Windows Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Analysis ID:	634994
MD5:	7f369d460c84146944c3c12bf83901af
SHA1:	29ea3441429d555ddfd0fd8d5973aab0f9ea2663
SHA256:	a5e095edbdf743431c5e866c01c3a592fc5a7ddf6bfb617d72f81181743adf3a
Infos:

Detection

GuLoader

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Yara detected GuLoader

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

Contains functionality for execution timing, often used to detect debuggers

Abnormal high CPU Usage

PE file does not import any functions

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Contains functionality to enumerate device drivers

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Signatures

AV Detection

Found malware configuration

Source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://hustlecreate.com/a1/binned_SsGEV34.bin"}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Virustotal: Detection: 19%			Perma Link
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	ReversingLabs: Detection: 12%

Uses 32bit PE files

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardheartedly12

Jump to behavior

Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: mshtml.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: mshtml.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.2.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	2_2_00405C49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00406873 FindFirstFileW,FindClose,	2_2_00406873
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_0040290B FindFirstFileW,	2_2_0040290B

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://hustlecreate.com/a1/binned_SsGEV34.bin

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /a1/binned_SsGEV34.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: hustlecreate.comCache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: vm3dc003.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205924860705.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926637739.00000000019B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205921193564.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649904361.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926200904.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925287313.00000000019B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205924860705.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926637739.00000000019B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205921193564.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649904361.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926200904.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925287313.00000000019B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, uninstalla.exe.2.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0L
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://s2.symcb.com0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://sv.symcd.com0&
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792807270.0000000000626000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://www.vmware.com/0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.vmware.com/0/
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: System.Runtime.CompilerServices.VisualC.dll.2.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: System.Runtime.CompilerServices.VisualC.dll.2.dr	String found in binary or memory: https://github.com/dotnet/runtimeBSJB
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.bin
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.bin42
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.binY
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: vm3dc003.dll.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: vm3dc003.dll.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0

Source: unknown

DNS traffic detected: queries for: hustlecreate.com

Source: global traffic

HTTP traffic detected: GET /a1/binned_SsGEV34.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: hustlecreate.comCache-Control: no-cache

Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

2_2_004056DE

Uses 32bit PE files

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

2_2_0040352D

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_0040755C	2_2_0040755C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00406D85	2_2_00406D85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_713C1BFF	2_2_713C1BFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB9DB7	2_2_02AB9DB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB82A1	2_2_02AB82A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAECBE	2_2_02AAECBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABCAB0	2_2_02ABCAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEECD	2_2_02AAEECD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEC23	2_2_02AAEC23
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEE0E	2_2_02AAEE0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEC6A	2_2_02AAEC6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAF047	2_2_02AAF047
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEFFF	2_2_02AAEFFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB292D	2_2_02AB292D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABAF38	2_2_02ABAF38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEF79	2_2_02AAEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAE573	2_2_02AAE573
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAED77	2_2_02AAED77
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABAB40	2_2_02ABAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB9758	2_2_02AB9758
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0D69	4_2_1D7E0D69
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9DD0	4_2_1D7E9DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FD27	4_2_1D89FD27
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D897D4C	4_2_1D897D4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F2DB0	4_2_1D7F2DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8AACEB	4_2_1D8AACEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C12	4_2_1D7D0C12
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FFCE0	4_2_1D7FFCE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8CDF	4_2_1D7F8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EC4C	4_2_1D88EC4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D896C69	4_2_1D896C69
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89EC60	4_2_1D89EC60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89EFBF	4_2_1D89EFBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D891FC6	4_2_1D891FC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7ECF00	4_2_1D7ECF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FF63	4_2_1D89FF63
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D890EAD	4_2_1D890EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D899ED2	4_2_1D899ED2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D800E50	4_2_1D800E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89E9A6	4_2_1D89E9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8259C0	4_2_1D8259C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A99E8	4_2_1D7A99E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9870	4_2_1D7E9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB870	4_2_1D7FB870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6868	4_2_1D7C6868
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8598B2	4_2_1D8598B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8978F3	4_2_1D8978F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80E810	4_2_1D80E810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880835	4_2_1D880835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E28C0	4_2_1D7E28C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F872	4_2_1D89F872
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F6882	4_2_1D7F6882
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D854BC0	4_2_1D854BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0B10	4_2_1D7E0B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FB2E	4_2_1D89FB2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FA89	4_2_1D89FA89
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89CA13	4_2_1D89CA13
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89EA5B	4_2_1D89EA5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FFAA0	4_2_1D7FFAA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F5C9	4_2_1D89F5C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8975C6	4_2_1D8975C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8AA526	4_2_1D8AA526
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0445	4_2_1D7E0445
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E2760	4_2_1D7E2760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EA760	4_2_1D7EA760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D896757	4_2_1D896757
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89A6C0	4_2_1D89A6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8536EC	4_2_1D8536EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F6F6	4_2_1D89F6F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FC600	4_2_1D7FC600
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DC6E0	4_2_1D7DC6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87D62C	4_2_1D87D62C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88D646	4_2_1D88D646
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D804670	4_2_1D804670
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0680	4_2_1D7E0680
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CF113	4_2_1D7CF113
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A010E	4_2_1D8A010E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB1E0	4_2_1D7FB1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87D130	4_2_1D87D130
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E51C0	4_2_1D7E51C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82717A	4_2_1D82717A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81508C	4_2_1D81508C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8970F1	4_2_1D8970F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EB0D0	4_2_1D7EB0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D00A0	4_2_1D7D00A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88E076	4_2_1D88E076
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EE310	4_2_1D7EE310
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F330	4_2_1D89F330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1380	4_2_1D7D1380
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A2245	4_2_1D7A2245
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CD2EC	4_2_1D7CD2EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89124C	4_2_1D89124C

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D827BE4 appears 87 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D85EF10 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D815050 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D84E692 appears 84 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D7CB910 appears 266 times

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABBEBC NtProtectVirtualMemory,	2_2_02ABBEBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB9DB7 NtAllocateVirtualMemory,	2_2_02AB9DB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812D10 NtQuerySystemInformation,LdrInitializeThunk,	4_2_1D812D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B90 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_1D812B90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B10 NtAllocateVirtualMemory,LdrInitializeThunk,	4_2_1D812B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812DA0 NtReadVirtualMemory,	4_2_1D812DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812DC0 NtAdjustPrivilegesToken,	4_2_1D812DC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812D50 NtWriteVirtualMemory,	4_2_1D812D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D813C90 NtOpenThread,	4_2_1D813C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812CD0 NtEnumerateKey,	4_2_1D812CD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812CF0 NtDelayExecution,	4_2_1D812CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C10 NtOpenProcess,	4_2_1D812C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C20 NtSetInformationFile,	4_2_1D812C20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C30 NtMapViewOfSection,	4_2_1D812C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D813C30 NtOpenProcessToken,	4_2_1D813C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C50 NtUnmapViewOfSection,	4_2_1D812C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812FB0 NtSetValueKey,	4_2_1D812FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812F00 NtCreateFile,	4_2_1D812F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812F30 NtOpenDirectoryObject,	4_2_1D812F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812E80 NtCreateProcessEx,	4_2_1D812E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812EB0 NtProtectVirtualMemory,	4_2_1D812EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812EC0 NtQuerySection,	4_2_1D812EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812ED0 NtResumeThread,	4_2_1D812ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812E00 NtQueueApcThread,	4_2_1D812E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812E50 NtCreateSection,	4_2_1D812E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8129D0 NtWaitForSingleObject,	4_2_1D8129D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8129F0 NtReadFile,	4_2_1D8129F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8138D0 NtGetContextThread,	4_2_1D8138D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B80 NtCreateKey,	4_2_1D812B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812BC0 NtQueryInformationToken,	4_2_1D812BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812BE0 NtQueryVirtualMemory,	4_2_1D812BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B00 NtQueryValueKey,	4_2_1D812B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B20 NtQueryInformationProcess,	4_2_1D812B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812A80 NtClose,	4_2_1D812A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812AA0 NtQueryInformationFile,	4_2_1D812AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812AC0 NtEnumerateValueKey,	4_2_1D812AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812A10 NtWriteFile,	4_2_1D812A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D814570 NtSuspendThread,	4_2_1D814570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8134E0 NtCreateMutant,	4_2_1D8134E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D814260 NtSetContextThread,	4_2_1D814260
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_01671468 NtAllocateVirtualMemory,	4_2_01671468

PE file contains executable resources (Code or Archives)

Source: System.Runtime.CompilerServices.VisualC.dll.2.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Process Stats: CPU usage > 98%

PE file does not import any functions

Source: System.Runtime.CompilerServices.VisualC.dll.2.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamevm3dc003.dll> vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205923926041.000000001D56F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205930970835.000000001D720000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210674141310.000000001DA70000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

PE file contains strange resources

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uninstalla.exe.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Virustotal: Detection: 19%
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	ReversingLabs: Detection: 12%

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

2_2_0040352D

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File created: C:\Users\user\AppData\Local\Temp\nsaAD54.tmp

Jump to behavior

Source: classification engine

Classification label: mal84.troj.evad.winEXE@3/11@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_004021AA CoCreateInstance,

2_2_004021AA

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

2_2_0040498A

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File written: C:\Users\user\AppData\Local\Temp\Exolve.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardheartedly12

Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: mshtml.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: mshtml.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.2.dr

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.205790119879.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_713C30C0 push eax; ret	2_2_713C30EE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAAF16 push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AACCD6 pushad ; iretd	2_2_02AACCD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAB002 push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAB01E push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB59DA pushad ; iretd	2_2_02AB59FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAA52F push cs; iretd	2_2_02AAA532
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAAF73 push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAAF4E push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAA158 push ebp; retn 0008h	2_2_02AAA159
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D08CD push ecx; mov dword ptr [esp], ecx	4_2_1D7D08D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A97A1 push es; iretd	4_2_1D7A97A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A21AD pushad ; retf 0004h	4_2_1D7A223F

PE file contains sections with non-standard names

Source: vm3dc003.dll.2.dr	Static PE information: section name: .didat
Source: vm3dc003.dll.2.dr	Static PE information: section name: .gehcont
Source: vm3dc003.dll.2.dr	Static PE information: section name: _RDATA

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

2_2_713C1BFF

PE file contains an invalid checksum

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: real checksum: 0x0 should be: 0xe7640
Source: System.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0x3d68
Source: uninstalla.exe.2.dr	Static PE information: real checksum: 0x3f1bf6 should be: 0x4a8b4

Binary contains a suspicious time stamp

Source: System.Runtime.CompilerServices.VisualC.dll.2.dr

Static PE information: 0xC22B5F28 [Fri Mar 24 23:05:12 2073 UTC]

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\uninstalla.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\vm3dc003.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: download (31).png

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect Any.run

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\uninstalla.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vm3dc003.dll	Jump to dropped file

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_02AA8BEA rdtsc

2_2_02AA8BEA

Contains functionality to enumerate device drivers

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: K32EnumDeviceDrivers,

2_2_02ABC48A

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	2_2_00405C49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00406873 FindFirstFileW,FindClose,	2_2_00406873
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_0040290B FindFirstFileW,	2_2_0040290B

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	API call chain: ExitProcess graph end node

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: vm3dc003.dll.2.dr	Binary or memory string: http://www.vmware.com/0
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.1!0
Source: vm3dc003.dll.2.dr	Binary or memory string: %s: VMToolsRegistry Not set.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: vm3dc003.dll.2.dr	Binary or memory string: http://www.vmware.com/0/
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205927120983.000000000199C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649789523.000000000199C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925848448.000000000199C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.1
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.0
Source: vm3dc003.dll.2.dr	Binary or memory string: ProductNameVMware SVGA 3D`
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: vm3dc003.dll.2.dr	Binary or memory string: LegalCopyrightCopyright (C) 1998-2021 VMware, Inc.B
Source: vm3dc003.dll.2.dr	Binary or memory string: {4d36e968-e325-11ce-bfc1-08002be10318}SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}CoInstallers32SOFTWARE\Microsoft\Windows\CurrentVersion\RunVMware VM3DService ProcessRegDeleteValue failed (0x%lx).
Source: vm3dc003.dll.2.dr	Binary or memory string: noreply@vmware.com0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: vm3dc003.dll.2.dr	Binary or memory string: dbghelp.dllSoftware\VMware, Inc.\VMware SVGADebugSearchPathBacktrace[%2d] rip=%p %s+%#x %s:%d
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: vm3dc003.dll.2.dr	Binary or memory string: FileDescriptionVMware SVGA 3D Coinstaller:
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: vm3dc003.dll.2.dr	Binary or memory string: Software\VMware, Inc.\VMware SVGA
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: vm3dc003.dll.2.dr	Binary or memory string: CompanyNameVMware, Inc.^
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

2_2_713C1BFF

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_02AA8BEA rdtsc

2_2_02AA8BEA

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB98FA mov eax, dword ptr fs:[00000030h]	2_2_02AB98FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB904B mov eax, dword ptr fs:[00000030h]	2_2_02AB904B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABAF38 mov eax, dword ptr fs:[00000030h]	2_2_02ABAF38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E5D60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E5D60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4DA7 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4DA7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1D50 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1D50 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]	4_2_1D7EDD4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]	4_2_1D7EDD4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]	4_2_1D7EDD4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9D46 mov eax, dword ptr fs:[00000030h]	4_2_1D7C9D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9D46 mov eax, dword ptr fs:[00000030h]	4_2_1D7C9D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9D46 mov ecx, dword ptr fs:[00000030h]	4_2_1D7C9D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802DBC mov eax, dword ptr fs:[00000030h]	4_2_1D802DBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802DBC mov ecx, dword ptr fs:[00000030h]	4_2_1D802DBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CFD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7CFD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88ADD6 mov eax, dword ptr fs:[00000030h]	4_2_1D88ADD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88ADD6 mov eax, dword ptr fs:[00000030h]	4_2_1D88ADD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov ecx, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89CDEB mov eax, dword ptr fs:[00000030h]	4_2_1D89CDEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89CDEB mov eax, dword ptr fs:[00000030h]	4_2_1D89CDEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCD10 mov eax, dword ptr fs:[00000030h]	4_2_1D7FCD10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCD10 mov ecx, dword ptr fs:[00000030h]	4_2_1D7FCD10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F0D01 mov eax, dword ptr fs:[00000030h]	4_2_1D7F0D01
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88BD08 mov eax, dword ptr fs:[00000030h]	4_2_1D88BD08
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88BD08 mov eax, dword ptr fs:[00000030h]	4_2_1D88BD08
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEDFA mov eax, dword ptr fs:[00000030h]	4_2_1D7CEDFA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D868D0A mov eax, dword ptr fs:[00000030h]	4_2_1D868D0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FFDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FFDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C8DCD mov eax, dword ptr fs:[00000030h]	4_2_1D7C8DCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4D4B mov eax, dword ptr fs:[00000030h]	4_2_1D8A4D4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895D43 mov eax, dword ptr fs:[00000030h]	4_2_1D895D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895D43 mov eax, dword ptr fs:[00000030h]	4_2_1D895D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D7DB6 mov eax, dword ptr fs:[00000030h]	4_2_1D7D7DB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDDB0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CDDB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6DA6 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6DA6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851D5E mov eax, dword ptr fs:[00000030h]	4_2_1D851D5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6D91 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6D91
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A5D65 mov eax, dword ptr fs:[00000030h]	4_2_1D8A5D65
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BD71 mov eax, dword ptr fs:[00000030h]	4_2_1D80BD71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BD71 mov eax, dword ptr fs:[00000030h]	4_2_1D80BD71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCD8A mov eax, dword ptr fs:[00000030h]	4_2_1D7CCD8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCD8A mov eax, dword ptr fs:[00000030h]	4_2_1D7CCD8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D0C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D0C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D0C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCC68 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCC68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88FC95 mov eax, dword ptr fs:[00000030h]	4_2_1D88FC95
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov ecx, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDC40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CDC40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C40 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D806CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D806CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C8C3D mov eax, dword ptr fs:[00000030h]	4_2_1D7C8C3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D809CCF mov eax, dword ptr fs:[00000030h]	4_2_1D809CCF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CCD1 mov ecx, dword ptr fs:[00000030h]	4_2_1D80CCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D80CCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D80CCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov ecx, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4CD2 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4CD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C20 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FECF3 mov eax, dword ptr fs:[00000030h]	4_2_1D7FECF3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FECF3 mov eax, dword ptr fs:[00000030h]	4_2_1D7FECF3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7CF1 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7CF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3CF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3CF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8CDF mov eax, dword ptr fs:[00000030h]	4_2_1D7F8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8CDF mov eax, dword ptr fs:[00000030h]	4_2_1D7F8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895C38 mov eax, dword ptr fs:[00000030h]	4_2_1D895C38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895C38 mov ecx, dword ptr fs:[00000030h]	4_2_1D895C38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DFCC9 mov eax, dword ptr fs:[00000030h]	4_2_1D7DFCC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D804C3D mov eax, dword ptr fs:[00000030h]	4_2_1D804C3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D853C57 mov eax, dword ptr fs:[00000030h]	4_2_1D853C57
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4C59 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4C59
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D7C95 mov eax, dword ptr fs:[00000030h]	4_2_1D7D7C95
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D7C95 mov eax, dword ptr fs:[00000030h]	4_2_1D7D7C95
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BC6E mov eax, dword ptr fs:[00000030h]	4_2_1D80BC6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BC6E mov eax, dword ptr fs:[00000030h]	4_2_1D80BC6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]	4_2_1D7CEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]	4_2_1D7CEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]	4_2_1D7CEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBF70 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBF70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1F70 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1F70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAF72 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAF72
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]	4_2_1D858F8B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]	4_2_1D858F8B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]	4_2_1D858F8B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D808FBC mov eax, dword ptr fs:[00000030h]	4_2_1D808FBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CFF30 mov edi, dword ptr fs:[00000030h]	4_2_1D7CFF30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov ecx, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EFD3 mov eax, dword ptr fs:[00000030h]	4_2_1D88EFD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4FFF mov eax, dword ptr fs:[00000030h]	4_2_1D8A4FFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7ECF00 mov eax, dword ptr fs:[00000030h]	4_2_1D7ECF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7ECF00 mov eax, dword ptr fs:[00000030h]	4_2_1D7ECF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8FFB mov eax, dword ptr fs:[00000030h]	4_2_1D7F8FFB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]	4_2_1D84FF03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]	4_2_1D84FF03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]	4_2_1D84FF03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]	4_2_1D80BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]	4_2_1D80BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]	4_2_1D80BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4F1D mov eax, dword ptr fs:[00000030h]	4_2_1D8A4F1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9FD0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C9FD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov eax, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov eax, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov ecx, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov ecx, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBFC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBFC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88BF4D mov eax, dword ptr fs:[00000030h]	4_2_1D88BF4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D4FB6 mov eax, dword ptr fs:[00000030h]	4_2_1D7D4FB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCFB0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FCFB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCFB0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FCFB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1FAA mov eax, dword ptr fs:[00000030h]	4_2_1D7D1FAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88AF50 mov ecx, dword ptr fs:[00000030h]	4_2_1D88AF50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FBF93 mov eax, dword ptr fs:[00000030h]	4_2_1D7FBF93
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EF66 mov eax, dword ptr fs:[00000030h]	4_2_1D88EF66
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4F7C mov eax, dword ptr fs:[00000030h]	4_2_1D8A4F7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1E70 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1E70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBE60 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBE60 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CEA0 mov eax, dword ptr fs:[00000030h]	4_2_1D80CEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D890EAD mov eax, dword ptr fs:[00000030h]	4_2_1D890EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D890EAD mov eax, dword ptr fs:[00000030h]	4_2_1D890EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FEE48 mov eax, dword ptr fs:[00000030h]	4_2_1D7FEE48
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802EB8 mov eax, dword ptr fs:[00000030h]	4_2_1D802EB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802EB8 mov eax, dword ptr fs:[00000030h]	4_2_1D802EB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDE45 mov eax, dword ptr fs:[00000030h]	4_2_1D7CDE45
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDE45 mov ecx, dword ptr fs:[00000030h]	4_2_1D7CDE45
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CFE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CFE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CAE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CAE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CAE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4EC1 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4EC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2E32 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2E32
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BED0 mov eax, dword ptr fs:[00000030h]	4_2_1D80BED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D811ED8 mov eax, dword ptr fs:[00000030h]	4_2_1D811ED8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D899ED2 mov eax, dword ptr fs:[00000030h]	4_2_1D899ED2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBE18 mov ecx, dword ptr fs:[00000030h]	4_2_1D7CBE18
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]	4_2_1D801EED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]	4_2_1D801EED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]	4_2_1D801EED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EEE7 mov eax, dword ptr fs:[00000030h]	4_2_1D88EEE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D873EFC mov eax, dword ptr fs:[00000030h]	4_2_1D873EFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E01 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E01
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4E03 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4E03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D808E15 mov eax, dword ptr fs:[00000030h]	4_2_1D808E15
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3EE2 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3EE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D866E30 mov eax, dword ptr fs:[00000030h]	4_2_1D866E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D866E30 mov eax, dword ptr fs:[00000030h]	4_2_1D866E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov ecx, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CE3F mov eax, dword ptr fs:[00000030h]	4_2_1D80CE3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4E62 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4E62
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EE78 mov eax, dword ptr fs:[00000030h]	4_2_1D88EE78
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CE70 mov eax, dword ptr fs:[00000030h]	4_2_1D80CE70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D807E71 mov eax, dword ptr fs:[00000030h]	4_2_1D807E71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAE89 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAE89
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAE89 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAE89
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FBE80 mov eax, dword ptr fs:[00000030h]	4_2_1D7FBE80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]	4_2_1D80C98F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]	4_2_1D80C98F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]	4_2_1D80C98F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E096B mov eax, dword ptr fs:[00000030h]	4_2_1D7E096B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E096B mov eax, dword ptr fs:[00000030h]	4_2_1D7E096B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F4955 mov eax, dword ptr fs:[00000030h]	4_2_1D7F4955
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F4955 mov eax, dword ptr fs:[00000030h]	4_2_1D7F4955
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov ecx, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85F9AA mov eax, dword ptr fs:[00000030h]	4_2_1D85F9AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85F9AA mov eax, dword ptr fs:[00000030h]	4_2_1D85F9AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8089B0 mov edx, dword ptr fs:[00000030h]	4_2_1D8089B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FE94E mov eax, dword ptr fs:[00000030h]	4_2_1D7FE94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD940 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD940 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85D9C7 mov eax, dword ptr fs:[00000030h]	4_2_1D85D9C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A29CF mov eax, dword ptr fs:[00000030h]	4_2_1D8A29CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A29CF mov eax, dword ptr fs:[00000030h]	4_2_1D8A29CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F9938 mov ecx, dword ptr fs:[00000030h]	4_2_1D7F9938
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CB931 mov eax, dword ptr fs:[00000030h]	4_2_1D7CB931
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CB931 mov eax, dword ptr fs:[00000030h]	4_2_1D7CB931
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88D9C6 mov eax, dword ptr fs:[00000030h]	4_2_1D88D9C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7917 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7917
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8049F0 mov eax, dword ptr fs:[00000030h]	4_2_1D8049F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8049F0 mov eax, dword ptr fs:[00000030h]	4_2_1D8049F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB9FA mov eax, dword ptr fs:[00000030h]	4_2_1D7FB9FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C99F0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7C99F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D09F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D09F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D826912 mov eax, dword ptr fs:[00000030h]	4_2_1D826912
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802919 mov eax, dword ptr fs:[00000030h]	4_2_1D802919
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802919 mov eax, dword ptr fs:[00000030h]	4_2_1D802919
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov ecx, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89892E mov eax, dword ptr fs:[00000030h]	4_2_1D89892E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89892E mov eax, dword ptr fs:[00000030h]	4_2_1D89892E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A492D mov eax, dword ptr fs:[00000030h]	4_2_1D8A492D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD9CE mov eax, dword ptr fs:[00000030h]	4_2_1D7FD9CE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]	4_2_1D82693A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]	4_2_1D82693A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]	4_2_1D82693A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB9C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB9C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D89C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D89C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D89C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D89C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C944 mov eax, dword ptr fs:[00000030h]	4_2_1D80C944
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CB9B0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CB9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89D946 mov eax, dword ptr fs:[00000030h]	4_2_1D89D946
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88D947 mov eax, dword ptr fs:[00000030h]	4_2_1D88D947
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C958 mov eax, dword ptr fs:[00000030h]	4_2_1D80C958
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]	4_2_1D85395B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]	4_2_1D85395B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]	4_2_1D85395B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DF870 mov eax, dword ptr fs:[00000030h]	4_2_1D7DF870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DF870 mov eax, dword ptr fs:[00000030h]	4_2_1D7DF870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9870 mov eax, dword ptr fs:[00000030h]	4_2_1D7E9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9870 mov eax, dword ptr fs:[00000030h]	4_2_1D7E9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80188E mov eax, dword ptr fs:[00000030h]	4_2_1D80188E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80188E mov eax, dword ptr fs:[00000030h]	4_2_1D80188E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]	4_2_1D871889
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]	4_2_1D871889
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]	4_2_1D871889
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81088E mov eax, dword ptr fs:[00000030h]	4_2_1D81088E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81088E mov edx, dword ptr fs:[00000030h]	4_2_1D81088E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81088E mov eax, dword ptr fs:[00000030h]	4_2_1D81088E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]	4_2_1D80B890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]	4_2_1D80B890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]	4_2_1D80B890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D888890 mov eax, dword ptr fs:[00000030h]	4_2_1D888890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D888890 mov eax, dword ptr fs:[00000030h]	4_2_1D888890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8598B2 mov eax, dword ptr fs:[00000030h]	4_2_1D8598B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB839 mov eax, dword ptr fs:[00000030h]	4_2_1D7FB839
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CD818 mov eax, dword ptr fs:[00000030h]	4_2_1D7CD818
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8048F0 mov eax, dword ptr fs:[00000030h]	4_2_1D8048F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CD800 mov eax, dword ptr fs:[00000030h]	4_2_1D7CD800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8688FB mov eax, dword ptr fs:[00000030h]	4_2_1D8688FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov esi, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C819 mov eax, dword ptr fs:[00000030h]	4_2_1D80C819
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C819 mov eax, dword ptr fs:[00000030h]	4_2_1D80C819
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C78E1 mov eax, dword ptr fs:[00000030h]	4_2_1D7C78E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 4_2_1D812D10 NtQuerySystemInformation,LdrInitializeThunk,

4_2_1D812D10

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

2_2_0040352D

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
69.49.244.14	hustlecreate.com	United States		46606	UNIFIEDLAYER-AS-1US	true

Contacted Domains

Name	IP	Active
hustlecreate.com	69.49.244.14	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hustlecreate.com/a1/binned_SsGEV34.bin	true	Avira URL Cloud: safe	unknown

AV Detection

Found malware configuration

Source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://hustlecreate.com/a1/binned_SsGEV34.bin"}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Virustotal: Detection: 19%			Perma Link
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	ReversingLabs: Detection: 12%

Uses 32bit PE files

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardheartedly12

Jump to behavior

Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: mshtml.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: mshtml.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.2.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	2_2_00405C49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00406873 FindFirstFileW,FindClose,	2_2_00406873
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_0040290B FindFirstFileW,	2_2_0040290B

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: https://hustlecreate.com/a1/binned_SsGEV34.bin

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /a1/binned_SsGEV34.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: hustlecreate.comCache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: vm3dc003.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205924860705.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926637739.00000000019B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205921193564.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649904361.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926200904.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925287313.00000000019B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205924860705.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926637739.00000000019B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205921193564.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649904361.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926200904.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925287313.00000000019B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, uninstalla.exe.2.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0L
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://s2.symcb.com0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://sv.symcd.com0&
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792807270.0000000000626000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: vm3dc003.dll.2.dr	String found in binary or memory: http://www.vmware.com/0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: http://www.vmware.com/0/
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: System.Runtime.CompilerServices.VisualC.dll.2.dr	String found in binary or memory: https://github.com/dotnet/runtime
Source: System.Runtime.CompilerServices.VisualC.dll.2.dr	String found in binary or memory: https://github.com/dotnet/runtimeBSJB
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.bin
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.bin42
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.binY
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: vm3dc003.dll.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: vm3dc003.dll.2.dr	String found in binary or memory: https://www.globalsign.com/repository/0

Source: unknown

DNS traffic detected: queries for: hustlecreate.com

Source: global traffic

HTTP traffic detected: GET /a1/binned_SsGEV34.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: hustlecreate.comCache-Control: no-cache

Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

2_2_004056DE

Uses 32bit PE files

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

2_2_0040352D

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_0040755C	2_2_0040755C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00406D85	2_2_00406D85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_713C1BFF	2_2_713C1BFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB9DB7	2_2_02AB9DB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB82A1	2_2_02AB82A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAECBE	2_2_02AAECBE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABCAB0	2_2_02ABCAB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEECD	2_2_02AAEECD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEC23	2_2_02AAEC23
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEE0E	2_2_02AAEE0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEC6A	2_2_02AAEC6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAF047	2_2_02AAF047
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEFFF	2_2_02AAEFFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB292D	2_2_02AB292D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABAF38	2_2_02ABAF38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAEF79	2_2_02AAEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAE573	2_2_02AAE573
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAED77	2_2_02AAED77
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABAB40	2_2_02ABAB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB9758	2_2_02AB9758
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0D69	4_2_1D7E0D69
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9DD0	4_2_1D7E9DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FD27	4_2_1D89FD27
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D897D4C	4_2_1D897D4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F2DB0	4_2_1D7F2DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8AACEB	4_2_1D8AACEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C12	4_2_1D7D0C12
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FFCE0	4_2_1D7FFCE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8CDF	4_2_1D7F8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EC4C	4_2_1D88EC4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D896C69	4_2_1D896C69
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89EC60	4_2_1D89EC60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89EFBF	4_2_1D89EFBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D891FC6	4_2_1D891FC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7ECF00	4_2_1D7ECF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FF63	4_2_1D89FF63
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D890EAD	4_2_1D890EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D899ED2	4_2_1D899ED2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D800E50	4_2_1D800E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89E9A6	4_2_1D89E9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8259C0	4_2_1D8259C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A99E8	4_2_1D7A99E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9870	4_2_1D7E9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB870	4_2_1D7FB870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6868	4_2_1D7C6868
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8598B2	4_2_1D8598B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8978F3	4_2_1D8978F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80E810	4_2_1D80E810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880835	4_2_1D880835
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E28C0	4_2_1D7E28C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F872	4_2_1D89F872
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F6882	4_2_1D7F6882
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D854BC0	4_2_1D854BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0B10	4_2_1D7E0B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FB2E	4_2_1D89FB2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89FA89	4_2_1D89FA89
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89CA13	4_2_1D89CA13
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89EA5B	4_2_1D89EA5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FFAA0	4_2_1D7FFAA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F5C9	4_2_1D89F5C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8975C6	4_2_1D8975C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8AA526	4_2_1D8AA526
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0445	4_2_1D7E0445
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E2760	4_2_1D7E2760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EA760	4_2_1D7EA760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D896757	4_2_1D896757
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89A6C0	4_2_1D89A6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8536EC	4_2_1D8536EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F6F6	4_2_1D89F6F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FC600	4_2_1D7FC600
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DC6E0	4_2_1D7DC6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87D62C	4_2_1D87D62C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88D646	4_2_1D88D646
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D804670	4_2_1D804670
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0680	4_2_1D7E0680
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CF113	4_2_1D7CF113
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A010E	4_2_1D8A010E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB1E0	4_2_1D7FB1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87D130	4_2_1D87D130
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E51C0	4_2_1D7E51C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82717A	4_2_1D82717A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81508C	4_2_1D81508C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8970F1	4_2_1D8970F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EB0D0	4_2_1D7EB0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D00A0	4_2_1D7D00A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88E076	4_2_1D88E076
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EE310	4_2_1D7EE310
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89F330	4_2_1D89F330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1380	4_2_1D7D1380
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A2245	4_2_1D7A2245
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CD2EC	4_2_1D7CD2EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89124C	4_2_1D89124C

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D827BE4 appears 87 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D85EF10 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D815050 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D84E692 appears 84 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: String function: 1D7CB910 appears 266 times

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABBEBC NtProtectVirtualMemory,	2_2_02ABBEBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB9DB7 NtAllocateVirtualMemory,	2_2_02AB9DB7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812D10 NtQuerySystemInformation,LdrInitializeThunk,	4_2_1D812D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B90 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_1D812B90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B10 NtAllocateVirtualMemory,LdrInitializeThunk,	4_2_1D812B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812DA0 NtReadVirtualMemory,	4_2_1D812DA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812DC0 NtAdjustPrivilegesToken,	4_2_1D812DC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812D50 NtWriteVirtualMemory,	4_2_1D812D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D813C90 NtOpenThread,	4_2_1D813C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812CD0 NtEnumerateKey,	4_2_1D812CD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812CF0 NtDelayExecution,	4_2_1D812CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C10 NtOpenProcess,	4_2_1D812C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C20 NtSetInformationFile,	4_2_1D812C20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C30 NtMapViewOfSection,	4_2_1D812C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D813C30 NtOpenProcessToken,	4_2_1D813C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812C50 NtUnmapViewOfSection,	4_2_1D812C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812FB0 NtSetValueKey,	4_2_1D812FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812F00 NtCreateFile,	4_2_1D812F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812F30 NtOpenDirectoryObject,	4_2_1D812F30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812E80 NtCreateProcessEx,	4_2_1D812E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812EB0 NtProtectVirtualMemory,	4_2_1D812EB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812EC0 NtQuerySection,	4_2_1D812EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812ED0 NtResumeThread,	4_2_1D812ED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812E00 NtQueueApcThread,	4_2_1D812E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812E50 NtCreateSection,	4_2_1D812E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8129D0 NtWaitForSingleObject,	4_2_1D8129D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8129F0 NtReadFile,	4_2_1D8129F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8138D0 NtGetContextThread,	4_2_1D8138D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B80 NtCreateKey,	4_2_1D812B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812BC0 NtQueryInformationToken,	4_2_1D812BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812BE0 NtQueryVirtualMemory,	4_2_1D812BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B00 NtQueryValueKey,	4_2_1D812B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812B20 NtQueryInformationProcess,	4_2_1D812B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812A80 NtClose,	4_2_1D812A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812AA0 NtQueryInformationFile,	4_2_1D812AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812AC0 NtEnumerateValueKey,	4_2_1D812AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D812A10 NtWriteFile,	4_2_1D812A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D814570 NtSuspendThread,	4_2_1D814570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8134E0 NtCreateMutant,	4_2_1D8134E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D814260 NtSetContextThread,	4_2_1D814260
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_01671468 NtAllocateVirtualMemory,	4_2_01671468

PE file contains executable resources (Code or Archives)

Source: System.Runtime.CompilerServices.VisualC.dll.2.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Process Stats: CPU usage > 98%

PE file does not import any functions

Source: System.Runtime.CompilerServices.VisualC.dll.2.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamevm3dc003.dll> vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205923926041.000000001D56F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205930970835.000000001D720000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210674141310.000000001DA70000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

PE file contains strange resources

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uninstalla.exe.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Tries to load missing DLLs

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Virustotal: Detection: 19%
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	ReversingLabs: Detection: 12%

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

2_2_0040352D

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File created: C:\Users\user\AppData\Local\Temp\nsaAD54.tmp

Jump to behavior

Source: classification engine

Classification label: mal84.troj.evad.winEXE@3/11@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_004021AA CoCreateInstance,

2_2_004021AA

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

2_2_0040498A

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

File written: C:\Users\user\AppData\Local\Temp\Exolve.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardheartedly12

Jump to behavior

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: mshtml.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.2.dr
Source:	Binary string: mshtml.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.2.dr

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.205790119879.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_713C30C0 push eax; ret	2_2_713C30EE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAAF16 push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AACCD6 pushad ; iretd	2_2_02AACCD7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAB002 push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAB01E push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB59DA pushad ; iretd	2_2_02AB59FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAA52F push cs; iretd	2_2_02AAA532
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAAF73 push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAAF4E push esi; retf	2_2_02AAB000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AAA158 push ebp; retn 0008h	2_2_02AAA159
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D08CD push ecx; mov dword ptr [esp], ecx	4_2_1D7D08D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A97A1 push es; iretd	4_2_1D7A97A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7A21AD pushad ; retf 0004h	4_2_1D7A223F

PE file contains sections with non-standard names

Source: vm3dc003.dll.2.dr	Static PE information: section name: .didat
Source: vm3dc003.dll.2.dr	Static PE information: section name: .gehcont
Source: vm3dc003.dll.2.dr	Static PE information: section name: _RDATA

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

2_2_713C1BFF

PE file contains an invalid checksum

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Static PE information: real checksum: 0x0 should be: 0xe7640
Source: System.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0x3d68
Source: uninstalla.exe.2.dr	Static PE information: real checksum: 0x3f1bf6 should be: 0x4a8b4

Binary contains a suspicious time stamp

Source: System.Runtime.CompilerServices.VisualC.dll.2.dr

Static PE information: 0xC22B5F28 [Fri Mar 24 23:05:12 2073 UTC]

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\uninstalla.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\vm3dc003.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File created: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: download (31).png

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect Any.run

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\uninstalla.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vm3dc003.dll	Jump to dropped file

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_02AA8BEA rdtsc

2_2_02AA8BEA

Contains functionality to enumerate device drivers

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: K32EnumDeviceDrivers,

2_2_02ABC48A

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	2_2_00405C49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_00406873 FindFirstFileW,FindClose,	2_2_00406873
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_0040290B FindFirstFileW,	2_2_0040290B

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	API call chain: ExitProcess graph end node

Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: vm3dc003.dll.2.dr	Binary or memory string: http://www.vmware.com/0
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.1!0
Source: vm3dc003.dll.2.dr	Binary or memory string: %s: VMToolsRegistry Not set.
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: vm3dc003.dll.2.dr	Binary or memory string: http://www.vmware.com/0/
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205927120983.000000000199C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649789523.000000000199C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925848448.000000000199C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.1
Source: vm3dc003.dll.2.dr	Binary or memory string: VMware, Inc.0
Source: vm3dc003.dll.2.dr	Binary or memory string: ProductNameVMware SVGA 3D`
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: vm3dc003.dll.2.dr	Binary or memory string: LegalCopyrightCopyright (C) 1998-2021 VMware, Inc.B
Source: vm3dc003.dll.2.dr	Binary or memory string: {4d36e968-e325-11ce-bfc1-08002be10318}SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}CoInstallers32SOFTWARE\Microsoft\Windows\CurrentVersion\RunVMware VM3DService ProcessRegDeleteValue failed (0x%lx).
Source: vm3dc003.dll.2.dr	Binary or memory string: noreply@vmware.com0
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: vm3dc003.dll.2.dr	Binary or memory string: dbghelp.dllSoftware\VMware, Inc.\VMware SVGADebugSearchPathBacktrace[%2d] rip=%p %s+%#x %s:%d
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: vm3dc003.dll.2.dr	Binary or memory string: FileDescriptionVMware SVGA 3D Coinstaller:
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: vm3dc003.dll.2.dr	Binary or memory string: Software\VMware, Inc.\VMware SVGA
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: vm3dc003.dll.2.dr	Binary or memory string: CompanyNameVMware, Inc.^
Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

2_2_713C1BFF

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 2_2_02AA8BEA rdtsc

2_2_02AA8BEA

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB98FA mov eax, dword ptr fs:[00000030h]	2_2_02AB98FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02AB904B mov eax, dword ptr fs:[00000030h]	2_2_02AB904B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 2_2_02ABAF38 mov eax, dword ptr fs:[00000030h]	2_2_02ABAF38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E5D60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E5D60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4DA7 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4DA7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1D50 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1D50 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]	4_2_1D7EDD4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]	4_2_1D7EDD4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]	4_2_1D7EDD4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9D46 mov eax, dword ptr fs:[00000030h]	4_2_1D7C9D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9D46 mov eax, dword ptr fs:[00000030h]	4_2_1D7C9D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9D46 mov ecx, dword ptr fs:[00000030h]	4_2_1D7C9D46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802DBC mov eax, dword ptr fs:[00000030h]	4_2_1D802DBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802DBC mov ecx, dword ptr fs:[00000030h]	4_2_1D802DBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CFD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7CFD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88ADD6 mov eax, dword ptr fs:[00000030h]	4_2_1D88ADD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88ADD6 mov eax, dword ptr fs:[00000030h]	4_2_1D88ADD6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov ecx, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAD20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89CDEB mov eax, dword ptr fs:[00000030h]	4_2_1D89CDEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89CDEB mov eax, dword ptr fs:[00000030h]	4_2_1D89CDEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCD10 mov eax, dword ptr fs:[00000030h]	4_2_1D7FCD10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCD10 mov ecx, dword ptr fs:[00000030h]	4_2_1D7FCD10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]	4_2_1D87FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]	4_2_1D7DAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F0D01 mov eax, dword ptr fs:[00000030h]	4_2_1D7F0D01
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88BD08 mov eax, dword ptr fs:[00000030h]	4_2_1D88BD08
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88BD08 mov eax, dword ptr fs:[00000030h]	4_2_1D88BD08
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEDFA mov eax, dword ptr fs:[00000030h]	4_2_1D7CEDFA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D868D0A mov eax, dword ptr fs:[00000030h]	4_2_1D868D0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DBDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FFDE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FFDE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]	4_2_1D880D24
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C8DCD mov eax, dword ptr fs:[00000030h]	4_2_1D7C8DCD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4D4B mov eax, dword ptr fs:[00000030h]	4_2_1D8A4D4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895D43 mov eax, dword ptr fs:[00000030h]	4_2_1D895D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895D43 mov eax, dword ptr fs:[00000030h]	4_2_1D895D43
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D7DB6 mov eax, dword ptr fs:[00000030h]	4_2_1D7D7DB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDDB0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CDDB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6DA6 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6DA6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851D5E mov eax, dword ptr fs:[00000030h]	4_2_1D851D5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6D91 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6D91
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A5D65 mov eax, dword ptr fs:[00000030h]	4_2_1D8A5D65
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BD71 mov eax, dword ptr fs:[00000030h]	4_2_1D80BD71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BD71 mov eax, dword ptr fs:[00000030h]	4_2_1D80BD71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCD8A mov eax, dword ptr fs:[00000030h]	4_2_1D7CCD8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCD8A mov eax, dword ptr fs:[00000030h]	4_2_1D7CCD8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D0C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D0C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D0C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]	4_2_1D7D8C79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCC68 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCC68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88FC95 mov eax, dword ptr fs:[00000030h]	4_2_1D88FC95
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov ecx, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]	4_2_1D879C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDC40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CDC40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C40 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D806CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D806CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C8C3D mov eax, dword ptr fs:[00000030h]	4_2_1D7C8C3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D809CCF mov eax, dword ptr fs:[00000030h]	4_2_1D809CCF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CCD1 mov ecx, dword ptr fs:[00000030h]	4_2_1D80CCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D80CCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D80CCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov ecx, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]	4_2_1D863CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4CD2 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4CD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3C20 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3C20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]	4_2_1D7EAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FECF3 mov eax, dword ptr fs:[00000030h]	4_2_1D7FECF3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FECF3 mov eax, dword ptr fs:[00000030h]	4_2_1D7FECF3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7CF1 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7CF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3CF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3CF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3CF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]	4_2_1D802C10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8CDF mov eax, dword ptr fs:[00000030h]	4_2_1D7F8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8CDF mov eax, dword ptr fs:[00000030h]	4_2_1D7F8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDCD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895C38 mov eax, dword ptr fs:[00000030h]	4_2_1D895C38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D895C38 mov ecx, dword ptr fs:[00000030h]	4_2_1D895C38
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DFCC9 mov eax, dword ptr fs:[00000030h]	4_2_1D7DFCC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C6CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D804C3D mov eax, dword ptr fs:[00000030h]	4_2_1D804C3D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D853C57 mov eax, dword ptr fs:[00000030h]	4_2_1D853C57
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4C59 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4C59
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D7C95 mov eax, dword ptr fs:[00000030h]	4_2_1D7D7C95
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D7C95 mov eax, dword ptr fs:[00000030h]	4_2_1D7D7C95
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BC6E mov eax, dword ptr fs:[00000030h]	4_2_1D80BC6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BC6E mov eax, dword ptr fs:[00000030h]	4_2_1D80BC6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7C85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]	4_2_1D7CEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]	4_2_1D7CEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]	4_2_1D7CEF79
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBF70 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBF70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1F70 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1F70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAF72 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAF72
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]	4_2_1D858F8B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]	4_2_1D858F8B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]	4_2_1D858F8B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D808FBC mov eax, dword ptr fs:[00000030h]	4_2_1D808FBC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]	4_2_1D7EDF36
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CFF30 mov edi, dword ptr fs:[00000030h]	4_2_1D7CFF30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]	4_2_1D851FC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov ecx, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]	4_2_1D84FFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EFD3 mov eax, dword ptr fs:[00000030h]	4_2_1D88EFD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4FFF mov eax, dword ptr fs:[00000030h]	4_2_1D8A4FFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7ECF00 mov eax, dword ptr fs:[00000030h]	4_2_1D7ECF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7ECF00 mov eax, dword ptr fs:[00000030h]	4_2_1D7ECF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F8FFB mov eax, dword ptr fs:[00000030h]	4_2_1D7F8FFB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]	4_2_1D84FF03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]	4_2_1D84FF03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]	4_2_1D84FF03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]	4_2_1D80BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]	4_2_1D80BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]	4_2_1D80BF0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4F1D mov eax, dword ptr fs:[00000030h]	4_2_1D8A4F1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]	4_2_1D810F16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]	4_2_1D7E6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C9FD0 mov eax, dword ptr fs:[00000030h]	4_2_1D7C9FD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov eax, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov eax, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov ecx, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D858F3C mov ecx, dword ptr fs:[00000030h]	4_2_1D858F3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBFC0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBFC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88BF4D mov eax, dword ptr fs:[00000030h]	4_2_1D88BF4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D4FB6 mov eax, dword ptr fs:[00000030h]	4_2_1D7D4FB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCFB0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FCFB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FCFB0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FCFB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1FAA mov eax, dword ptr fs:[00000030h]	4_2_1D7D1FAA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88AF50 mov ecx, dword ptr fs:[00000030h]	4_2_1D88AF50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FBF93 mov eax, dword ptr fs:[00000030h]	4_2_1D7FBF93
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EF66 mov eax, dword ptr fs:[00000030h]	4_2_1D88EF66
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]	4_2_1D7E0F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4F7C mov eax, dword ptr fs:[00000030h]	4_2_1D8A4F7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D1E70 mov eax, dword ptr fs:[00000030h]	4_2_1D7D1E70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBE60 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBE60 mov eax, dword ptr fs:[00000030h]	4_2_1D7CBE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CEA0 mov eax, dword ptr fs:[00000030h]	4_2_1D80CEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D890EAD mov eax, dword ptr fs:[00000030h]	4_2_1D890EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D890EAD mov eax, dword ptr fs:[00000030h]	4_2_1D890EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FEE48 mov eax, dword ptr fs:[00000030h]	4_2_1D7FEE48
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802EB8 mov eax, dword ptr fs:[00000030h]	4_2_1D802EB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802EB8 mov eax, dword ptr fs:[00000030h]	4_2_1D802EB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDE45 mov eax, dword ptr fs:[00000030h]	4_2_1D7CDE45
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CDE45 mov ecx, dword ptr fs:[00000030h]	4_2_1D7CDE45
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CFE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CFE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CAE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CAE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]	4_2_1D7CAE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4EC1 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4EC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2E32 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2E32
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80BED0 mov eax, dword ptr fs:[00000030h]	4_2_1D80BED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D811ED8 mov eax, dword ptr fs:[00000030h]	4_2_1D811ED8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D899ED2 mov eax, dword ptr fs:[00000030h]	4_2_1D899ED2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CBE18 mov ecx, dword ptr fs:[00000030h]	4_2_1D7CBE18
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E14
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]	4_2_1D801EED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]	4_2_1D801EED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]	4_2_1D801EED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EEE7 mov eax, dword ptr fs:[00000030h]	4_2_1D88EEE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D873EFC mov eax, dword ptr fs:[00000030h]	4_2_1D873EFC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3E01 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3E01
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4E03 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4E03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CCEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D808E15 mov eax, dword ptr fs:[00000030h]	4_2_1D808E15
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]	4_2_1D7D2EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]	4_2_1D84FE1F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D3EE2 mov eax, dword ptr fs:[00000030h]	4_2_1D7D3EE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]	4_2_1D898E26
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D866E30 mov eax, dword ptr fs:[00000030h]	4_2_1D866E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D866E30 mov eax, dword ptr fs:[00000030h]	4_2_1D866E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov ecx, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]	4_2_1D865E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CE3F mov eax, dword ptr fs:[00000030h]	4_2_1D80CE3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]	4_2_1D7E1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]	4_2_1D880E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A4E62 mov eax, dword ptr fs:[00000030h]	4_2_1D8A4E62
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88EE78 mov eax, dword ptr fs:[00000030h]	4_2_1D88EE78
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80CE70 mov eax, dword ptr fs:[00000030h]	4_2_1D80CE70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D807E71 mov eax, dword ptr fs:[00000030h]	4_2_1D807E71
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAE89 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAE89
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FAE89 mov eax, dword ptr fs:[00000030h]	4_2_1D7FAE89
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FBE80 mov eax, dword ptr fs:[00000030h]	4_2_1D7FBE80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]	4_2_1D7D6970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]	4_2_1D80C98F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]	4_2_1D80C98F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]	4_2_1D80C98F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E096B mov eax, dword ptr fs:[00000030h]	4_2_1D7E096B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E096B mov eax, dword ptr fs:[00000030h]	4_2_1D7E096B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F4955 mov eax, dword ptr fs:[00000030h]	4_2_1D7F4955
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F4955 mov eax, dword ptr fs:[00000030h]	4_2_1D7F4955
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov ecx, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB950
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85F9AA mov eax, dword ptr fs:[00000030h]	4_2_1D85F9AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85F9AA mov eax, dword ptr fs:[00000030h]	4_2_1D85F9AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8089B0 mov edx, dword ptr fs:[00000030h]	4_2_1D8089B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FE94E mov eax, dword ptr fs:[00000030h]	4_2_1D7FE94E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD940 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD940 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85D9C7 mov eax, dword ptr fs:[00000030h]	4_2_1D85D9C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A29CF mov eax, dword ptr fs:[00000030h]	4_2_1D8A29CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A29CF mov eax, dword ptr fs:[00000030h]	4_2_1D8A29CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7F9938 mov ecx, dword ptr fs:[00000030h]	4_2_1D7F9938
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CB931 mov eax, dword ptr fs:[00000030h]	4_2_1D7CB931
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CB931 mov eax, dword ptr fs:[00000030h]	4_2_1D7CB931
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88D9C6 mov eax, dword ptr fs:[00000030h]	4_2_1D88D9C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C7917 mov eax, dword ptr fs:[00000030h]	4_2_1D7C7917
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8049F0 mov eax, dword ptr fs:[00000030h]	4_2_1D8049F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8049F0 mov eax, dword ptr fs:[00000030h]	4_2_1D8049F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB9FA mov eax, dword ptr fs:[00000030h]	4_2_1D7FB9FA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C99F0 mov ecx, dword ptr fs:[00000030h]	4_2_1D7C99F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D09F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D09F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D826912 mov eax, dword ptr fs:[00000030h]	4_2_1D826912
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802919 mov eax, dword ptr fs:[00000030h]	4_2_1D802919
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D802919 mov eax, dword ptr fs:[00000030h]	4_2_1D802919
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov ecx, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]	4_2_1D805921
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89892E mov eax, dword ptr fs:[00000030h]	4_2_1D89892E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89892E mov eax, dword ptr fs:[00000030h]	4_2_1D89892E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8A492D mov eax, dword ptr fs:[00000030h]	4_2_1D8A492D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD9CE mov eax, dword ptr fs:[00000030h]	4_2_1D7FD9CE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]	4_2_1D82693A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]	4_2_1D82693A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]	4_2_1D82693A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB9C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DB9C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DB9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D89C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D89C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D89C0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D89C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C944 mov eax, dword ptr fs:[00000030h]	4_2_1D80C944
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CB9B0 mov eax, dword ptr fs:[00000030h]	4_2_1D7CB9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D89D946 mov eax, dword ptr fs:[00000030h]	4_2_1D89D946
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88D947 mov eax, dword ptr fs:[00000030h]	4_2_1D88D947
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C958 mov eax, dword ptr fs:[00000030h]	4_2_1D80C958
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DE9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]	4_2_1D85395B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]	4_2_1D85395B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]	4_2_1D85395B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DF870 mov eax, dword ptr fs:[00000030h]	4_2_1D7DF870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DF870 mov eax, dword ptr fs:[00000030h]	4_2_1D7DF870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9870 mov eax, dword ptr fs:[00000030h]	4_2_1D7E9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E9870 mov eax, dword ptr fs:[00000030h]	4_2_1D7E9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80188E mov eax, dword ptr fs:[00000030h]	4_2_1D80188E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80188E mov eax, dword ptr fs:[00000030h]	4_2_1D80188E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]	4_2_1D871889
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]	4_2_1D871889
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]	4_2_1D871889
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81088E mov eax, dword ptr fs:[00000030h]	4_2_1D81088E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81088E mov edx, dword ptr fs:[00000030h]	4_2_1D81088E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D81088E mov eax, dword ptr fs:[00000030h]	4_2_1D81088E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]	4_2_1D80B890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]	4_2_1D80B890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]	4_2_1D80B890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D888890 mov eax, dword ptr fs:[00000030h]	4_2_1D888890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D888890 mov eax, dword ptr fs:[00000030h]	4_2_1D888890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8598B2 mov eax, dword ptr fs:[00000030h]	4_2_1D8598B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FB839 mov eax, dword ptr fs:[00000030h]	4_2_1D7FB839
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]	4_2_1D8918DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CD818 mov eax, dword ptr fs:[00000030h]	4_2_1D7CD818
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8048F0 mov eax, dword ptr fs:[00000030h]	4_2_1D8048F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7CD800 mov eax, dword ptr fs:[00000030h]	4_2_1D7CD800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D8688FB mov eax, dword ptr fs:[00000030h]	4_2_1D8688FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]	4_2_1D7E3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]	4_2_1D87F8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7DA8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov esi, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]	4_2_1D7FD8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C819 mov eax, dword ptr fs:[00000030h]	4_2_1D80C819
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D80C819 mov eax, dword ptr fs:[00000030h]	4_2_1D80C819
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7C78E1 mov eax, dword ptr fs:[00000030h]	4_2_1D7C78E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]	4_2_1D7D58E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Code function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]	4_2_1D88F82B

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Code function: 4_2_1D812D10 NtQuerySystemInformation,LdrInitializeThunk,

4_2_1D812D10

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

2_2_0040352D

ID:	634994
Product:	CloudBasic
Start time:	09:50:56
Start date:	27.05.2022
Sample:	SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	7f369d460c84146944c3c12bf83901af
SHA1:	29ea3441429d555ddfd0fd8d5973aab0f9ea2663
SHA256:	a5e095edbdf743431c5e866c01c3a592fc5a7ddf6bfb617d72f81181743adf3a
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\CELSIAN.Gra	data	F042FA6C1A5A11E1E94F4C7D55F4696F	3A9C3519A67FD03DC3C97EEA6B04CFFD1AA38715	B30D6EBFBD48675A3899E47EA4FEFD63A784CF4D291CE1CE7E805B70BB71D67D
C:\Users\user\AppData\Local\Temp\Exolve.ini	ASCII text, with CRLF line terminators	272BC34712948F6A7132DD80E17DE84E	461967EA55D874C28BF0999FB66CACE785D9BCA9	019D3E92BF00DC7409E188A19F11AB33C31BFBAFE5B2E036632CC69B71207FE9
C:\Users\user\AppData\Local\Temp\Green_Leaves_21.bmp	JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3	2F12A714A50993C090C94EC2672490E1	4F9A319C412F1B1B251C027B1C2448BBDBB9CA6F	E759639DCCA8E96864BC82EDBACFD5BB14FE37412A6F3FCE7C82BF1BB944B6E4
C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows	E3F74999CDB00FCAAA6A40A97B8F199B	F3A2C8DF8E98F7DCB49CBE5C4A717A6087A656D2	6929BC473DF404FCED714F345479216B66B72ACF116061DF1CDD8ACAEE961333
C:\Users\user\AppData\Local\Temp\drive-harddisk-system-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	39182B562FCB2BAD93D58516462708A8	F9A88E1F1313BD05CDB1E962DE8170CCCFDA9151	DEF4215BBA93FAED6FCF7E4687EF89AB828DB10E69171A5E14908F091302C59F
C:\Users\user\AppData\Local\Temp\mail-unread-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	433D25AD6818DB00083CD062A16D3479	D4210D893E965912EA7BD45C80D359FECAB54A98	3D06E8FA89BA4FA9D9BCC260F38C72D1A104FE3E6F8923A3EE553563832027CB
C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	CFF85C549D536F651D4FB8387F1976F2	D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E	8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
C:\Users\user\AppData\Local\Temp\scanner.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	0CBA7EB7455B0DB79456C5911F12B75E	DAACA4FE36E4F61016D473A0A1CD4C980906872B	50F4DB972320FF30D4FD98B61F58D956678F38FD1D11CA5109E5559D02A986BE
C:\Users\user\AppData\Local\Temp\uninstalla.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	1DCEAF980C4D83AE2A13BD0F047E1BD7	7D97E79EFB047361A8C2A8AC0A26B37127C3C7AC	0C340FB13ACAAAE759215AF9C970DC6C167418534C421EB626643E20FD0AC832
C:\Users\user\AppData\Local\Temp\vm3dc003.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	059BE7432DFAD92F4EA0A2E5941C52A7	1C1B989D6B9D0FA0808FCA8893ADDC8CD76602D9	8E184A514D8716B59B24892CB425752E6D7837735C1E9F1996D66E70BFEC033B
C:\Users\user\AppData\Local\Temp\vtshim.c	C source, ASCII text	1B00C31FF20D27F07B299063908311E0	1976E6DD68DD0D64508C91A6DFAB8E75F8AAF6CD	EC872BB1DDC330D3F19F68D033B0706E1B78D4A91A58998674B67EAD58BEA729

Windows Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.5627.exe