Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Analysis ID:	755965
MD5:	7081c4822cf1c7572dd82822b8f27c49
SHA1:	4ee3b6c423b1c9ebf5befbc73d1eef0c576cf026
SHA256:	b5330f82f3c5c3f223ae9decd3ebdcd74d1a13d95b1c42bd7b2de4e6c6cb0083
Infos:

Detection

GuLoader

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Tries to detect Any.run

Uses 32bit PE files

Contains functionality to shutdown / reboot the system

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Found potential string decryption / allocating functions

Stores files to the Windows start menu directory

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Contains functionality for execution timing, often used to detect debuggers

Sample file is different than original file name gathered from version info

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

PE / OLE file has an invalid certificate

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64native

SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe (PID: 6064 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe MD5: 7081C4822CF1C7572DD82822B8F27C49)

SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe (PID: 6832 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe MD5: 7081C4822CF1C7572DD82822B8F27C49)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000005.00000000.39479578905.0000000001660000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Virustotal: Detection: 29%			Perma Link
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	ReversingLabs: Detection: 19%

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_00406555 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_00405A03 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0040287E FindFirstFileW,

Source: global traffic

HTTP traffic detected: GET /wnioMvShFMvcw54.emz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.giliro.comCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: http://s.symcd.com06
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176265345.000000000192A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emz
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emz32w
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emzG
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.giliro.com/wnioMvShFMvcw54.emzV
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482152594.0000000000626000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	String found in binary or memory: https://d.symcb.com/rpa0.
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214

Source: unknown

DNS traffic detected: queries for: www.giliro.com

Source: global traffic

HTTP traffic detected: GET /wnioMvShFMvcw54.emz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.giliro.comCache-Control: no-cache

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_004054B0 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_00404CED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_004068DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03340888
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DB33
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DB35
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320313
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332131F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03341379
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0334537A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320F7D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332036A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320B50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DF54
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03322355
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321B5E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321F44
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332974A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321FB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033223BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332A7BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033217A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DF99
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332139C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033207F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03343BF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033293E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03329BE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033207D1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033203DF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332AFDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03329BC1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0334162E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320614
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332221F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321E00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320277
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03342671
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320A63
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320E63
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321A63
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321665
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320252
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03344256
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DE51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332B254
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321E55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332AE5C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321245
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033276B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033292B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033212BB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321EBD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0333FEA9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320AF2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033216F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DEFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033296E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320ED9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332AEDC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033222C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03341EC3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320535
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0333F53D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321929
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DD2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332E912
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321D1A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332E11B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321118
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03329D1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DD05
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320D0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332B10C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321D74
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320175
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332257A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03329178
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03322160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320957
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332A154
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033205A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0333C1AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033211AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320192
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321995
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332A19A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332E186
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033219F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033295FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0333F9E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332A5E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033209EA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033255ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332C1ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033429D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033215DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321436
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DC18
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332181E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332541C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03325402
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320001
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332000E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321C0D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03321C6E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332986D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332205D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03341447
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03329844
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332044C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033214BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033204A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033200AB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320894
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03337095
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03320C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332D898
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332188F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033294E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033224E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033224C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332E0C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0D69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85FD27
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A9DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D857D4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B2DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D839C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AAC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D827CE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D790C12
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D86ACEB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BFCE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81EC20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B8CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84EC4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85EC60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D856C69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85EFBF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D851FC6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ACF00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81FF40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85FF63
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D850EAD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C0E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D859ED2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D792EE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85E9A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E59C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A9870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BB870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D786868
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8198B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8518DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CE810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8578F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840835
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A28C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D815870
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85F872
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B6882
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D814BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7DDB19
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0B10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85FB2E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85FA89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85CA13
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BFAA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85EA5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8575C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85F5C9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D86A526
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80D480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0445
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A2760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AA760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D856757
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C4670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85A6C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8136EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85F6F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BC600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79C6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83D62C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84D646
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0680
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E717A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78F113
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D86010E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BB1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83D130
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A51C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8570F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AB0D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7900A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D508C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84E076
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AE310
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85F330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D791380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78D2EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85124C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_016806CD

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: String function: 1D7D5050 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: String function: 1D81EF10 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: String function: 1D7E7BE4 appears 97 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: String function: 1D78B910 appears 272 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: String function: 1D80E692 appears 86 times

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03330A7D NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03343960 NtProtectVirtualMemory,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033449A1 NtResumeThread,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2D10 NtQuerySystemInformation,LdrInitializeThunk,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2B90 NtFreeVirtualMemory,LdrInitializeThunk,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2D50 NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2DC0 NtAdjustPrivilegesToken,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2DA0 NtReadVirtualMemory,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2C50 NtUnmapViewOfSection,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D3C30 NtOpenProcessToken,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2C30 NtMapViewOfSection,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2C20 NtSetInformationFile,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2C10 NtOpenProcess,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2CF0 NtDelayExecution,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2CD0 NtEnumerateKey,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D3C90 NtOpenThread,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2F30 NtOpenDirectoryObject,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2F00 NtCreateFile,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2FB0 NtSetValueKey,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2E50 NtCreateSection,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2E00 NtQueueApcThread,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2ED0 NtResumeThread,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2EC0 NtQuerySection,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2EB0 NtProtectVirtualMemory,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2E80 NtCreateProcessEx,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D29F0 NtReadFile,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D29D0 NtWaitForSingleObject,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D38D0 NtGetContextThread,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2B20 NtQueryInformationProcess,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2B00 NtQueryValueKey,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2BE0 NtQueryVirtualMemory,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2BC0 NtQueryInformationToken,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2B80 NtCreateKey,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2A10 NtWriteFile,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2AC0 NtEnumerateValueKey,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2AA0 NtQueryInformationFile,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D2A80 NtClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D4570 NtSuspendThread,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D34E0 NtCreateMutant,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D4260 NtSetContextThread,

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39649421768.000000001D530000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39654608535.000000001D6E4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44196722142.000000001DA30000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Section loaded: edgegdi.dll

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Static PE information: invalid certificate

Source: libgiognutls.dll.1.dr

Static PE information: Number of sections : 11 > 10

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Virustotal: Detection: 29%
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	ReversingLabs: Detection: 19%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Jump to behavior

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

File created: C:\Users\user\AppData\Local\Temp\nsp5029.tmp

Jump to behavior

Source: classification engine

Classification label: mal60.troj.evad.winEXE@3/4@1/1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_00402104 CoCreateInstance,

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_00404771 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp
Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39652897969.000000001D5B7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44194181907.000000001D88D000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44191646427.000000001D760000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39647697379.000000001D40D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.39479578905.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_10002DE0 push eax; ret
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332733D push ds; retf
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03325773 pushad ; ret
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03331367 pushad ; iretd
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03325742 push ebp; iretd
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033273D0 push ds; retf
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332F3CB pushad ; iretd
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332B629 push FFFFFFACh; retf
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03330606 push esp; ret
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03327D33 push 8566BBEBh; ret
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332B571 push FFFFFFACh; retf
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03325863 pushad ; ret
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03330C84 push ds; iretd
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332B4F0 push FFFFFFACh; retf
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332F4EA push esp; iretd
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7908CD push ecx; mov dword ptr [esp], ecx

Source: libgiognutls.dll.1.dr

Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll			Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll			Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Obeyeo.Bib	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\Urokkeligheden.Ord114	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect Any.run

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	File opened: C:\Program Files\qga\qga.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll

Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_03320313 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_00406555 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_00405A03 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0040287E FindFirstFileW,

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	API call chain: ExitProcess graph end node

Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39650788507.000000000194A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176520630.000000000194A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000003.39936791137.000000000194A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000001.00000002.39674469754.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44177087962.00000000034C9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_03320313 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DB33 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332DB35 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332CB5D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03329178 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332E5FD mov ebx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332C1ED mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_033429D7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332CC27 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0333202C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_0332CC2D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 1_2_03340817 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBD71 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBD71 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A5D60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864DA7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D791D50 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D791D50 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADD4D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADD4D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADD4D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D789D46 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D789D46 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D789D46 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84ADD6 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84ADD6 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78FD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAD20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BCD10 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BCD10 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85CDEB mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85CDEB mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D83FDF4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79AD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B0D01 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81CD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81CD00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78EDFA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D828D0A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84BD08 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84BD08 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79BDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BFDE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840D24 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D788DCD mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2DBC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2DBC mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80CD40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80CD40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D855D43 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D855D43 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78DDB0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864D4B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D797DB6 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D786DA6 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811D5E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D815D60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D865D65 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796D91 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CD8A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CD8A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D836D79 mov esi, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D790C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D790C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D790C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D798C79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D813C80 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CC68 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84FC95 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBC6E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBC6E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D839C98 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D839C98 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D839C98 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D839C98 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78DC40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C4C3D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D788C3D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D815CD0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D822CD0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D822CD0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D822CD0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864CD2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D823CD4 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D823CD4 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A3C20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AAC20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AAC20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7AAC20 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D827CE8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2C10 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D810CEE mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80CCF0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BECF3 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BECF3 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787CF1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793CF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793CF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B8CDF mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B8CDF mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADCD1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADCD1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADCD1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CCCD1 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CCCD1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CCCD1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79FCC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C9CCF mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D786CC0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D786CC0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D786CC0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D827C38 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D855C38 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D855C38 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D813C57 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864C59 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D797C95 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D797C95 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787C85 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78EF79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78EF79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78EF79 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78BF70 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D791F70 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAF72 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F8B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F8B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F8B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E6F70 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78FF30 mov edi, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D811FC9 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ADF36 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84EFD3 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FFDC mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FFDC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D0F16 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBF0C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBF0C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBF0C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864FFF mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ACF00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7ACF00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B8FFB mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FF03 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FF03 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FF03 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A6FE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864F1D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D789FD0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78BFC0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F3C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F3C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F3C mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D818F3C mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C8FBC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84BF4D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BCFB0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BCFB0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D794FB6 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D791FAA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84AF50 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84EF66 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BBF93 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A0F90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864F7C mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D791E70 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CCE70 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C7E71 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78BE60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78BE60 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D850EAD mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D850EAD mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BEE48 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78FE40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78AE40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78AE40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78AE40 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78DE45 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78DE45 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D817EC3 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D817EC3 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CCE3F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864EC1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D792E32 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81CED0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D859ED2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78BE18 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84EEE7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C8E15 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793E14 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793E14 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793E14 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793E01 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796E00 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D833EFC mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864E03 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78CEF0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C1EED mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C1EED mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C1EED mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D792EE8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D793EE2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80FE1F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D858E26 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7D1ED8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CBED0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D826E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D826E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825E30 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825E30 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2EB8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2EB8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A1EB2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80DE50 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80DE50 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CCEA0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D864E62 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D840E6D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAE89 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BAE89 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BBE80 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84EE78 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D796970 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A096B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A096B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8189A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CC958 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B950 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B950 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81F9AA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81F9AA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B4955 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B4955 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8269B0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8269B0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8269B0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BE94E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CC944 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BD940 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BD940 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84D9C6 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7B9938 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E693A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E693A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E693A mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81D9C7 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78B931 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78B931 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8629CF mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8629CF mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8399D6 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C5921 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C5921 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C5921 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C5921 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2919 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C2919 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7E6912 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D787917 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BB9FA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7899F0 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7909F0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C49F0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C49F0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80C920 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80C920 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80C920 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D80C920 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85892E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85892E mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D86492D mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825930 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825930 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825930 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D825930 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BD9CE mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B9C0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79B9C0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7989C0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7989C0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D85D946 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D84D947 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78B9B0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7C89B0 mov edx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79E9A0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81395B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81395B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81395B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CC98F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CC98F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7CC98F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79F870 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D79F870 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A9870 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7A9870 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D831889 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D831889 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D831889 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81488F mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81B890 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81B890 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D81B890 mov ecx, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D848890 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D848890 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8198B2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D7BB839 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D8518DA mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Code function: 5_2_1D78D818 mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process queried: DebugPort
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process queried: DebugPort
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Code function: 1_2_03340888 LdrLoadDll,

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Native API	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	11 Virtualization/Sandbox Evasion	OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Process Injection	1 Access Token Manipulation	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Clipboard Data	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	11 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	12 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	4 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 DLL Side-Loading	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	29%	Virustotal		Browse
SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	20%	ReversingLabs	Win32.Trojan.Nemesis

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll	2%	ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
www.giliro.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	0%	Avira URL Cloud	safe
http://www.giliro.com/wnioMvShFMvcw54.emz32w	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	0%	Avira URL Cloud	safe
http://www.giliro.com/wnioMvShFMvcw54.emz	0%	Avira URL Cloud	safe
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.	0%	Avira URL Cloud	safe
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	0%	Virustotal		Browse
http://www.giliro.com/wnioMvShFMvcw54.emzV	0%	Avira URL Cloud	safe
http://www.gopher.ftp://ftp.	0%	Avira URL Cloud	safe
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	0%	Avira URL Cloud	safe
http://www.giliro.com/wnioMvShFMvcw54.emzG	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
giliro.com	66.147.238.212	true	false		unknown
www.giliro.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.giliro.com/wnioMvShFMvcw54.emz	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39481928947.00000000005F2000.00000008.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown
http://www.giliro.com/wnioMvShFMvcw54.emz32w	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176068670.000000000190C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe	false		high
http://www.giliro.com/wnioMvShFMvcw54.emzV	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.giliro.com/wnioMvShFMvcw54.emzG	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000002.44176379660.0000000001936000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482152594.0000000000626000.00000008.00000001.01000000.00000005.sdmp	false		high
http://www.gopher.ftp://ftp.	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe, 00000005.00000001.39482313722.0000000000649000.00000008.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
66.147.238.212	giliro.com	United States		23535	HOSTROCKETUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	755965
Start date and time:	2022-11-29 11:43:57 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 38s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.troj.evad.winEXE@3/4@1/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 45.5% (good quality ratio 43.8%) Quality average: 77.4% Quality standard deviation: 24.9%
HCA Information:	Successful, ratio: 97% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
TCP Packets have been reduced to 100
Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wdcp.microsoft.com
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	11776
Entropy (8bit):	5.656065698421856
Encrypted:	false
SSDEEP:	192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
MD5:	17ED1C86BD67E78ADE4712BE48A7D2BD
SHA1:	1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0
SHA-256:	BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB
SHA-512:	0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....MX...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Obeyeo.Bib

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
File Type:	data
Category:	dropped
Size (bytes):	178824
Entropy (8bit):	6.515135274289935
Encrypted:	false
SSDEEP:	1536:Aqnh3ZWvlivpBh2LolEVEF+F2MVQ454gp3cHE6xBiP29vpAX5D57DwVaDXW:RkYzh2Lol/FdUJNfPgk5DVDUd
MD5:	52F571D999E9DD5B6ABFFE0CC9BF8DF3
SHA1:	67743CD31368EA4C7C350C5071A6B1D8A5AF400B
SHA-256:	7CC58916DBEADFF389E9375FD1F8973DB606156E953F309C55C40384E54765E3
SHA-512:	0BA04B8CDA196099229824B65348B71483D50377D10660AF8CD70A10919A310D88DDBA80D1F595524F71764BB2A765C87B9E5E2276391B11A272A52E3BBA7C11
Malicious:	false
Reputation:	low
Preview:	...6.{..N..p2...H.=L.]......l..b.0..2).v..X..~..q..nm.9..$h....YZ..}..V.u..E.a(M..........q......@9.n.`7......z.N...<...&..h..\.....&.h@p.....%.~5._b..b........B(....:.4......t.S0..J..0.h.&..H.t.gV.&..y.,J.3...m..\.......~n..L.AnI.....C.a.7w^!9.D.]J.....p...C8..Hn.....14.\|.. ...k........_9......@%......S..d.>.I.9.@.....l.....,.4G.l.}..e....<......]...wj.Z.^...j.Fv.#..9n.c{.`..4U...,Q...v.g.t)..o...g......E.}..9...1....Wbl..JT%8..m[x.a.u.7.i)......1+..$l@...x$.~......6q.BE.x..7...n.n..gOZ.V.7..6.a!.c....`.vGm).."L#~..E......tV.....DjX.....Z.>..Z.).c...............D7}d.v.. ..%...v.fH.....Cw..x.^......b\ct....Y..g.b...1*cR..%6F'.......Q-.......GH....L!?1...<.^Rf.G.H[O.<.Ke.....R..._e..1..s........y.~..x!...Tl.... .a .;..KG.]%:."%.O..X.S..b..t.o{.......#..9...b..J.e..w...<~b........5................XC....Z....E.zE.g.k.X.^.=.W)...>.'K.h<.C\././.7.d......~./.a~.Yc.......4...{....d..m."...v........v"......iY....9..ka.....M...m.}).....Y..f..-..4..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\Urokkeligheden.Ord114

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
File Type:	data
Category:	dropped
Size (bytes):	119298
Entropy (8bit):	7.998253263209972
Encrypted:	true
SSDEEP:	1536:6JcdhM4/003cKP7zr9UE0q19q9MUxJ0O1mwVrLSft3KeDQMjE4le/l1NUYeECfZm:LdhM4/Fpb/1Ca2LEt9DQMA4lGVUh14B
MD5:	251C92F85825E5BBBE4D7624FC7F4AE4
SHA1:	BF396458B8D37DCC5880B29A7482A4896828C35F
SHA-256:	20694D441EEAB696B6D6AE5B7785BB0CAD19E1708EF49C28737CAD1805B49CDC
SHA-512:	5730DF53CE6DE9791F81287EA340ECDECEF1B99B80DC7501F9739083AF5D66543795E82C19388522580A43B8553FEAA2D5C0B419502BC7325E34F1862BBD44DD
Malicious:	false
Reputation:	low
Preview:	...Ct.m.j\i...G..@k......D.....W.S.CE.P'.O....9l....4Y%\.R...%..'.D.o.%9h........vP.h0...E_..1.}................{...).h....F.r..lm....D..{..dF4.@F..=.....G..&....... v47.L..V..%.$x..rK..ue=.w.)..+b...$.m.Gj..@x.3...14J...#"....G\| v8@Y2.R..v.."j...~.,..<..}...&H9F..v..=....>;......HF..c...~..'c.f.p0"...>Q\|./."...n..t.............$^.Z.c....h(.df.B..`,..#.?s.8..k'.B.t.....<3..s..h-).Q..\R.O.C=.c.<S..b(..Q#.....r...j..z...U.vU.>..C...@...G-..7=.....".mu52.[...`Bf}0q.V.lF.\|(.pMo...^L.l.@.#[bH...1..I.l.Mi..iB..(N"$e.....r..9....1z.2..P.GH..p....sE..O.cR.l.Z.H/.u_.Z+"Rk.M.g..q....Z..{0...g....,:....t..QF2.oA.v{....h.....TIN...r.. O.u..P...(........G.....+kk%9W.b.I.Q.....Gy9^~./..Q8..!o]$.5.....4. };......80....ze.^l....WL.b....!..0.N.{Q...'.....I..dnP....7.p..aB.w.Z.v]R.../r.C6(q.C...%...n....2@..0$.X.;CW.1...5...s#.]..x[h..T./.>.(...dJ...q?._.I....K...1'....9.).n1#..5:&.S3^........Z.Z.0.c._.'.....r;bw.P.....K.^.....(....'..4.?....N....#.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	131991
Entropy (8bit):	5.8780987492725405
Encrypted:	false
SSDEEP:	1536:v6J1cdTEl2OzvUtevCuoCW9fPr+vo9F5J7YWv3vbRnBycYWOGWSeaGymtYWOGWSS:VdW2OLgNCwXKSH8WPvVBjA+KE8S5
MD5:	10D998CF80B4437C2979B25EBCBE16D1
SHA1:	79C99DD2ABB99253E41C5E40DAB29522F93345BB
SHA-256:	A0A87BC30F4B39D7B642841A10208CE5286C6CA712B28B9D921E1EA6F547AEE6
SHA-512:	44863645B48815C3C248111F86440E3A0C515AF61B5A17D15B5A6C7304277F76056BCEB6C579E7824E11ADCA4DB3E385FA8019D602C40FA527E725C09B6AA523
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................&"...%............P........................................@......g}....`... .................................................lE...........................0.............................. i..(....................................................text...X...........................`..`.data........ ......................@....rdata...A...0...B..................@..@.pdata...............R..............@..@.xdata..X............`..............@..@.bss....p................................edata...............n..............@..@.idata..lE.......F...p..............@....CRT....X...........................@....tls......... ......................@....reloc.......0......................@..B........................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.505402259729816
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
File size:	477800
MD5:	7081c4822cf1c7572dd82822b8f27c49
SHA1:	4ee3b6c423b1c9ebf5befbc73d1eef0c576cf026
SHA256:	b5330f82f3c5c3f223ae9decd3ebdcd74d1a13d95b1c42bd7b2de4e6c6cb0083
SHA512:	6e3377e6a47518f2267cd38646e2cec576d41fd8a67c8c2590f43bf353c0b1f322fc229e70bc98e9c7dfaa1a11cf872a0c8e2c15a31ee90ef1c4e65eac98ee3a
SSDEEP:	12288:Lz772qgvq2nLm4W2RPLKb+nFzIQ3Ja8TA:gXnS4W2RPLKm/of
TLSH:	4DA4D096F74155D6CC24177259BB9D3702B3BD7E14B10B5F61AE32322F332828A07A2E
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P.._...P...P..OP.._...P...s...P...V...P..Rich.P..........PE..L...8.MX.................b...*......J4............@

File Icon


Icon Hash:	b8eee6a4c0c8c6c2

Static PE Info

General

Entrypoint:	0x40344a
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x584DCA38 [Sun Dec 11 21:50:48 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	4ea4df5d94204fc550be1874e1b77ea7

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Warrambool, OU="Gennembryde Catbrier ", E=Lrerforsamlingen@Resoneres187.ti, O=Warrambool, L=Betpouy, S=Occitanie, C=FR
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	16/05/2022 14:16:58 15/05/2025 14:16:58
Subject Chain	CN=Warrambool, OU="Gennembryde Catbrier ", E=Lrerforsamlingen@Resoneres187.ti, O=Warrambool, L=Betpouy, S=Occitanie, C=FR
Version:	3
Thumbprint MD5:	50955086B951A7063EA053252647D196
Thumbprint SHA-1:	B2C1191B987021E62094F55BD9D8BCF9138BF3A6
Thumbprint SHA-256:	26FCB244ABFE2816CFB307605DB0353DBE6BE089ACEC8D49A63FDE728C428741
Serial:	D479F570518060D0

Entrypoint Preview

Instruction
sub esp, 000002D4h
push ebx
push esi
push edi
push 00000020h
pop edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+14h], ebx
mov dword ptr [esp+10h], 0040A230h
mov dword ptr [esp+1Ch], ebx
call dword ptr [004080B4h]
call dword ptr [004080B0h]
cmp ax, 00000006h
je 00007EFC28FA74F3h
push ebx
call 00007EFC28FAA64Ch
cmp eax, ebx
je 00007EFC28FA74E9h
push 00000C00h
call eax
mov esi, 004082B8h
push esi
call 00007EFC28FAA5C6h
push esi
call dword ptr [0040815Ch]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], 00000000h
jne 00007EFC28FA74CCh
push ebp
push 00000009h
call 00007EFC28FAA61Eh
push 00000007h
call 00007EFC28FAA617h
mov dword ptr [0042A244h], eax
call dword ptr [0040803Ch]
push ebx
call dword ptr [004082A4h]
mov dword ptr [0042A2F8h], eax
push ebx
lea eax, dword ptr [esp+34h]
push 000002B4h
push eax
push ebx
push 004216E8h
call dword ptr [00408188h]
push 0040A384h
push 00429240h
call 00007EFC28FAA200h
call dword ptr [004080ACh]
mov ebp, 00435000h
push eax
push ebp
call 00007EFC28FAA1EEh
push ebx
call dword ptr [00408174h]
add word ptr [eax], 0000h

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8504	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6e000	0x28868	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x73510	0x1558	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x61f1	0x6200	False	0.6656967474489796	data	6.477074763411717	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x13a4	0x1400	False	0.4529296875	data	5.163001655755973	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x20338	0x600	False	0.501953125	data	3.9745558434885093	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x2b000	0x43000	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6e000	0x28868	0x28a00	False	0.4693269230769231	data	6.072692072533226	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_BITMAP	0x6e3b8	0x368	Device independent bitmap graphic, 96 x 16 x 4, image size 768	English	United States
RT_ICON	0x6e720	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	English	United States
RT_ICON	0x7ef48	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864	English	United States
RT_ICON	0x883f0	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736	English	United States
RT_ICON	0x8d878	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	English	United States
RT_ICON	0x91aa0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	English	United States
RT_ICON	0x94048	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	English	United States
RT_ICON	0x950f0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	English	United States
RT_ICON	0x95a78	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	English	United States
RT_DIALOG	0x95ee0	0x144	data	English	United States
RT_DIALOG	0x96028	0x13c	data	English	United States
RT_DIALOG	0x96168	0x100	data	English	United States
RT_DIALOG	0x96268	0x11c	data	English	United States
RT_DIALOG	0x96388	0xc4	data	English	United States
RT_DIALOG	0x96450	0x60	data	English	United States
RT_GROUP_ICON	0x964b0	0x76	data	English	United States
RT_MANIFEST	0x96528	0x33e	XML 1.0 document, ASCII text, with very long lines (830), with no line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
USER32.dll	GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
ADVAPI32.dll	RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2022 11:46:42.054048061 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.148497105 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.148823977 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.149955034 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.244431973 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.244541883 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.244872093 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255182981 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255256891 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255314112 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255362988 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255367041 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255418062 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255425930 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255481958 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255536079 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255542994 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255589962 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255616903 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255645990 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.255649090 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255695105 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255743980 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.255793095 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.339199066 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.339277983 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.339426041 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.339488029 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.349769115 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.349843979 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.349900961 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.349956036 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.349958897 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350009918 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350013018 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350013018 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350064039 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350119114 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350157022 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350172997 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350208044 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350208044 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350229979 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350285053 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350305080 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350338936 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350353956 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350393057 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350402117 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350447893 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350451946 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350452900 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350501060 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350548983 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350555897 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350600958 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350610971 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350646973 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350665092 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350704908 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350718975 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.350814104 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.350902081 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.433693886 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.433739901 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.433778048 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.433815002 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.433886051 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.433886051 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.433940887 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.433980942 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.444833040 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.444906950 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.444966078 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445008039 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445024014 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445081949 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445097923 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445097923 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445138931 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445197105 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445197105 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445254087 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445303917 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445311069 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445355892 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445368052 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445405006 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445425034 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445473909 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445473909 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445480108 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445537090 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445584059 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445584059 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445594072 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445652008 CET	80	49844	66.147.238.212	192.168.11.20
Nov 29, 2022 11:46:42.445700884 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445700884 CET	49844	80	192.168.11.20	66.147.238.212
Nov 29, 2022 11:46:42.445708990 CET	80	49844	66.147.238.212	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2022 11:46:41.745608091 CET	50511	53	192.168.11.20	1.1.1.1
Nov 29, 2022 11:46:42.034929037 CET	53	50511	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 29, 2022 11:46:41.745608091 CET	192.168.11.20	1.1.1.1	0x5fa6	Standard query (0)	www.giliro.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 29, 2022 11:46:42.034929037 CET	1.1.1.1	192.168.11.20	0x5fa6	No error (0)	www.giliro.com	giliro.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2022 11:46:42.034929037 CET	1.1.1.1	192.168.11.20	0x5fa6	No error (0)	giliro.com		66.147.238.212	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.giliro.com

Target ID:	1
Start time:	11:45:50
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Imagebase:	0x400000
File size:	477800 bytes
MD5 hash:	7081C4822CF1C7572DD82822B8F27C49
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.39673477269.0000000003320000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: SecuriteInfo.com.Win32.Evo-gen.11060.2891.exePID: 6832, Parent PID: 6064

General

Target ID:	5
Start time:	11:46:24
Start date:	29/11/2022
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
Imagebase:	0x400000
File size:	477800 bytes
MD5 hash:	7081C4822CF1C7572DD82822B8F27C49
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000000.39479578905.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Disassembly

⊘No disassembly

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Obeyeo.Bib

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\Urokkeligheden.Ord114

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe