98 mov ecx, dword ptr fs:[00000030h] 3_2_1D7D9C98
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D9C98 mov eax, dword ptr fs:[00000030h] 3_2_1D7D9C98
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D9C98 mov eax, dword ptr fs:[00000030h] 3_2_1D7D9C98
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D9C98 mov eax, dword ptr fs:[00000030h] 3_2_1D7D9C98
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D737C95 mov eax, dword ptr fs:[00000030h] 3_2_1D737C95
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D737C95 mov eax, dword ptr fs:[00000030h] 3_2_1D737C95
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EFC95 mov eax, dword ptr fs:[00000030h] 3_2_1D7EFC95
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727C85 mov eax, dword ptr fs:[00000030h] 3_2_1D727C85
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727C85 mov eax, dword ptr fs:[00000030h] 3_2_1D727C85
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727C85 mov eax, dword ptr fs:[00000030h] 3_2_1D727C85
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727C85 mov eax, dword ptr fs:[00000030h] 3_2_1D727C85
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727C85 mov eax, dword ptr fs:[00000030h] 3_2_1D727C85
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B3C80 mov ecx, dword ptr fs:[00000030h] 3_2_1D7B3C80
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72BF70 mov eax, dword ptr fs:[00000030h] 3_2_1D72BF70
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D731F70 mov eax, dword ptr fs:[00000030h] 3_2_1D731F70
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AF72 mov eax, dword ptr fs:[00000030h] 3_2_1D75AF72
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D786F70 mov eax, dword ptr fs:[00000030h] 3_2_1D786F70
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72EF79 mov eax, dword ptr fs:[00000030h] 3_2_1D72EF79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72EF79 mov eax, dword ptr fs:[00000030h] 3_2_1D72EF79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72EF79 mov eax, dword ptr fs:[00000030h] 3_2_1D72EF79
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EEF66 mov eax, dword ptr fs:[00000030h] 3_2_1D7EEF66
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EAF50 mov ecx, dword ptr fs:[00000030h] 3_2_1D7EAF50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EBF4D mov eax, dword ptr fs:[00000030h] 3_2_1D7EBF4D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DF36 mov eax, dword ptr fs:[00000030h] 3_2_1D74DF36
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DF36 mov eax, dword ptr fs:[00000030h] 3_2_1D74DF36
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DF36 mov eax, dword ptr fs:[00000030h] 3_2_1D74DF36
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74DF36 mov eax, dword ptr fs:[00000030h] 3_2_1D74DF36
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72FF30 mov edi, dword ptr fs:[00000030h] 3_2_1D72FF30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F3C mov eax, dword ptr fs:[00000030h] 3_2_1D7B8F3C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F3C mov eax, dword ptr fs:[00000030h] 3_2_1D7B8F3C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F3C mov ecx, dword ptr fs:[00000030h] 3_2_1D7B8F3C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F3C mov ecx, dword ptr fs:[00000030h] 3_2_1D7B8F3C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D770F16 mov eax, dword ptr fs:[00000030h] 3_2_1D770F16
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D770F16 mov eax, dword ptr fs:[00000030h] 3_2_1D770F16
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D770F16 mov eax, dword ptr fs:[00000030h] 3_2_1D770F16
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D770F16 mov eax, dword ptr fs:[00000030h] 3_2_1D770F16
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74CF00 mov eax, dword ptr fs:[00000030h] 3_2_1D74CF00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74CF00 mov eax, dword ptr fs:[00000030h] 3_2_1D74CF00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFF03 mov eax, dword ptr fs:[00000030h] 3_2_1D7AFF03
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFF03 mov eax, dword ptr fs:[00000030h] 3_2_1D7AFF03
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFF03 mov eax, dword ptr fs:[00000030h] 3_2_1D7AFF03
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BF0C mov eax, dword ptr fs:[00000030h] 3_2_1D76BF0C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BF0C mov eax, dword ptr fs:[00000030h] 3_2_1D76BF0C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BF0C mov eax, dword ptr fs:[00000030h] 3_2_1D76BF0C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804FFF mov eax, dword ptr fs:[00000030h] 3_2_1D804FFF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D758FFB mov eax, dword ptr fs:[00000030h] 3_2_1D758FFB
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov ecx, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov ecx, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov ecx, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov ecx, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D746FE0 mov eax, dword ptr fs:[00000030h] 3_2_1D746FE0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804F1D mov eax, dword ptr fs:[00000030h] 3_2_1D804F1D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D729FD0 mov eax, dword ptr fs:[00000030h] 3_2_1D729FD0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFFDC mov eax, dword ptr fs:[00000030h] 3_2_1D7AFFDC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFFDC mov eax, dword ptr fs:[00000030h] 3_2_1D7AFFDC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFFDC mov eax, dword ptr fs:[00000030h] 3_2_1D7AFFDC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFFDC mov ecx, dword ptr fs:[00000030h] 3_2_1D7AFFDC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFFDC mov eax, dword ptr fs:[00000030h] 3_2_1D7AFFDC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFFDC mov eax, dword ptr fs:[00000030h] 3_2_1D7AFFDC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EEFD3 mov eax, dword ptr fs:[00000030h] 3_2_1D7EEFD3
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72BFC0 mov eax, dword ptr fs:[00000030h] 3_2_1D72BFC0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B1FC9 mov eax, dword ptr fs:[00000030h] 3_2_1D7B1FC9
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D734FB6 mov eax, dword ptr fs:[00000030h] 3_2_1D734FB6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75CFB0 mov eax, dword ptr fs:[00000030h] 3_2_1D75CFB0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75CFB0 mov eax, dword ptr fs:[00000030h] 3_2_1D75CFB0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D768FBC mov eax, dword ptr fs:[00000030h] 3_2_1D768FBC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D731FAA mov eax, dword ptr fs:[00000030h] 3_2_1D731FAA
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov ecx, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D740F90 mov eax, dword ptr fs:[00000030h] 3_2_1D740F90
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75BF93 mov eax, dword ptr fs:[00000030h] 3_2_1D75BF93
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F8B mov eax, dword ptr fs:[00000030h] 3_2_1D7B8F8B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F8B mov eax, dword ptr fs:[00000030h] 3_2_1D7B8F8B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B8F8B mov eax, dword ptr fs:[00000030h] 3_2_1D7B8F8B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804F7C mov eax, dword ptr fs:[00000030h] 3_2_1D804F7C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D731E70 mov eax, dword ptr fs:[00000030h] 3_2_1D731E70
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EEE78 mov eax, dword ptr fs:[00000030h] 3_2_1D7EEE78
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76CE70 mov eax, dword ptr fs:[00000030h] 3_2_1D76CE70
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D767E71 mov eax, dword ptr fs:[00000030h] 3_2_1D767E71
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72BE60 mov eax, dword ptr fs:[00000030h] 3_2_1D72BE60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72BE60 mov eax, dword ptr fs:[00000030h] 3_2_1D72BE60
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0E6D mov eax, dword ptr fs:[00000030h] 3_2_1D7E0E6D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ADE50 mov eax, dword ptr fs:[00000030h] 3_2_1D7ADE50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ADE50 mov eax, dword ptr fs:[00000030h] 3_2_1D7ADE50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ADE50 mov ecx, dword ptr fs:[00000030h] 3_2_1D7ADE50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ADE50 mov eax, dword ptr fs:[00000030h] 3_2_1D7ADE50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ADE50 mov eax, dword ptr fs:[00000030h] 3_2_1D7ADE50
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72FE40 mov eax, dword ptr fs:[00000030h] 3_2_1D72FE40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72AE40 mov eax, dword ptr fs:[00000030h] 3_2_1D72AE40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72AE40 mov eax, dword ptr fs:[00000030h] 3_2_1D72AE40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72AE40 mov eax, dword ptr fs:[00000030h] 3_2_1D72AE40
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72DE45 mov eax, dword ptr fs:[00000030h] 3_2_1D72DE45
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72DE45 mov ecx, dword ptr fs:[00000030h] 3_2_1D72DE45
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75EE48 mov eax, dword ptr fs:[00000030h] 3_2_1D75EE48
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804EC1 mov eax, dword ptr fs:[00000030h] 3_2_1D804EC1
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D732E32 mov eax, dword ptr fs:[00000030h] 3_2_1D732E32
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76CE3F mov eax, dword ptr fs:[00000030h] 3_2_1D76CE3F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C6E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C6E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C6E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C6E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C5E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C5E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C5E30 mov ecx, dword ptr fs:[00000030h] 3_2_1D7C5E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C5E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C5E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C5E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C5E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C5E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C5E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7C5E30 mov eax, dword ptr fs:[00000030h] 3_2_1D7C5E30
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F8E26 mov eax, dword ptr fs:[00000030h] 3_2_1D7F8E26
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F8E26 mov eax, dword ptr fs:[00000030h] 3_2_1D7F8E26
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F8E26 mov eax, dword ptr fs:[00000030h] 3_2_1D7F8E26
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F8E26 mov eax, dword ptr fs:[00000030h] 3_2_1D7F8E26
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D768E15 mov eax, dword ptr fs:[00000030h] 3_2_1D768E15
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFE1F mov eax, dword ptr fs:[00000030h] 3_2_1D7AFE1F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFE1F mov eax, dword ptr fs:[00000030h] 3_2_1D7AFE1F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFE1F mov eax, dword ptr fs:[00000030h] 3_2_1D7AFE1F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AFE1F mov eax, dword ptr fs:[00000030h] 3_2_1D7AFE1F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733E14 mov eax, dword ptr fs:[00000030h] 3_2_1D733E14
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733E14 mov eax, dword ptr fs:[00000030h] 3_2_1D733E14
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733E14 mov eax, dword ptr fs:[00000030h] 3_2_1D733E14
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72BE18 mov ecx, dword ptr fs:[00000030h] 3_2_1D72BE18
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733E01 mov eax, dword ptr fs:[00000030h] 3_2_1D733E01
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736E00 mov eax, dword ptr fs:[00000030h] 3_2_1D736E00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736E00 mov eax, dword ptr fs:[00000030h] 3_2_1D736E00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736E00 mov eax, dword ptr fs:[00000030h] 3_2_1D736E00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736E00 mov eax, dword ptr fs:[00000030h] 3_2_1D736E00
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D3EFC mov eax, dword ptr fs:[00000030h] 3_2_1D7D3EFC
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CEF0 mov eax, dword ptr fs:[00000030h] 3_2_1D72CEF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CEF0 mov eax, dword ptr fs:[00000030h] 3_2_1D72CEF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CEF0 mov eax, dword ptr fs:[00000030h] 3_2_1D72CEF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CEF0 mov eax, dword ptr fs:[00000030h] 3_2_1D72CEF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CEF0 mov eax, dword ptr fs:[00000030h] 3_2_1D72CEF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72CEF0 mov eax, dword ptr fs:[00000030h] 3_2_1D72CEF0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804E03 mov eax, dword ptr fs:[00000030h] 3_2_1D804E03
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D733EE2 mov eax, dword ptr fs:[00000030h] 3_2_1D733EE2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EEEE7 mov eax, dword ptr fs:[00000030h] 3_2_1D7EEEE7
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D761EED mov eax, dword ptr fs:[00000030h] 3_2_1D761EED
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D761EED mov eax, dword ptr fs:[00000030h] 3_2_1D761EED
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D761EED mov eax, dword ptr fs:[00000030h] 3_2_1D761EED
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D732EE8 mov eax, dword ptr fs:[00000030h] 3_2_1D732EE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D732EE8 mov eax, dword ptr fs:[00000030h] 3_2_1D732EE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D732EE8 mov eax, dword ptr fs:[00000030h] 3_2_1D732EE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D732EE8 mov eax, dword ptr fs:[00000030h] 3_2_1D732EE8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76BED0 mov eax, dword ptr fs:[00000030h] 3_2_1D76BED0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F9ED2 mov eax, dword ptr fs:[00000030h] 3_2_1D7F9ED2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D771ED8 mov eax, dword ptr fs:[00000030h] 3_2_1D771ED8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B7EC3 mov eax, dword ptr fs:[00000030h] 3_2_1D7B7EC3
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B7EC3 mov ecx, dword ptr fs:[00000030h] 3_2_1D7B7EC3
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov eax, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov eax, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov eax, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov ecx, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D741EB2 mov eax, dword ptr fs:[00000030h] 3_2_1D741EB2
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762EB8 mov eax, dword ptr fs:[00000030h] 3_2_1D762EB8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762EB8 mov eax, dword ptr fs:[00000030h] 3_2_1D762EB8
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F0EAD mov eax, dword ptr fs:[00000030h] 3_2_1D7F0EAD
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F0EAD mov eax, dword ptr fs:[00000030h] 3_2_1D7F0EAD
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76CEA0 mov eax, dword ptr fs:[00000030h] 3_2_1D76CEA0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D804E62 mov eax, dword ptr fs:[00000030h] 3_2_1D804E62
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75BE80 mov eax, dword ptr fs:[00000030h] 3_2_1D75BE80
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AE89 mov eax, dword ptr fs:[00000030h] 3_2_1D75AE89
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75AE89 mov eax, dword ptr fs:[00000030h] 3_2_1D75AE89
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D736970 mov eax, dword ptr fs:[00000030h] 3_2_1D736970
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74096B mov eax, dword ptr fs:[00000030h] 3_2_1D74096B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D74096B mov eax, dword ptr fs:[00000030h] 3_2_1D74096B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D754955 mov eax, dword ptr fs:[00000030h] 3_2_1D754955
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D754955 mov eax, dword ptr fs:[00000030h] 3_2_1D754955
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B395B mov eax, dword ptr fs:[00000030h] 3_2_1D7B395B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B395B mov eax, dword ptr fs:[00000030h] 3_2_1D7B395B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B395B mov eax, dword ptr fs:[00000030h] 3_2_1D7B395B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B950 mov eax, dword ptr fs:[00000030h] 3_2_1D73B950
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B950 mov ecx, dword ptr fs:[00000030h] 3_2_1D73B950
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B950 mov eax, dword ptr fs:[00000030h] 3_2_1D73B950
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B950 mov eax, dword ptr fs:[00000030h] 3_2_1D73B950
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B950 mov eax, dword ptr fs:[00000030h] 3_2_1D73B950
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B950 mov eax, dword ptr fs:[00000030h] 3_2_1D73B950
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C958 mov eax, dword ptr fs:[00000030h] 3_2_1D76C958
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C944 mov eax, dword ptr fs:[00000030h] 3_2_1D76C944
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75D940 mov eax, dword ptr fs:[00000030h] 3_2_1D75D940
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75D940 mov eax, dword ptr fs:[00000030h] 3_2_1D75D940
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7FD946 mov eax, dword ptr fs:[00000030h] 3_2_1D7FD946
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ED947 mov eax, dword ptr fs:[00000030h] 3_2_1D7ED947
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75E94E mov eax, dword ptr fs:[00000030h] 3_2_1D75E94E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D78693A mov eax, dword ptr fs:[00000030h] 3_2_1D78693A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D78693A mov eax, dword ptr fs:[00000030h] 3_2_1D78693A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D78693A mov eax, dword ptr fs:[00000030h] 3_2_1D78693A
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72B931 mov eax, dword ptr fs:[00000030h] 3_2_1D72B931
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72B931 mov eax, dword ptr fs:[00000030h] 3_2_1D72B931
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D759938 mov ecx, dword ptr fs:[00000030h] 3_2_1D759938
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D8029CF mov eax, dword ptr fs:[00000030h] 3_2_1D8029CF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D8029CF mov eax, dword ptr fs:[00000030h] 3_2_1D8029CF
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F892E mov eax, dword ptr fs:[00000030h] 3_2_1D7F892E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7F892E mov eax, dword ptr fs:[00000030h] 3_2_1D7F892E
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D765921 mov eax, dword ptr fs:[00000030h] 3_2_1D765921
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D765921 mov ecx, dword ptr fs:[00000030h] 3_2_1D765921
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D765921 mov eax, dword ptr fs:[00000030h] 3_2_1D765921
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D765921 mov eax, dword ptr fs:[00000030h] 3_2_1D765921
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AC920 mov ecx, dword ptr fs:[00000030h] 3_2_1D7AC920
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AC920 mov eax, dword ptr fs:[00000030h] 3_2_1D7AC920
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AC920 mov eax, dword ptr fs:[00000030h] 3_2_1D7AC920
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7AC920 mov eax, dword ptr fs:[00000030h] 3_2_1D7AC920
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D727917 mov eax, dword ptr fs:[00000030h] 3_2_1D727917
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D786912 mov eax, dword ptr fs:[00000030h] 3_2_1D786912
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762919 mov eax, dword ptr fs:[00000030h] 3_2_1D762919
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D762919 mov eax, dword ptr fs:[00000030h] 3_2_1D762919
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7299F0 mov ecx, dword ptr fs:[00000030h] 3_2_1D7299F0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7309F0 mov eax, dword ptr fs:[00000030h] 3_2_1D7309F0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7649F0 mov eax, dword ptr fs:[00000030h] 3_2_1D7649F0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7649F0 mov eax, dword ptr fs:[00000030h] 3_2_1D7649F0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75B9FA mov eax, dword ptr fs:[00000030h] 3_2_1D75B9FA
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7D99D6 mov ecx, dword ptr fs:[00000030h] 3_2_1D7D99D6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D80492D mov eax, dword ptr fs:[00000030h] 3_2_1D80492D
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B9C0 mov eax, dword ptr fs:[00000030h] 3_2_1D73B9C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73B9C0 mov eax, dword ptr fs:[00000030h] 3_2_1D73B9C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7389C0 mov eax, dword ptr fs:[00000030h] 3_2_1D7389C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7389C0 mov eax, dword ptr fs:[00000030h] 3_2_1D7389C0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7ED9C6 mov eax, dword ptr fs:[00000030h] 3_2_1D7ED9C6
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75D9CE mov eax, dword ptr fs:[00000030h] 3_2_1D75D9CE
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7BD9C7 mov eax, dword ptr fs:[00000030h] 3_2_1D7BD9C7
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72B9B0 mov eax, dword ptr fs:[00000030h] 3_2_1D72B9B0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7689B0 mov edx, dword ptr fs:[00000030h] 3_2_1D7689B0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7BF9AA mov eax, dword ptr fs:[00000030h] 3_2_1D7BF9AA
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7BF9AA mov eax, dword ptr fs:[00000030h] 3_2_1D7BF9AA
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73E9A0 mov eax, dword ptr fs:[00000030h] 3_2_1D73E9A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7B89A0 mov eax, dword ptr fs:[00000030h] 3_2_1D7B89A0
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C98F mov eax, dword ptr fs:[00000030h] 3_2_1D76C98F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C98F mov eax, dword ptr fs:[00000030h] 3_2_1D76C98F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C98F mov eax, dword ptr fs:[00000030h] 3_2_1D76C98F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73F870 mov eax, dword ptr fs:[00000030h] 3_2_1D73F870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D73F870 mov eax, dword ptr fs:[00000030h] 3_2_1D73F870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D749870 mov eax, dword ptr fs:[00000030h] 3_2_1D749870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D749870 mov eax, dword ptr fs:[00000030h] 3_2_1D749870
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DF85F mov eax, dword ptr fs:[00000030h] 3_2_1D7DF85F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DF85F mov eax, dword ptr fs:[00000030h] 3_2_1D7DF85F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7DF85F mov eax, dword ptr fs:[00000030h] 3_2_1D7DF85F
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7BF85C mov eax, dword ptr fs:[00000030h] 3_2_1D7BF85C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7BF85C mov eax, dword ptr fs:[00000030h] 3_2_1D7BF85C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7BF85C mov eax, dword ptr fs:[00000030h] 3_2_1D7BF85C
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7E0835 mov eax, dword ptr fs:[00000030h] 3_2_1D7E0835
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D75B839 mov eax, dword ptr fs:[00000030h] 3_2_1D75B839
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D7EF82B mov eax, dword ptr fs:[00000030h] 3_2_1D7EF82B
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72D818 mov eax, dword ptr fs:[00000030h] 3_2_1D72D818
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C819 mov eax, dword ptr fs:[00000030h] 3_2_1D76C819
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D76C819 mov eax, dword ptr fs:[00000030h] 3_2_1D76C819
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D72D800 mov eax, dword ptr fs:[00000030h] 3_2_1D72D800
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743800 mov eax, dword ptr fs:[00000030h] 3_2_1D743800
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D743800 mov eax, dword ptr fs:[00000030h] 3_2_1D743800
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 3_2_1D772D10 NtQuerySystemInformation,LdrInitializeThunk, 3_2_1D772D10
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Process created: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe "C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe" Jump to behavior
Source: C:\Users\user\Desktop\EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe Code function: 0_2_0040350A EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040350A
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 632597 Sample: EUR_Cert_3883774784847_CMR8... Startdate: 23/05/2022 Architecture: WINDOWS Score: 88 19 graphicdes.com 2->19 23 Snort IDS alert for network traffic 2->23 25 Found malware configuration 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 4 other signatures 2->29 7 EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe 9 29 2->7         started        signatures3 process4 file5 15 C:\Users\user\AppData\Local\...\System.dll, PE32 7->15 dropped 17 C:\Users\user\AppData\...\System.Net.Quic.dll, PE32+ 7->17 dropped 31 Tries to detect Any.run 7->31 11 EUR_Cert_3883774784847_CMR8494849.pdf.scr.exe 6 7->11         started        signatures6 process7 dnsIp8 21 graphicdes.com 166.62.28.114, 49734, 80 AS-26496-GO-DADDY-COM-LLCUS United States 11->21 33 Tries to detect Any.run 11->33 signatures9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
166.62.28.114
 graphicdes.com United States
26496 AS-26496-GO-DADDY-COM-LLCUS true

Contacted Domains

Name IP Active
dual-a-0001.dc-msedge.net 131.253.33.200 true
e-0009.e-msedge.net 13.107.5.88 true
graphicdes.com 166.62.28.114 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://graphicdes.com/bin_MpLvP21.bin true
  • Avira URL Cloud: safe
 unknown