Windows Analysis Report
SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe

Overview

General Information

Sample Name: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe
Analysis ID: 755939
MD5: f536ea8fb5b6586bb2ffc764cd52abff
SHA1: 313804060f2511b8382d369a3949d5524c1adaef
SHA256: e539f80082f961c600e6ff2a21e969d0641aa787831259d3fdd772b28d469721
Tags: exe
Infos:

Detection

DBatLoader, FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected DBatLoader
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
WScript reads language and country specific registry keys (likely country aware script)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection

barindex
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe ReversingLabs: Detection: 15%
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Virustotal: Detection: 30% Perma Link
Source: Yara match File source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Avira: detected
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Avira: detection malicious, Label: HEUR/AGEN.1214697
Source: C:\Users\Public\Libraries\Iuigzwjd.exe ReversingLabs: Detection: 15%
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Joe Sandbox ML: detected
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Joe Sandbox ML: detected
Source: 0.2.SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe.2581218.0.unpack Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe.2720000.2.unpack Avira: Label: TR/Hijacker.Gen
Source: 0.2.SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe.2a2eed8.3.unpack Avira: Label: TR/Patched.Ren.Gen
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Malware Configuration Extractor: DBatLoader {"Download Url": "https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21850&authkey=AEcOcvbyHqeCMT0"}
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.brainbookgroup.com/nvp4/"]}
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: unknown HTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: Binary string: explorer.pdbUGP source: wscript.exe, 00000001.00000002.572034695.0000000005D50000.00000040.00000001.00040000.00000000.sdmp
Source: Binary string: wscript.pdbGCTL source: explorer.exe, 00000002.00000002.591545525.0000000015563000.00000004.00000001.00040000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: wscript.exe, 00000001.00000003.277522589.0000000004D22000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.279077303.0000000004EBD000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.566831763.0000000005920000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.569256565.0000000005A3F000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: wscript.exe, wscript.exe, 00000001.00000003.277522589.0000000004D22000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.279077303.0000000004EBD000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.566831763.0000000005920000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.569256565.0000000005A3F000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wscript.pdb source: explorer.exe, 00000002.00000002.591545525.0000000015563000.00000004.00000001.00040000.00000000.sdmp
Source: Binary string: explorer.pdb source: wscript.exe, 00000001.00000002.572034695.0000000005D50000.00000040.00000001.00040000.00000000.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02725B48 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA, 0_2_02725B48

Networking

barindex
Source: Malware configuration extractor URLs: www.brainbookgroup.com/nvp4/
Source: Malware configuration extractor URLs: https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21850&authkey=AEcOcvbyHqeCMT0
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Joe Sandbox View IP Address: 13.107.43.12 13.107.43.12
Source: unknown Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49694
Source: explorer.exe, 00000002.00000000.328190890.000000000F270000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: unknown DNS traffic detected: queries for: onedrive.live.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02738CBC InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle, 0_2_02738CBC
Source: global traffic HTTP traffic detected: GET /download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21850&authkey=AEcOcvbyHqeCMT0 HTTP/1.1User-Agent: 70Host: onedrive.live.com
Source: global traffic HTTP traffic detected: GET /y4mJr27PXKP1w7VmweyBhr9jXuXcCKUmjp-l0AjYgYvmFILscr-gs1ZCYQgPakl85NdXiyluyI2K__n-DTHXtIuKBfix9QJgWA8xZXLmTFKCzO-QrrlJfjFNlxYKvj4CV1InzMNLAsu2pDihkqbVzbigQu3lZ2fbCWy9RogAq5NxzuJ1VRoowitd9q4QmyU6H1eR5JdbJA1JsNbjwDPqFHy3g/Iuigzwjduoa?download&psid=1 HTTP/1.1User-Agent: 70Host: oyuurg.ph.files.1drv.comConnection: Keep-Alive
Source: unknown HTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.3:49694 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.3:49695 version: TLS 1.2

E-Banking Fraud

barindex
Source: Yara match File source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

barindex
Source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: wscript.exe PID: 5988, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: wscript.exe PID: 5988, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: C:\Users\Public\Libraries\djwzgiuI.url, type: DROPPED Matched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
Source: C:\Users\Public\Libraries\djwzgiuI.url, type: DROPPED Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027220F4 0_2_027220F4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972581 1_2_05972581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595D5E0 1_2_0595D5E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A125DD 1_2_05A125DD
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A12D07 1_2_05A12D07
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05940D20 1_2_05940D20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A11D55 1_2_05A11D55
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595841F 1_2_0595841F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0D466 1_2_05A0D466
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A11FF1 1_2_05A11FF1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1DFCE 1_2_05A1DFCE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A12EF7 1_2_05A12EF7
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05966E30 1_2_05966E30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0D616 1_2_05A0D616
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594F900 1_2_0594F900
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05964120 1_2_05964120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595B090 1_2_0595B090
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A120A8 1_2_05A120A8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A128EC 1_2_05A128EC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1E824 1_2_05A1E824
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01002 1_2_05A01002
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597EBB0 1_2_0597EBB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0DBD2 1_2_05A0DBD2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A003DA 1_2_05A003DA
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A12B28 1_2_05A12B28
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A122AE 1_2_05A122AE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059FFA2B 1_2_059FFA2B
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 0594B150 appears 45 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: String function: 02724C24 appears 221 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: String function: 027248A0 appears 53 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: String function: 02724A98 appears 51 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02739128 InetIsOffline,InetIsOffline,CopyFileA,WinExec,Sleep,OpenProcess,NtSuspendThread,InetIsOffline,ZwClose,InetIsOffline,InetIsOffline,ExitProcess, 0_2_02739128
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02733690 LoadLibraryA,GetModuleHandleA,GetProcAddress,RtlMoveMemory,GetCurrentProcess,NtFlushVirtualMemory,FreeLibrary, 0_2_02733690
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273779C InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualFree,VirtualAllocEx,GetProcAddress,FreeLibrary,WriteProcessMemory,NtProtectVirtualMemory, 0_2_0273779C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273368E LoadLibraryA,GetModuleHandleA,GetProcAddress,RtlMoveMemory,GetCurrentProcess,NtFlushVirtualMemory,FreeLibrary, 0_2_0273368E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02733990 InetIsOffline,CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,GetProcAddress,FreeLibrary,NtProtectVirtualMemory,SetThreadContext,NtResumeThread, 0_2_02733990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273398E InetIsOffline,CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,GetProcAddress,FreeLibrary,NtProtectVirtualMemory,SetThreadContext,NtResumeThread, 0_2_0273398E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059895D0 NtClose,LdrInitializeThunk, 1_2_059895D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989780 NtMapViewOfSection,LdrInitializeThunk, 1_2_05989780
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989FE0 NtCreateMutant,LdrInitializeThunk, 1_2_05989FE0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059896E0 NtFreeVirtualMemory,LdrInitializeThunk, 1_2_059896E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989660 NtAllocateVirtualMemory,LdrInitializeThunk, 1_2_05989660
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059899A0 NtCreateSection,LdrInitializeThunk, 1_2_059899A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989910 NtAdjustPrivilegesToken,LdrInitializeThunk, 1_2_05989910
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989860 NtQuerySystemInformation,LdrInitializeThunk, 1_2_05989860
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059895F0 NtQueryInformationFile, 1_2_059895F0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0598AD30 NtSetContextThread, 1_2_0598AD30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989520 NtWaitForSingleObject, 1_2_05989520
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989540 NtReadFile, 1_2_05989540
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989560 NtWriteFile, 1_2_05989560
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059897A0 NtUnmapViewOfSection, 1_2_059897A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0598A710 NtOpenProcessToken, 1_2_0598A710
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989710 NtQueryInformationToken, 1_2_05989710
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989730 NtQueryVirtualMemory, 1_2_05989730
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0598A770 NtOpenThread, 1_2_0598A770
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989770 NtSetInformationFile, 1_2_05989770
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989760 NtOpenProcess, 1_2_05989760
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059896D0 NtCreateKey, 1_2_059896D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989610 NtEnumerateValueKey, 1_2_05989610
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989650 NtQueryValueKey, 1_2_05989650
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989670 NtQueryInformationProcess, 1_2_05989670
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059899D0 NtCreateProcessEx, 1_2_059899D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989950 NtQueueApcThread, 1_2_05989950
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059898A0 NtWriteVirtualMemory, 1_2_059898A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059898F0 NtReadVirtualMemory, 1_2_059898F0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989820 NtEnumerateKey, 1_2_05989820
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0598B040 NtSuspendThread, 1_2_0598B040
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989840 NtDelayExecution, 1_2_05989840
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0598A3B0 NtGetContextThread, 1_2_0598A3B0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989B00 NtSetValueKey, 1_2_05989B00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989A80 NtOpenDirectoryObject, 1_2_05989A80
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989A10 NtQuerySection, 1_2_05989A10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989A00 NtProtectVirtualMemory, 1_2_05989A00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989A20 NtResumeThread, 1_2_05989A20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05989A50 NtCreateFile, 1_2_05989A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Section loaded: amtahoo.dll
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe ReversingLabs: Detection: 15%
Source: SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Virustotal: Detection: 30%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\wscript.exe
Source: C:\Windows\explorer.exe Process created: C:\Users\Public\Libraries\Iuigzwjd.exe "C:\Users\Public\Libraries\Iuigzwjd.exe"
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\wscript.exe
Source: C:\Windows\explorer.exe Process created: C:\Users\Public\Libraries\Iuigzwjd.exe "C:\Users\Public\Libraries\Iuigzwjd.exe"
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\wscript.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\wscript.exe Jump to behavior
Source: C:\Windows\explorer.exe Process created: C:\Users\Public\Libraries\Iuigzwjd.exe "C:\Users\Public\Libraries\Iuigzwjd.exe" Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\wscript.exe Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\System32\wscript.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4 Jump to behavior
Source: classification engine Classification label: mal100.troj.evad.winEXE@10/5@2/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272823A GetDiskFreeSpaceA, 0_2_0272823A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02735770 CreateToolhelp32Snapshot, 0_2_02735770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: explorer.pdbUGP source: wscript.exe, 00000001.00000002.572034695.0000000005D50000.00000040.00000001.00040000.00000000.sdmp
Source: Binary string: wscript.pdbGCTL source: explorer.exe, 00000002.00000002.591545525.0000000015563000.00000004.00000001.00040000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: wscript.exe, 00000001.00000003.277522589.0000000004D22000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.279077303.0000000004EBD000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.566831763.0000000005920000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.569256565.0000000005A3F000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: wscript.exe, wscript.exe, 00000001.00000003.277522589.0000000004D22000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.279077303.0000000004EBD000.00000004.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.566831763.0000000005920000.00000040.00000800.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.569256565.0000000005A3F000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wscript.pdb source: explorer.exe, 00000002.00000002.591545525.0000000015563000.00000004.00000001.00040000.00000000.sdmp
Source: Binary string: explorer.pdb source: wscript.exe, 00000001.00000002.572034695.0000000005D50000.00000040.00000001.00040000.00000000.sdmp

Data Obfuscation

barindex
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe.2720000.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe.2a2eed8.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe.2a2eed8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.278011909.0000000002520000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.278530431.0000000002A2E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273F2A4 push 0273F310h; ret 0_2_0273F308
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273F0AC push 0273F125h; ret 0_2_0273F11D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273F144 push 0273F1ECh; ret 0_2_0273F1E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273F1F8 push 0273F288h; ret 0_2_0273F280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272C718 push ecx; mov dword ptr [esp], edx 0_2_0272C71D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272D78C push 0272D7B8h; ret 0_2_0272D7B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027384FC push 02738554h; ret 0_2_0273854C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027344AC push 027344EEh; ret 0_2_027344E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02735488 push 027354F2h; ret 0_2_027354EA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027265FA push 02726657h; ret 0_2_0272664F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027265FC push 02726657h; ret 0_2_0272664F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027335A6 push 02733653h; ret 0_2_0273364B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027335A8 push 02733653h; ret 0_2_0273364B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02726A48 push 02726A8Ah; ret 0_2_02726A82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02723894 push eax; ret 0_2_027238D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272CE1C push 0272CFA2h; ret 0_2_0272CF9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272FEA0 push 0272FF16h; ret 0_2_0272FF0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272FFA3 push 0272FFF1h; ret 0_2_0272FFE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272FFA4 push 0272FFF1h; ret 0_2_0272FFE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0273EC64 push 0273EE54h; ret 0_2_0273EE4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02738C58 push ecx; mov dword ptr [esp], edx 0_2_02738C5D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272CD93 push 0272CFA2h; ret 0_2_0272CF9A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0599D0D1 push ecx; ret 1_2_0599D0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02736388 InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualAlloc,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualAlloc,VirtualProtect,FreeLibrary, 0_2_02736388
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe File created: C:\Users\Public\Libraries\Iuigzwjd.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Iuigzwjd Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Iuigzwjd Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_027354F4 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_027354F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\Public\Libraries\Iuigzwjd.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\SysWOW64\wscript.exe Key value queried: HKEY_CURRENT_USER\Control Panel\International\Geo Nation Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05986DE6 rdtsc 1_2_05986DE6
Source: C:\Windows\SysWOW64\wscript.exe API coverage: 3.2 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02725B48 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA, 0_2_02725B48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe API call chain: ExitProcess graph end node
Source: explorer.exe, 00000002.00000002.584469703.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
Source: explorer.exe, 00000002.00000002.585090561.000000000920F000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000002.584469703.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000002.00000000.301736425.0000000007166000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
Source: explorer.exe, 00000002.00000000.310518017.0000000008FD3000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
Source: explorer.exe, 00000002.00000002.584469703.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
Source: explorer.exe, 00000002.00000002.584469703.00000000090D8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}00
Source: explorer.exe, 00000002.00000002.572313088.00000000050A1000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
Source: explorer.exe, 00000002.00000000.310518017.0000000008FD3000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: Iuigzwjd.exe, 0000000E.00000002.563565691.00000000007BE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02736388 InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualAlloc,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualAlloc,VirtualProtect,FreeLibrary, 0_2_02736388
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05986DE6 rdtsc 1_2_05986DE6
Source: C:\Windows\SysWOW64\wscript.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597FD9B mov eax, dword ptr fs:[00000030h] 1_2_0597FD9B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597FD9B mov eax, dword ptr fs:[00000030h] 1_2_0597FD9B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A105AC mov eax, dword ptr fs:[00000030h] 1_2_05A105AC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A105AC mov eax, dword ptr fs:[00000030h] 1_2_05A105AC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972581 mov eax, dword ptr fs:[00000030h] 1_2_05972581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972581 mov eax, dword ptr fs:[00000030h] 1_2_05972581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972581 mov eax, dword ptr fs:[00000030h] 1_2_05972581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972581 mov eax, dword ptr fs:[00000030h] 1_2_05972581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05942D8A mov eax, dword ptr fs:[00000030h] 1_2_05942D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05942D8A mov eax, dword ptr fs:[00000030h] 1_2_05942D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05942D8A mov eax, dword ptr fs:[00000030h] 1_2_05942D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05942D8A mov eax, dword ptr fs:[00000030h] 1_2_05942D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05942D8A mov eax, dword ptr fs:[00000030h] 1_2_05942D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05971DB5 mov eax, dword ptr fs:[00000030h] 1_2_05971DB5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05971DB5 mov eax, dword ptr fs:[00000030h] 1_2_05971DB5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05971DB5 mov eax, dword ptr fs:[00000030h] 1_2_05971DB5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059735A1 mov eax, dword ptr fs:[00000030h] 1_2_059735A1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0FDE2 mov eax, dword ptr fs:[00000030h] 1_2_05A0FDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0FDE2 mov eax, dword ptr fs:[00000030h] 1_2_05A0FDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0FDE2 mov eax, dword ptr fs:[00000030h] 1_2_05A0FDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0FDE2 mov eax, dword ptr fs:[00000030h] 1_2_05A0FDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6DC9 mov eax, dword ptr fs:[00000030h] 1_2_059C6DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6DC9 mov eax, dword ptr fs:[00000030h] 1_2_059C6DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6DC9 mov eax, dword ptr fs:[00000030h] 1_2_059C6DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6DC9 mov ecx, dword ptr fs:[00000030h] 1_2_059C6DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6DC9 mov eax, dword ptr fs:[00000030h] 1_2_059C6DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6DC9 mov eax, dword ptr fs:[00000030h] 1_2_059C6DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059F8DF1 mov eax, dword ptr fs:[00000030h] 1_2_059F8DF1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595D5E0 mov eax, dword ptr fs:[00000030h] 1_2_0595D5E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595D5E0 mov eax, dword ptr fs:[00000030h] 1_2_0595D5E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A18D34 mov eax, dword ptr fs:[00000030h] 1_2_05A18D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0E539 mov eax, dword ptr fs:[00000030h] 1_2_05A0E539
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05953D34 mov eax, dword ptr fs:[00000030h] 1_2_05953D34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594AD30 mov eax, dword ptr fs:[00000030h] 1_2_0594AD30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059CA537 mov eax, dword ptr fs:[00000030h] 1_2_059CA537
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05974D3B mov eax, dword ptr fs:[00000030h] 1_2_05974D3B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05974D3B mov eax, dword ptr fs:[00000030h] 1_2_05974D3B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05974D3B mov eax, dword ptr fs:[00000030h] 1_2_05974D3B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05967D50 mov eax, dword ptr fs:[00000030h] 1_2_05967D50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05983D43 mov eax, dword ptr fs:[00000030h] 1_2_05983D43
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C3540 mov eax, dword ptr fs:[00000030h] 1_2_059C3540
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059F3D40 mov eax, dword ptr fs:[00000030h] 1_2_059F3D40
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596C577 mov eax, dword ptr fs:[00000030h] 1_2_0596C577
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596C577 mov eax, dword ptr fs:[00000030h] 1_2_0596C577
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595849B mov eax, dword ptr fs:[00000030h] 1_2_0595849B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A014FB mov eax, dword ptr fs:[00000030h] 1_2_05A014FB
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6CF0 mov eax, dword ptr fs:[00000030h] 1_2_059C6CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6CF0 mov eax, dword ptr fs:[00000030h] 1_2_059C6CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6CF0 mov eax, dword ptr fs:[00000030h] 1_2_059C6CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A18CD6 mov eax, dword ptr fs:[00000030h] 1_2_05A18CD6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6C0A mov eax, dword ptr fs:[00000030h] 1_2_059C6C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6C0A mov eax, dword ptr fs:[00000030h] 1_2_059C6C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6C0A mov eax, dword ptr fs:[00000030h] 1_2_059C6C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C6C0A mov eax, dword ptr fs:[00000030h] 1_2_059C6C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01C06 mov eax, dword ptr fs:[00000030h] 1_2_05A01C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1740D mov eax, dword ptr fs:[00000030h] 1_2_05A1740D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1740D mov eax, dword ptr fs:[00000030h] 1_2_05A1740D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1740D mov eax, dword ptr fs:[00000030h] 1_2_05A1740D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597BC2C mov eax, dword ptr fs:[00000030h] 1_2_0597BC2C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DC450 mov eax, dword ptr fs:[00000030h] 1_2_059DC450
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DC450 mov eax, dword ptr fs:[00000030h] 1_2_059DC450
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597A44B mov eax, dword ptr fs:[00000030h] 1_2_0597A44B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596746D mov eax, dword ptr fs:[00000030h] 1_2_0596746D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05958794 mov eax, dword ptr fs:[00000030h] 1_2_05958794
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C7794 mov eax, dword ptr fs:[00000030h] 1_2_059C7794
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C7794 mov eax, dword ptr fs:[00000030h] 1_2_059C7794
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C7794 mov eax, dword ptr fs:[00000030h] 1_2_059C7794
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059837F5 mov eax, dword ptr fs:[00000030h] 1_2_059837F5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596F716 mov eax, dword ptr fs:[00000030h] 1_2_0596F716
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DFF10 mov eax, dword ptr fs:[00000030h] 1_2_059DFF10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DFF10 mov eax, dword ptr fs:[00000030h] 1_2_059DFF10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597A70E mov eax, dword ptr fs:[00000030h] 1_2_0597A70E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597A70E mov eax, dword ptr fs:[00000030h] 1_2_0597A70E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597E730 mov eax, dword ptr fs:[00000030h] 1_2_0597E730
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1070D mov eax, dword ptr fs:[00000030h] 1_2_05A1070D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A1070D mov eax, dword ptr fs:[00000030h] 1_2_05A1070D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05944F2E mov eax, dword ptr fs:[00000030h] 1_2_05944F2E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05944F2E mov eax, dword ptr fs:[00000030h] 1_2_05944F2E
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A18F6A mov eax, dword ptr fs:[00000030h] 1_2_05A18F6A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595EF40 mov eax, dword ptr fs:[00000030h] 1_2_0595EF40
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595FF60 mov eax, dword ptr fs:[00000030h] 1_2_0595FF60
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A10EA5 mov eax, dword ptr fs:[00000030h] 1_2_05A10EA5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A10EA5 mov eax, dword ptr fs:[00000030h] 1_2_05A10EA5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A10EA5 mov eax, dword ptr fs:[00000030h] 1_2_05A10EA5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DFE87 mov eax, dword ptr fs:[00000030h] 1_2_059DFE87
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C46A7 mov eax, dword ptr fs:[00000030h] 1_2_059C46A7
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059736CC mov eax, dword ptr fs:[00000030h] 1_2_059736CC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059FFEC0 mov eax, dword ptr fs:[00000030h] 1_2_059FFEC0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05988EC7 mov eax, dword ptr fs:[00000030h] 1_2_05988EC7
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A18ED6 mov eax, dword ptr fs:[00000030h] 1_2_05A18ED6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059716E0 mov ecx, dword ptr fs:[00000030h] 1_2_059716E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059576E2 mov eax, dword ptr fs:[00000030h] 1_2_059576E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597A61C mov eax, dword ptr fs:[00000030h] 1_2_0597A61C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597A61C mov eax, dword ptr fs:[00000030h] 1_2_0597A61C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594C600 mov eax, dword ptr fs:[00000030h] 1_2_0594C600
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594C600 mov eax, dword ptr fs:[00000030h] 1_2_0594C600
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594C600 mov eax, dword ptr fs:[00000030h] 1_2_0594C600
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05978E00 mov eax, dword ptr fs:[00000030h] 1_2_05978E00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059FFE3F mov eax, dword ptr fs:[00000030h] 1_2_059FFE3F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A01608 mov eax, dword ptr fs:[00000030h] 1_2_05A01608
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594E620 mov eax, dword ptr fs:[00000030h] 1_2_0594E620
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05957E41 mov eax, dword ptr fs:[00000030h] 1_2_05957E41
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05957E41 mov eax, dword ptr fs:[00000030h] 1_2_05957E41
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05957E41 mov eax, dword ptr fs:[00000030h] 1_2_05957E41
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05957E41 mov eax, dword ptr fs:[00000030h] 1_2_05957E41
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05957E41 mov eax, dword ptr fs:[00000030h] 1_2_05957E41
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05957E41 mov eax, dword ptr fs:[00000030h] 1_2_05957E41
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0AE44 mov eax, dword ptr fs:[00000030h] 1_2_05A0AE44
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0AE44 mov eax, dword ptr fs:[00000030h] 1_2_05A0AE44
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596AE73 mov eax, dword ptr fs:[00000030h] 1_2_0596AE73
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596AE73 mov eax, dword ptr fs:[00000030h] 1_2_0596AE73
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596AE73 mov eax, dword ptr fs:[00000030h] 1_2_0596AE73
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596AE73 mov eax, dword ptr fs:[00000030h] 1_2_0596AE73
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596AE73 mov eax, dword ptr fs:[00000030h] 1_2_0596AE73
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595766D mov eax, dword ptr fs:[00000030h] 1_2_0595766D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A049A4 mov eax, dword ptr fs:[00000030h] 1_2_05A049A4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A049A4 mov eax, dword ptr fs:[00000030h] 1_2_05A049A4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A049A4 mov eax, dword ptr fs:[00000030h] 1_2_05A049A4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A049A4 mov eax, dword ptr fs:[00000030h] 1_2_05A049A4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972990 mov eax, dword ptr fs:[00000030h] 1_2_05972990
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597A185 mov eax, dword ptr fs:[00000030h] 1_2_0597A185
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596C182 mov eax, dword ptr fs:[00000030h] 1_2_0596C182
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C51BE mov eax, dword ptr fs:[00000030h] 1_2_059C51BE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C51BE mov eax, dword ptr fs:[00000030h] 1_2_059C51BE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C51BE mov eax, dword ptr fs:[00000030h] 1_2_059C51BE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C51BE mov eax, dword ptr fs:[00000030h] 1_2_059C51BE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059761A0 mov eax, dword ptr fs:[00000030h] 1_2_059761A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059761A0 mov eax, dword ptr fs:[00000030h] 1_2_059761A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C69A6 mov eax, dword ptr fs:[00000030h] 1_2_059C69A6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059D41E8 mov eax, dword ptr fs:[00000030h] 1_2_059D41E8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594B1E1 mov eax, dword ptr fs:[00000030h] 1_2_0594B1E1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594B1E1 mov eax, dword ptr fs:[00000030h] 1_2_0594B1E1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594B1E1 mov eax, dword ptr fs:[00000030h] 1_2_0594B1E1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949100 mov eax, dword ptr fs:[00000030h] 1_2_05949100
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949100 mov eax, dword ptr fs:[00000030h] 1_2_05949100
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949100 mov eax, dword ptr fs:[00000030h] 1_2_05949100
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597513A mov eax, dword ptr fs:[00000030h] 1_2_0597513A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597513A mov eax, dword ptr fs:[00000030h] 1_2_0597513A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05964120 mov eax, dword ptr fs:[00000030h] 1_2_05964120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05964120 mov eax, dword ptr fs:[00000030h] 1_2_05964120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05964120 mov eax, dword ptr fs:[00000030h] 1_2_05964120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05964120 mov eax, dword ptr fs:[00000030h] 1_2_05964120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05964120 mov ecx, dword ptr fs:[00000030h] 1_2_05964120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596B944 mov eax, dword ptr fs:[00000030h] 1_2_0596B944
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596B944 mov eax, dword ptr fs:[00000030h] 1_2_0596B944
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594B171 mov eax, dword ptr fs:[00000030h] 1_2_0594B171
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594B171 mov eax, dword ptr fs:[00000030h] 1_2_0594B171
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594C962 mov eax, dword ptr fs:[00000030h] 1_2_0594C962
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949080 mov eax, dword ptr fs:[00000030h] 1_2_05949080
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C3884 mov eax, dword ptr fs:[00000030h] 1_2_059C3884
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C3884 mov eax, dword ptr fs:[00000030h] 1_2_059C3884
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597F0BF mov ecx, dword ptr fs:[00000030h] 1_2_0597F0BF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597F0BF mov eax, dword ptr fs:[00000030h] 1_2_0597F0BF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597F0BF mov eax, dword ptr fs:[00000030h] 1_2_0597F0BF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059890AF mov eax, dword ptr fs:[00000030h] 1_2_059890AF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 mov eax, dword ptr fs:[00000030h] 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 mov eax, dword ptr fs:[00000030h] 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 mov eax, dword ptr fs:[00000030h] 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 mov eax, dword ptr fs:[00000030h] 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 mov eax, dword ptr fs:[00000030h] 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059720A0 mov eax, dword ptr fs:[00000030h] 1_2_059720A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DB8D0 mov eax, dword ptr fs:[00000030h] 1_2_059DB8D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DB8D0 mov ecx, dword ptr fs:[00000030h] 1_2_059DB8D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DB8D0 mov eax, dword ptr fs:[00000030h] 1_2_059DB8D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DB8D0 mov eax, dword ptr fs:[00000030h] 1_2_059DB8D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DB8D0 mov eax, dword ptr fs:[00000030h] 1_2_059DB8D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059DB8D0 mov eax, dword ptr fs:[00000030h] 1_2_059DB8D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059440E1 mov eax, dword ptr fs:[00000030h] 1_2_059440E1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059440E1 mov eax, dword ptr fs:[00000030h] 1_2_059440E1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059440E1 mov eax, dword ptr fs:[00000030h] 1_2_059440E1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059458EC mov eax, dword ptr fs:[00000030h] 1_2_059458EC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C7016 mov eax, dword ptr fs:[00000030h] 1_2_059C7016
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C7016 mov eax, dword ptr fs:[00000030h] 1_2_059C7016
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C7016 mov eax, dword ptr fs:[00000030h] 1_2_059C7016
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A14015 mov eax, dword ptr fs:[00000030h] 1_2_05A14015
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A14015 mov eax, dword ptr fs:[00000030h] 1_2_05A14015
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597002D mov eax, dword ptr fs:[00000030h] 1_2_0597002D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597002D mov eax, dword ptr fs:[00000030h] 1_2_0597002D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597002D mov eax, dword ptr fs:[00000030h] 1_2_0597002D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597002D mov eax, dword ptr fs:[00000030h] 1_2_0597002D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597002D mov eax, dword ptr fs:[00000030h] 1_2_0597002D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595B02A mov eax, dword ptr fs:[00000030h] 1_2_0595B02A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595B02A mov eax, dword ptr fs:[00000030h] 1_2_0595B02A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595B02A mov eax, dword ptr fs:[00000030h] 1_2_0595B02A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595B02A mov eax, dword ptr fs:[00000030h] 1_2_0595B02A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05960050 mov eax, dword ptr fs:[00000030h] 1_2_05960050
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05960050 mov eax, dword ptr fs:[00000030h] 1_2_05960050
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A02073 mov eax, dword ptr fs:[00000030h] 1_2_05A02073
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A11074 mov eax, dword ptr fs:[00000030h] 1_2_05A11074
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972397 mov eax, dword ptr fs:[00000030h] 1_2_05972397
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A15BA5 mov eax, dword ptr fs:[00000030h] 1_2_05A15BA5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597B390 mov eax, dword ptr fs:[00000030h] 1_2_0597B390
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05951B8F mov eax, dword ptr fs:[00000030h] 1_2_05951B8F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05951B8F mov eax, dword ptr fs:[00000030h] 1_2_05951B8F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059FD380 mov ecx, dword ptr fs:[00000030h] 1_2_059FD380
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0138A mov eax, dword ptr fs:[00000030h] 1_2_05A0138A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05974BAD mov eax, dword ptr fs:[00000030h] 1_2_05974BAD
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05974BAD mov eax, dword ptr fs:[00000030h] 1_2_05974BAD
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05974BAD mov eax, dword ptr fs:[00000030h] 1_2_05974BAD
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C53CA mov eax, dword ptr fs:[00000030h] 1_2_059C53CA
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059C53CA mov eax, dword ptr fs:[00000030h] 1_2_059C53CA
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059703E2 mov eax, dword ptr fs:[00000030h] 1_2_059703E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059703E2 mov eax, dword ptr fs:[00000030h] 1_2_059703E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059703E2 mov eax, dword ptr fs:[00000030h] 1_2_059703E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059703E2 mov eax, dword ptr fs:[00000030h] 1_2_059703E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059703E2 mov eax, dword ptr fs:[00000030h] 1_2_059703E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059703E2 mov eax, dword ptr fs:[00000030h] 1_2_059703E2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0596DBE9 mov eax, dword ptr fs:[00000030h] 1_2_0596DBE9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0131B mov eax, dword ptr fs:[00000030h] 1_2_05A0131B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594F358 mov eax, dword ptr fs:[00000030h] 1_2_0594F358
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594DB40 mov eax, dword ptr fs:[00000030h] 1_2_0594DB40
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05973B7A mov eax, dword ptr fs:[00000030h] 1_2_05973B7A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05973B7A mov eax, dword ptr fs:[00000030h] 1_2_05973B7A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594DB60 mov ecx, dword ptr fs:[00000030h] 1_2_0594DB60
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A18B58 mov eax, dword ptr fs:[00000030h] 1_2_05A18B58
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597D294 mov eax, dword ptr fs:[00000030h] 1_2_0597D294
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597D294 mov eax, dword ptr fs:[00000030h] 1_2_0597D294
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595AAB0 mov eax, dword ptr fs:[00000030h] 1_2_0595AAB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0595AAB0 mov eax, dword ptr fs:[00000030h] 1_2_0595AAB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0597FAB0 mov eax, dword ptr fs:[00000030h] 1_2_0597FAB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059452A5 mov eax, dword ptr fs:[00000030h] 1_2_059452A5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059452A5 mov eax, dword ptr fs:[00000030h] 1_2_059452A5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059452A5 mov eax, dword ptr fs:[00000030h] 1_2_059452A5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059452A5 mov eax, dword ptr fs:[00000030h] 1_2_059452A5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059452A5 mov eax, dword ptr fs:[00000030h] 1_2_059452A5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972ACB mov eax, dword ptr fs:[00000030h] 1_2_05972ACB
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05972AE4 mov eax, dword ptr fs:[00000030h] 1_2_05972AE4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594AA16 mov eax, dword ptr fs:[00000030h] 1_2_0594AA16
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0594AA16 mov eax, dword ptr fs:[00000030h] 1_2_0594AA16
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05945210 mov eax, dword ptr fs:[00000030h] 1_2_05945210
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05945210 mov ecx, dword ptr fs:[00000030h] 1_2_05945210
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05945210 mov eax, dword ptr fs:[00000030h] 1_2_05945210
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05945210 mov eax, dword ptr fs:[00000030h] 1_2_05945210
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05963A1C mov eax, dword ptr fs:[00000030h] 1_2_05963A1C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05958A0A mov eax, dword ptr fs:[00000030h] 1_2_05958A0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05984A2C mov eax, dword ptr fs:[00000030h] 1_2_05984A2C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05984A2C mov eax, dword ptr fs:[00000030h] 1_2_05984A2C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0AA16 mov eax, dword ptr fs:[00000030h] 1_2_05A0AA16
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0AA16 mov eax, dword ptr fs:[00000030h] 1_2_05A0AA16
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A18A62 mov eax, dword ptr fs:[00000030h] 1_2_05A18A62
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059D4257 mov eax, dword ptr fs:[00000030h] 1_2_059D4257
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949240 mov eax, dword ptr fs:[00000030h] 1_2_05949240
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949240 mov eax, dword ptr fs:[00000030h] 1_2_05949240
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949240 mov eax, dword ptr fs:[00000030h] 1_2_05949240
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05949240 mov eax, dword ptr fs:[00000030h] 1_2_05949240
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_0598927A mov eax, dword ptr fs:[00000030h] 1_2_0598927A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_05A0EA55 mov eax, dword ptr fs:[00000030h] 1_2_05A0EA55
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059FB260 mov eax, dword ptr fs:[00000030h] 1_2_059FB260
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059FB260 mov eax, dword ptr fs:[00000030h] 1_2_059FB260
Source: C:\Windows\SysWOW64\wscript.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Code function: 1_2_059895D0 NtClose,LdrInitializeThunk, 1_2_059895D0

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory written: C:\Windows\SysWOW64\wscript.exe base: 10410000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory written: C:\Windows\SysWOW64\wscript.exe base: 4740000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory written: C:\Windows\SysWOW64\wscript.exe base: 47E0000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory allocated: C:\Windows\SysWOW64\wscript.exe base: 10410000 protect: page execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory allocated: C:\Windows\SysWOW64\wscript.exe base: 4740000 protect: page execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory allocated: C:\Windows\SysWOW64\wscript.exe base: 47E0000 protect: page execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Memory written: C:\Windows\SysWOW64\wscript.exe base: 10410000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Thread created: C:\Windows\SysWOW64\wscript.exe EIP: 47E0000 Jump to behavior
Source: explorer.exe, 00000002.00000000.283075686.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.566817339.0000000001980000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Program ManagerT7<=ge
Source: wscript.exe, 00000001.00000002.572034695.0000000005D50000.00000040.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.311425459.00000000090D8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.295382683.0000000006770000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000002.00000000.283075686.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.566817339.0000000001980000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: wscript.exe, 00000001.00000002.572034695.0000000005D50000.00000040.00000001.00040000.00000000.sdmp Binary or memory string: Microsoft-Reserved-24C26ACC-DE62-4303-88AD-6CD4F1447F18SecurityConfigureWindowsPasswordsProxy DesktopProgmanSoftware\Microsoft\Windows NT\CurrentVersion\WinlogonShellSoftware\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells
Source: explorer.exe, 00000002.00000000.281785582.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.563450551.0000000001378000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CProgmanile
Source: explorer.exe, 00000002.00000000.283075686.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.566817339.0000000001980000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA, 0_2_02725D0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: GetLocaleInfoA, 0_2_0272AA04
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: GetLocaleInfoA, 0_2_0272A9B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA, 0_2_02725E18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_02729438 GetLocalTime, 0_2_02729438
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe Code function: 0_2_0272B938 GetVersionExA, 0_2_0272B938

Stealing of Sensitive Information

barindex
Source: Yara match File source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality

barindex
Source: Yara match File source: 1.2.wscript.exe.10410000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.wscript.exe.10410000.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000001.00000002.576405249.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.564946662.0000000004830000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs