Windows Analysis Report SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Antivirus / Scanner detection for submitted sample

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Avira: detected

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Joe Sandbox ML: detected

Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.attracttitude.com/fqwu/"]}

C2 URLs / IPs found in malware configuration

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

Networking

Source: Malware configuration extractor

URLs: www.attracttitude.com/fqwu/

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Creates a DirectInput object (often for capturing keystrokes)

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.309952897.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary

Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 2412, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Detected potential crypto function

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 2412, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E436F0	2_2_06E436F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E43700	2_2_06E43700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E439A0	2_2_06E439A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E43990	2_2_06E43990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_082F0026	2_2_082F0026
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_082F0040	2_2_082F0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136C1C0	5_2_0136C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411002	5_2_01411002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B090	5_2_0136B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014220A8	5_2_014220A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01373360	5_2_01373360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141231B	5_2_0141231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014103DA	5_2_014103DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141E2C5	5_2_0141E2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014232A9	5_2_014232A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014222AE	5_2_014222AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014225DD	5_2_014225DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136D5E0	5_2_0136D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372430	5_2_01372430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141D466	5_2_0141D466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136841F	5_2_0136841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014167E2	5_2_014167E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359660	5_2_01359660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141D616	5_2_0141D616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135F900	5_2_0135F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372990	5_2_01372990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142E824	5_2_0142E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014228EC	5_2_014228EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013588E0	5_2_013588E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01422B28	5_2_01422B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013FCB4F	5_2_013FCB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137AB40	5_2_0137AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138EBB0	5_2_0138EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141DBD2	5_2_0141DBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137EB9A	5_2_0137EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013FEB8A	5_2_013FEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013A8BE8	5_2_013A8BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138ABD8	5_2_0138ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01415A4F	5_2_01415A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140FA2B	5_2_0140FA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414AEF	5_2_01414AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01350D20	5_2_01350D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01421D55	5_2_01421D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01422D07	5_2_01422D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372D50	5_2_01372D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01412D82	5_2_01412D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141CC77	5_2_0141CC77
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384CD4	5_2_01384CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142DFCE	5_2_0142DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01421FF1	5_2_01421FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01376E30	5_2_01376E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013DAE60	5_2_013DAE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01422EF7	5_2_01422EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01401EB6	5_2_01401EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012A3	5_2_004012A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00422A4C	5_2_00422A4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012B4	5_2_004012B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004044C0	5_2_004044C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004044C7	5_2_004044C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0040B482	5_2_0040B482
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0040B487	5_2_0040B487
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004046E7	5_2_004046E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0040FEA7	5_2_0040FEA7

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: String function: 013AD08C appears 51 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: String function: 013E5720 appears 85 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: String function: 0135B150 appears 177 times

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399660 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_01399660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013996E0 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_013996E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399860 NtQuerySystemInformation,LdrInitializeThunk,	5_2_01399860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139B040 NtSuspendThread,	5_2_0139B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139A3B0 NtGetContextThread,	5_2_0139A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399520 NtWaitForSingleObject,	5_2_01399520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399560 NtWriteFile,	5_2_01399560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399540 NtReadFile,	5_2_01399540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013995F0 NtQueryInformationFile,	5_2_013995F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013995D0 NtClose,	5_2_013995D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399730 NtQueryVirtualMemory,	5_2_01399730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139A710 NtOpenProcessToken,	5_2_0139A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399710 NtQueryInformationToken,	5_2_01399710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139A770 NtOpenThread,	5_2_0139A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399770 NtSetInformationFile,	5_2_01399770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399760 NtOpenProcess,	5_2_01399760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013997A0 NtUnmapViewOfSection,	5_2_013997A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399780 NtMapViewOfSection,	5_2_01399780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399610 NtEnumerateValueKey,	5_2_01399610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399670 NtQueryInformationProcess,	5_2_01399670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399650 NtQueryValueKey,	5_2_01399650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013996D0 NtCreateKey,	5_2_013996D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399910 NtAdjustPrivilegesToken,	5_2_01399910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399950 NtQueueApcThread,	5_2_01399950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013999A0 NtCreateSection,	5_2_013999A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013999D0 NtCreateProcessEx,	5_2_013999D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399820 NtEnumerateKey,	5_2_01399820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399840 NtDelayExecution,	5_2_01399840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013998A0 NtWriteVirtualMemory,	5_2_013998A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013998F0 NtReadVirtualMemory,	5_2_013998F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399B00 NtSetValueKey,	5_2_01399B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A20 NtResumeThread,	5_2_01399A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A10 NtQuerySection,	5_2_01399A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A00 NtProtectVirtualMemory,	5_2_01399A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A50 NtCreateFile,	5_2_01399A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A80 NtOpenDirectoryObject,	5_2_01399A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139AD30 NtSetContextThread,	5_2_0139AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399FE0 NtCreateMutant,	5_2_01399FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041E007 NtClose,	5_2_0041E007
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041E0B7 NtAllocateVirtualMemory,	5_2_0041E0B7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012A3 NtProtectVirtualMemory,	5_2_004012A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041DED7 NtCreateFile,	5_2_0041DED7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041DF87 NtReadFile,	5_2_0041DF87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012B4 NtProtectVirtualMemory,	5_2_004012B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004014E9 NtProtectVirtualMemory,	5_2_004014E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041DF86 NtReadFile,	5_2_0041DF86

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.322576068.0000000006E50000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000000.288391951.00000000001C2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamerqKR.exe6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.309952897.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.311233732.0000000002721000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.311233732.0000000002721000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.322239890.0000000006C40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308719271.000000000110F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.310645530.00000000012B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Binary or memory string: OriginalFilenamerqKR.exe6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

ReversingLabs: Detection: 15%

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.log

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/1@0/0

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

.NET source code contains potential unpacker

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 2.0.SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.1c0000.0.unpack, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E465EB push ecx; retf	2_2_06E465EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E46F66 push edi; retf	2_2_06E46F67
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013AD0D1 push ecx; ret	5_2_013AD0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004210F9 push eax; ret	5_2_004210FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004210AC push eax; ret	5_2_004210FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00421163 push eax; ret	5_2_00421169
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00421102 push eax; ret	5_2_00421169
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00405267 push ebp; iretd	5_2_00405268
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00421AE7 push edx; ret	5_2_00421BD9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041AFE0 push edi; ret	5_2_0041AFE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041B78A push esp; iretd	5_2_0041B78C

Binary contains a suspicious time stamp

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: 0x814AECD0 [Mon Sep 27 03:32:32 2038 UTC]

Source: initial sample

Static PE information: section name: .text entropy: 7.572220133283429

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 4964, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe TID: 5260	Thread sleep time: -38122s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe TID: 4840	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Code function: 5_2_01386B90 rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Thread delayed: delay time: 922337203685477

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

API coverage: 1.2 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Process information queried: ProcessInformation

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Thread delayed: delay time: 38122			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Code function: 5_2_01386B90 rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138513A mov eax, dword ptr fs:[00000030h]	5_2_0138513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138513A mov eax, dword ptr fs:[00000030h]	5_2_0138513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01353138 mov ecx, dword ptr fs:[00000030h]	5_2_01353138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov ecx, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]	5_2_01359100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]	5_2_01359100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]	5_2_01359100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]	5_2_01360100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]	5_2_01360100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]	5_2_01360100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B171 mov eax, dword ptr fs:[00000030h]	5_2_0135B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B171 mov eax, dword ptr fs:[00000030h]	5_2_0135B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013861A0 mov eax, dword ptr fs:[00000030h]	5_2_013861A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013861A0 mov eax, dword ptr fs:[00000030h]	5_2_013861A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov ecx, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov ecx, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358190 mov ecx, dword ptr fs:[00000030h]	5_2_01358190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384190 mov eax, dword ptr fs:[00000030h]	5_2_01384190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135519E mov eax, dword ptr fs:[00000030h]	5_2_0135519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135519E mov ecx, dword ptr fs:[00000030h]	5_2_0135519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137C182 mov eax, dword ptr fs:[00000030h]	5_2_0137C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A185 mov eax, dword ptr fs:[00000030h]	5_2_0138A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141A189 mov eax, dword ptr fs:[00000030h]	5_2_0141A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141A189 mov ecx, dword ptr fs:[00000030h]	5_2_0141A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0135B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0135B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0135B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013531E0 mov eax, dword ptr fs:[00000030h]	5_2_013531E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E41E8 mov eax, dword ptr fs:[00000030h]	5_2_013E41E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137D1EF mov eax, dword ptr fs:[00000030h]	5_2_0137D1EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136C1C0 mov eax, dword ptr fs:[00000030h]	5_2_0136C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0142F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0142F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384020 mov edi, dword ptr fs:[00000030h]	5_2_01384020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E3019 mov eax, dword ptr fs:[00000030h]	5_2_013E3019
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]	5_2_013D7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]	5_2_013D7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]	5_2_013D7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01412073 mov eax, dword ptr fs:[00000030h]	5_2_01412073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01421074 mov eax, dword ptr fs:[00000030h]	5_2_01421074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01424015 mov eax, dword ptr fs:[00000030h]	5_2_01424015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01424015 mov eax, dword ptr fs:[00000030h]	5_2_01424015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01357057 mov eax, dword ptr fs:[00000030h]	5_2_01357057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]	5_2_01355050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]	5_2_01355050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]	5_2_01355050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B0C7 mov eax, dword ptr fs:[00000030h]	5_2_0141B0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B0C7 mov eax, dword ptr fs:[00000030h]	5_2_0141B0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F0BF mov ecx, dword ptr fs:[00000030h]	5_2_0138F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F0BF mov eax, dword ptr fs:[00000030h]	5_2_0138F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F0BF mov eax, dword ptr fs:[00000030h]	5_2_0138F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013990AF mov eax, dword ptr fs:[00000030h]	5_2_013990AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359080 mov eax, dword ptr fs:[00000030h]	5_2_01359080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B080 mov eax, dword ptr fs:[00000030h]	5_2_0135B080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]	5_2_013540E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]	5_2_013540E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]	5_2_013540E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013570C0 mov eax, dword ptr fs:[00000030h]	5_2_013570C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013570C0 mov eax, dword ptr fs:[00000030h]	5_2_013570C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]	5_2_0136F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]	5_2_0136F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]	5_2_0136F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141131B mov eax, dword ptr fs:[00000030h]	5_2_0141131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]	5_2_013E6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]	5_2_013E6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]	5_2_013E6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135F358 mov eax, dword ptr fs:[00000030h]	5_2_0135F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3 mov ecx, dword ptr fs:[00000030h]	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3 mov ecx, dword ptr fs:[00000030h]	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3 mov eax, dword ptr fs:[00000030h]	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138B390 mov eax, dword ptr fs:[00000030h]	5_2_0138B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382397 mov eax, dword ptr fs:[00000030h]	5_2_01382397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140D380 mov ecx, dword ptr fs:[00000030h]	5_2_0140D380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141138A mov eax, dword ptr fs:[00000030h]	5_2_0141138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D53CA mov eax, dword ptr fs:[00000030h]	5_2_013D53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D53CA mov eax, dword ptr fs:[00000030h]	5_2_013D53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013853C5 mov eax, dword ptr fs:[00000030h]	5_2_013853C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B233 mov eax, dword ptr fs:[00000030h]	5_2_0135B233
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B233 mov eax, dword ptr fs:[00000030h]	5_2_0135B233
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]	5_2_01358239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]	5_2_01358239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]	5_2_01358239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140B260 mov eax, dword ptr fs:[00000030h]	5_2_0140B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140B260 mov eax, dword ptr fs:[00000030h]	5_2_0140B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov ecx, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139927A mov eax, dword ptr fs:[00000030h]	5_2_0139927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411229 mov eax, dword ptr fs:[00000030h]	5_2_01411229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E4257 mov eax, dword ptr fs:[00000030h]	5_2_013E4257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013812BD mov esi, dword ptr fs:[00000030h]	5_2_013812BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013812BD mov eax, dword ptr fs:[00000030h]	5_2_013812BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013812BD mov eax, dword ptr fs:[00000030h]	5_2_013812BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D294 mov eax, dword ptr fs:[00000030h]	5_2_0138D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D294 mov eax, dword ptr fs:[00000030h]	5_2_0138D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141129A mov eax, dword ptr fs:[00000030h]	5_2_0141129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013512D4 mov eax, dword ptr fs:[00000030h]	5_2_013512D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013DA537 mov eax, dword ptr fs:[00000030h]	5_2_013DA537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]	5_2_0138F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]	5_2_0138F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]	5_2_0138F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359515 mov ecx, dword ptr fs:[00000030h]	5_2_01359515
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137C577 mov eax, dword ptr fs:[00000030h]	5_2_0137C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137C577 mov eax, dword ptr fs:[00000030h]	5_2_0137C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]	5_2_01413518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]	5_2_01413518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]	5_2_01413518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B540 mov eax, dword ptr fs:[00000030h]	5_2_0135B540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B540 mov eax, dword ptr fs:[00000030h]	5_2_0135B540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141E539 mov eax, dword ptr fs:[00000030h]	5_2_0141E539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135354C mov eax, dword ptr fs:[00000030h]	5_2_0135354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135354C mov eax, dword ptr fs:[00000030h]	5_2_0135354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D3540 mov eax, dword ptr fs:[00000030h]	5_2_013D3540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013835A1 mov eax, dword ptr fs:[00000030h]	5_2_013835A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01353591 mov eax, dword ptr fs:[00000030h]	5_2_01353591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013595F0 mov eax, dword ptr fs:[00000030h]	5_2_013595F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013595F0 mov ecx, dword ptr fs:[00000030h]	5_2_013595F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013895EC mov eax, dword ptr fs:[00000030h]	5_2_013895EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136D5E0 mov eax, dword ptr fs:[00000030h]	5_2_0136D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136D5E0 mov eax, dword ptr fs:[00000030h]	5_2_0136D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014205AC mov eax, dword ptr fs:[00000030h]	5_2_014205AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014205AC mov eax, dword ptr fs:[00000030h]	5_2_014205AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013515C1 mov eax, dword ptr fs:[00000030h]	5_2_013515C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]	5_2_0136B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]	5_2_0136B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]	5_2_0136B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372430 mov eax, dword ptr fs:[00000030h]	5_2_01372430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372430 mov eax, dword ptr fs:[00000030h]	5_2_01372430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01354439 mov eax, dword ptr fs:[00000030h]	5_2_01354439
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01428450 mov eax, dword ptr fs:[00000030h]	5_2_01428450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358410 mov eax, dword ptr fs:[00000030h]	5_2_01358410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]	5_2_0142740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]	5_2_0142740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]	5_2_0142740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358466 mov eax, dword ptr fs:[00000030h]	5_2_01358466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358466 mov eax, dword ptr fs:[00000030h]	5_2_01358466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137746D mov eax, dword ptr fs:[00000030h]	5_2_0137746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359450 mov eax, dword ptr fs:[00000030h]	5_2_01359450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013EC450 mov eax, dword ptr fs:[00000030h]	5_2_013EC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013EC450 mov eax, dword ptr fs:[00000030h]	5_2_013EC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A44B mov eax, dword ptr fs:[00000030h]	5_2_0138A44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013634B1 mov eax, dword ptr fs:[00000030h]	5_2_013634B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013634B1 mov eax, dword ptr fs:[00000030h]	5_2_013634B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D4B0 mov eax, dword ptr fs:[00000030h]	5_2_0138D4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E64B5 mov eax, dword ptr fs:[00000030h]	5_2_013E64B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E64B5 mov eax, dword ptr fs:[00000030h]	5_2_013E64B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]	5_2_013E34A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]	5_2_013E34A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]	5_2_013E34A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013614A9 mov eax, dword ptr fs:[00000030h]	5_2_013614A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013614A9 mov ecx, dword ptr fs:[00000030h]	5_2_013614A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136849B mov eax, dword ptr fs:[00000030h]	5_2_0136849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135649B mov eax, dword ptr fs:[00000030h]	5_2_0135649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135649B mov eax, dword ptr fs:[00000030h]	5_2_0135649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01351480 mov eax, dword ptr fs:[00000030h]	5_2_01351480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014114FB mov eax, dword ptr fs:[00000030h]	5_2_014114FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]	5_2_01356730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]	5_2_01356730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]	5_2_01356730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138E730 mov eax, dword ptr fs:[00000030h]	5_2_0138E730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B73D mov eax, dword ptr fs:[00000030h]	5_2_0137B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B73D mov eax, dword ptr fs:[00000030h]	5_2_0137B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411751 mov eax, dword ptr fs:[00000030h]	5_2_01411751
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137F716 mov eax, dword ptr fs:[00000030h]	5_2_0137F716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384710 mov eax, dword ptr fs:[00000030h]	5_2_01384710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D715 mov eax, dword ptr fs:[00000030h]	5_2_0138D715
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D715 mov eax, dword ptr fs:[00000030h]	5_2_0138D715
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A70E mov eax, dword ptr fs:[00000030h]	5_2_0138A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A70E mov eax, dword ptr fs:[00000030h]	5_2_0138A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C707 mov eax, dword ptr fs:[00000030h]	5_2_0138C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C707 mov ecx, dword ptr fs:[00000030h]	5_2_0138C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C707 mov eax, dword ptr fs:[00000030h]	5_2_0138C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142070D mov eax, dword ptr fs:[00000030h]	5_2_0142070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142070D mov eax, dword ptr fs:[00000030h]	5_2_0142070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov ecx, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137E760 mov eax, dword ptr fs:[00000030h]	5_2_0137E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137E760 mov eax, dword ptr fs:[00000030h]	5_2_0137E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135A745 mov eax, dword ptr fs:[00000030h]	5_2_0135A745
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014287CF mov eax, dword ptr fs:[00000030h]	5_2_014287CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014117D2 mov eax, dword ptr fs:[00000030h]	5_2_014117D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01368794 mov eax, dword ptr fs:[00000030h]	5_2_01368794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]	5_2_013D7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]	5_2_013D7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]	5_2_013D7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013937F5 mov eax, dword ptr fs:[00000030h]	5_2_013937F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D7CA mov eax, dword ptr fs:[00000030h]	5_2_0138D7CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D7CA mov eax, dword ptr fs:[00000030h]	5_2_0138D7CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C63D mov eax, dword ptr fs:[00000030h]	5_2_0138C63D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135A63B mov eax, dword ptr fs:[00000030h]	5_2_0135A63B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135A63B mov eax, dword ptr fs:[00000030h]	5_2_0135A63B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135E620 mov eax, dword ptr fs:[00000030h]	5_2_0135E620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B62E mov eax, dword ptr fs:[00000030h]	5_2_0136B62E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B62E mov eax, dword ptr fs:[00000030h]	5_2_0136B62E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A61C mov eax, dword ptr fs:[00000030h]	5_2_0138A61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A61C mov eax, dword ptr fs:[00000030h]	5_2_0138A61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01351618 mov eax, dword ptr fs:[00000030h]	5_2_01351618
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]	5_2_0135C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]	5_2_0135C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]	5_2_0135C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411608 mov eax, dword ptr fs:[00000030h]	5_2_01411608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136766D mov eax, dword ptr fs:[00000030h]	5_2_0136766D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6652 mov eax, dword ptr fs:[00000030h]	5_2_013E6652
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013586A0 mov eax, dword ptr fs:[00000030h]	5_2_013586A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D46A7 mov eax, dword ptr fs:[00000030h]	5_2_013D46A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013676E2 mov eax, dword ptr fs:[00000030h]	5_2_013676E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013816E0 mov ecx, dword ptr fs:[00000030h]	5_2_013816E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013836CC mov eax, dword ptr fs:[00000030h]	5_2_013836CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014156B6 mov eax, dword ptr fs:[00000030h]	5_2_014156B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014156B6 mov eax, dword ptr fs:[00000030h]	5_2_014156B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov ecx, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411951 mov eax, dword ptr fs:[00000030h]	5_2_01411951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141E962 mov eax, dword ptr fs:[00000030h]	5_2_0141E962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01428966 mov eax, dword ptr fs:[00000030h]	5_2_01428966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C962 mov eax, dword ptr fs:[00000030h]	5_2_0135C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135395E mov eax, dword ptr fs:[00000030h]	5_2_0135395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135395E mov eax, dword ptr fs:[00000030h]	5_2_0135395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B944 mov eax, dword ptr fs:[00000030h]	5_2_0137B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B944 mov eax, dword ptr fs:[00000030h]	5_2_0137B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013899BC mov eax, dword ptr fs:[00000030h]	5_2_013899BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C9BF mov eax, dword ptr fs:[00000030h]	5_2_0138C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C9BF mov eax, dword ptr fs:[00000030h]	5_2_0138C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014119D8 mov eax, dword ptr fs:[00000030h]	5_2_014119D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D69A6 mov eax, dword ptr fs:[00000030h]	5_2_013D69A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014289E7 mov eax, dword ptr fs:[00000030h]	5_2_014289E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B990 mov eax, dword ptr fs:[00000030h]	5_2_0135B990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382990 mov eax, dword ptr fs:[00000030h]	5_2_01382990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411843 mov eax, dword ptr fs:[00000030h]	5_2_01411843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137F86D mov eax, dword ptr fs:[00000030h]	5_2_0137F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014118CA mov eax, dword ptr fs:[00000030h]	5_2_014118CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov ecx, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Process queried: DebugPort

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Code function: 5_2_0139967A LdrInitializeThunk,

5_2_0139967A

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Memory allocated: page read and write | page guard

Injects a PE file into a foreign processes

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe base: 400000 value starts with: 4D5A

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Multi AV Scanner detection for submitted file

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
www.attracttitude.com/fqwu/	true	Avira URL Cloud: safe	low

AV Detection

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

ReversingLabs: Detection: 15%

Antivirus / Scanner detection for submitted sample

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Avira: detected

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Joe Sandbox ML: detected

Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.attracttitude.com/fqwu/"]}

C2 URLs / IPs found in malware configuration

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

Networking

Source: Malware configuration extractor

URLs: www.attracttitude.com/fqwu/

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.318093245.0000000006682000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Creates a DirectInput object (often for capturing keystrokes)

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.309952897.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud

Malicious sample detected (through community Yara rule)

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary

Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 2412, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Detected potential crypto function

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 2412, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E436F0	2_2_06E436F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E43700	2_2_06E43700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E439A0	2_2_06E439A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E43990	2_2_06E43990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_082F0026	2_2_082F0026
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_082F0040	2_2_082F0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136C1C0	5_2_0136C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411002	5_2_01411002
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B090	5_2_0136B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014220A8	5_2_014220A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01373360	5_2_01373360
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141231B	5_2_0141231B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014103DA	5_2_014103DA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141E2C5	5_2_0141E2C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014232A9	5_2_014232A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014222AE	5_2_014222AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014225DD	5_2_014225DD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136D5E0	5_2_0136D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372430	5_2_01372430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141D466	5_2_0141D466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136841F	5_2_0136841F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014167E2	5_2_014167E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359660	5_2_01359660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141D616	5_2_0141D616
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135F900	5_2_0135F900
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372990	5_2_01372990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142E824	5_2_0142E824
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014228EC	5_2_014228EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013588E0	5_2_013588E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01422B28	5_2_01422B28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013FCB4F	5_2_013FCB4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137AB40	5_2_0137AB40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138EBB0	5_2_0138EBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141DBD2	5_2_0141DBD2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137EB9A	5_2_0137EB9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013FEB8A	5_2_013FEB8A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013A8BE8	5_2_013A8BE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138ABD8	5_2_0138ABD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01415A4F	5_2_01415A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140FA2B	5_2_0140FA2B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414AEF	5_2_01414AEF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01350D20	5_2_01350D20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01421D55	5_2_01421D55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01422D07	5_2_01422D07
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372D50	5_2_01372D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01412D82	5_2_01412D82
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141CC77	5_2_0141CC77
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384CD4	5_2_01384CD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142DFCE	5_2_0142DFCE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01421FF1	5_2_01421FF1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01376E30	5_2_01376E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013DAE60	5_2_013DAE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01422EF7	5_2_01422EF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01401EB6	5_2_01401EB6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012A3	5_2_004012A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00422A4C	5_2_00422A4C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012B4	5_2_004012B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004044C0	5_2_004044C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004044C7	5_2_004044C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0040B482	5_2_0040B482
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0040B487	5_2_0040B487
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004046E7	5_2_004046E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0040FEA7	5_2_0040FEA7

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: String function: 013AD08C appears 51 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: String function: 013E5720 appears 85 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: String function: 0135B150 appears 177 times

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399660 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_01399660
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013996E0 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_013996E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399860 NtQuerySystemInformation,LdrInitializeThunk,	5_2_01399860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139B040 NtSuspendThread,	5_2_0139B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139A3B0 NtGetContextThread,	5_2_0139A3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399520 NtWaitForSingleObject,	5_2_01399520
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399560 NtWriteFile,	5_2_01399560
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399540 NtReadFile,	5_2_01399540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013995F0 NtQueryInformationFile,	5_2_013995F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013995D0 NtClose,	5_2_013995D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399730 NtQueryVirtualMemory,	5_2_01399730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139A710 NtOpenProcessToken,	5_2_0139A710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399710 NtQueryInformationToken,	5_2_01399710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139A770 NtOpenThread,	5_2_0139A770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399770 NtSetInformationFile,	5_2_01399770
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399760 NtOpenProcess,	5_2_01399760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013997A0 NtUnmapViewOfSection,	5_2_013997A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399780 NtMapViewOfSection,	5_2_01399780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399610 NtEnumerateValueKey,	5_2_01399610
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399670 NtQueryInformationProcess,	5_2_01399670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399650 NtQueryValueKey,	5_2_01399650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013996D0 NtCreateKey,	5_2_013996D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399910 NtAdjustPrivilegesToken,	5_2_01399910
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399950 NtQueueApcThread,	5_2_01399950
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013999A0 NtCreateSection,	5_2_013999A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013999D0 NtCreateProcessEx,	5_2_013999D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399820 NtEnumerateKey,	5_2_01399820
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399840 NtDelayExecution,	5_2_01399840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013998A0 NtWriteVirtualMemory,	5_2_013998A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013998F0 NtReadVirtualMemory,	5_2_013998F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399B00 NtSetValueKey,	5_2_01399B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A20 NtResumeThread,	5_2_01399A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A10 NtQuerySection,	5_2_01399A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A00 NtProtectVirtualMemory,	5_2_01399A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A50 NtCreateFile,	5_2_01399A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399A80 NtOpenDirectoryObject,	5_2_01399A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139AD30 NtSetContextThread,	5_2_0139AD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01399FE0 NtCreateMutant,	5_2_01399FE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041E007 NtClose,	5_2_0041E007
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041E0B7 NtAllocateVirtualMemory,	5_2_0041E0B7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012A3 NtProtectVirtualMemory,	5_2_004012A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041DED7 NtCreateFile,	5_2_0041DED7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041DF87 NtReadFile,	5_2_0041DF87
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004012B4 NtProtectVirtualMemory,	5_2_004012B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004014E9 NtProtectVirtualMemory,	5_2_004014E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041DF86 NtReadFile,	5_2_0041DF86

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.322576068.0000000006E50000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCollins.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000000.288391951.00000000001C2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamerqKR.exe6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.309952897.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.311233732.0000000002721000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePrecision.dll6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.311233732.0000000002721000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.322239890.0000000006C40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameInspector.dllN vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311962192.000000000144F000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308719271.000000000110F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.310645530.00000000012B7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Binary or memory string: OriginalFilenamerqKR.exe6 vs SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

ReversingLabs: Detection: 15%

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.log

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/1@0/0

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

.NET source code contains potential unpacker

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.309818019.0000000001198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000002.311465510.0000000001330000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000005.00000003.308076518.0000000000FF9000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 2.0.SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe.1c0000.0.unpack, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E465EB push ecx; retf	2_2_06E465EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 2_2_06E46F66 push edi; retf	2_2_06E46F67
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013AD0D1 push ecx; ret	5_2_013AD0E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004210F9 push eax; ret	5_2_004210FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_004210AC push eax; ret	5_2_004210FF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00421163 push eax; ret	5_2_00421169
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00421102 push eax; ret	5_2_00421169
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00405267 push ebp; iretd	5_2_00405268
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_00421AE7 push edx; ret	5_2_00421BD9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041AFE0 push edi; ret	5_2_0041AFE3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0041B78A push esp; iretd	5_2_0041B78C

Binary contains a suspicious time stamp

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Static PE information: 0x814AECD0 [Mon Sep 27 03:32:32 2038 UTC]

Source: initial sample

Static PE information: section name: .text entropy: 7.572220133283429

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe PID: 4964, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe TID: 5260	Thread sleep time: -38122s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe TID: 4840	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Code function: 5_2_01386B90 rdtsc

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Thread delayed: delay time: 922337203685477

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

API coverage: 1.2 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Process information queried: ProcessInformation

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Thread delayed: delay time: 38122			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe, 00000002.00000002.313453933.0000000002C01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Code function: 5_2_01386B90 rdtsc

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138513A mov eax, dword ptr fs:[00000030h]	5_2_0138513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138513A mov eax, dword ptr fs:[00000030h]	5_2_0138513A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01353138 mov ecx, dword ptr fs:[00000030h]	5_2_01353138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov eax, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374120 mov ecx, dword ptr fs:[00000030h]	5_2_01374120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]	5_2_01359100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]	5_2_01359100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359100 mov eax, dword ptr fs:[00000030h]	5_2_01359100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]	5_2_01360100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]	5_2_01360100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01360100 mov eax, dword ptr fs:[00000030h]	5_2_01360100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B171 mov eax, dword ptr fs:[00000030h]	5_2_0135B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B171 mov eax, dword ptr fs:[00000030h]	5_2_0135B171
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D51BE mov eax, dword ptr fs:[00000030h]	5_2_013D51BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013661A7 mov eax, dword ptr fs:[00000030h]	5_2_013661A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013861A0 mov eax, dword ptr fs:[00000030h]	5_2_013861A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013861A0 mov eax, dword ptr fs:[00000030h]	5_2_013861A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov ecx, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov ecx, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014131DC mov eax, dword ptr fs:[00000030h]	5_2_014131DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358190 mov ecx, dword ptr fs:[00000030h]	5_2_01358190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384190 mov eax, dword ptr fs:[00000030h]	5_2_01384190
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135519E mov eax, dword ptr fs:[00000030h]	5_2_0135519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135519E mov ecx, dword ptr fs:[00000030h]	5_2_0135519E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137C182 mov eax, dword ptr fs:[00000030h]	5_2_0137C182
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A185 mov eax, dword ptr fs:[00000030h]	5_2_0138A185
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141A189 mov eax, dword ptr fs:[00000030h]	5_2_0141A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141A189 mov ecx, dword ptr fs:[00000030h]	5_2_0141A189
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0135B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0135B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B1E1 mov eax, dword ptr fs:[00000030h]	5_2_0135B1E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013531E0 mov eax, dword ptr fs:[00000030h]	5_2_013531E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E41E8 mov eax, dword ptr fs:[00000030h]	5_2_013E41E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137D1EF mov eax, dword ptr fs:[00000030h]	5_2_0137D1EF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136C1C0 mov eax, dword ptr fs:[00000030h]	5_2_0136C1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0142F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142F1B5 mov eax, dword ptr fs:[00000030h]	5_2_0142F1B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138002D mov eax, dword ptr fs:[00000030h]	5_2_0138002D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384020 mov edi, dword ptr fs:[00000030h]	5_2_01384020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B02A mov eax, dword ptr fs:[00000030h]	5_2_0136B02A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138701D mov eax, dword ptr fs:[00000030h]	5_2_0138701D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E3019 mov eax, dword ptr fs:[00000030h]	5_2_013E3019
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]	5_2_013D7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]	5_2_013D7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7016 mov eax, dword ptr fs:[00000030h]	5_2_013D7016
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01412073 mov eax, dword ptr fs:[00000030h]	5_2_01412073
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01421074 mov eax, dword ptr fs:[00000030h]	5_2_01421074
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01424015 mov eax, dword ptr fs:[00000030h]	5_2_01424015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01424015 mov eax, dword ptr fs:[00000030h]	5_2_01424015
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01357057 mov eax, dword ptr fs:[00000030h]	5_2_01357057
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]	5_2_01355050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]	5_2_01355050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355050 mov eax, dword ptr fs:[00000030h]	5_2_01355050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B0C7 mov eax, dword ptr fs:[00000030h]	5_2_0141B0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B0C7 mov eax, dword ptr fs:[00000030h]	5_2_0141B0C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F0BF mov ecx, dword ptr fs:[00000030h]	5_2_0138F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F0BF mov eax, dword ptr fs:[00000030h]	5_2_0138F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F0BF mov eax, dword ptr fs:[00000030h]	5_2_0138F0BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013990AF mov eax, dword ptr fs:[00000030h]	5_2_013990AF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013820A0 mov eax, dword ptr fs:[00000030h]	5_2_013820A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014160F5 mov eax, dword ptr fs:[00000030h]	5_2_014160F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359080 mov eax, dword ptr fs:[00000030h]	5_2_01359080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B080 mov eax, dword ptr fs:[00000030h]	5_2_0135B080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]	5_2_013540E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]	5_2_013540E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013540E1 mov eax, dword ptr fs:[00000030h]	5_2_013540E1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013570C0 mov eax, dword ptr fs:[00000030h]	5_2_013570C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013570C0 mov eax, dword ptr fs:[00000030h]	5_2_013570C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A309 mov eax, dword ptr fs:[00000030h]	5_2_0137A309
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]	5_2_0136F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]	5_2_0136F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136F370 mov eax, dword ptr fs:[00000030h]	5_2_0136F370
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141131B mov eax, dword ptr fs:[00000030h]	5_2_0141131B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]	5_2_013E6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]	5_2_013E6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6365 mov eax, dword ptr fs:[00000030h]	5_2_013E6365
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135F358 mov eax, dword ptr fs:[00000030h]	5_2_0135F358
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3 mov ecx, dword ptr fs:[00000030h]	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3 mov ecx, dword ptr fs:[00000030h]	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014023E3 mov eax, dword ptr fs:[00000030h]	5_2_014023E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138B390 mov eax, dword ptr fs:[00000030h]	5_2_0138B390
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382397 mov eax, dword ptr fs:[00000030h]	5_2_01382397
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138138B mov eax, dword ptr fs:[00000030h]	5_2_0138138B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140D380 mov ecx, dword ptr fs:[00000030h]	5_2_0140D380
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141138A mov eax, dword ptr fs:[00000030h]	5_2_0141138A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013803E2 mov eax, dword ptr fs:[00000030h]	5_2_013803E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D53CA mov eax, dword ptr fs:[00000030h]	5_2_013D53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D53CA mov eax, dword ptr fs:[00000030h]	5_2_013D53CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013853C5 mov eax, dword ptr fs:[00000030h]	5_2_013853C5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B236 mov eax, dword ptr fs:[00000030h]	5_2_0137B236
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B233 mov eax, dword ptr fs:[00000030h]	5_2_0135B233
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B233 mov eax, dword ptr fs:[00000030h]	5_2_0135B233
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]	5_2_01358239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]	5_2_01358239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358239 mov eax, dword ptr fs:[00000030h]	5_2_01358239
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A229 mov eax, dword ptr fs:[00000030h]	5_2_0137A229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140B260 mov eax, dword ptr fs:[00000030h]	5_2_0140B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0140B260 mov eax, dword ptr fs:[00000030h]	5_2_0140B260
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov ecx, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01355210 mov eax, dword ptr fs:[00000030h]	5_2_01355210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0139927A mov eax, dword ptr fs:[00000030h]	5_2_0139927A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411229 mov eax, dword ptr fs:[00000030h]	5_2_01411229
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E4257 mov eax, dword ptr fs:[00000030h]	5_2_013E4257
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359240 mov eax, dword ptr fs:[00000030h]	5_2_01359240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013812BD mov esi, dword ptr fs:[00000030h]	5_2_013812BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013812BD mov eax, dword ptr fs:[00000030h]	5_2_013812BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013812BD mov eax, dword ptr fs:[00000030h]	5_2_013812BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013552A5 mov eax, dword ptr fs:[00000030h]	5_2_013552A5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013662A0 mov eax, dword ptr fs:[00000030h]	5_2_013662A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B2E8 mov eax, dword ptr fs:[00000030h]	5_2_0141B2E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D294 mov eax, dword ptr fs:[00000030h]	5_2_0138D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D294 mov eax, dword ptr fs:[00000030h]	5_2_0138D294
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141129A mov eax, dword ptr fs:[00000030h]	5_2_0141129A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013512D4 mov eax, dword ptr fs:[00000030h]	5_2_013512D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013DA537 mov eax, dword ptr fs:[00000030h]	5_2_013DA537
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]	5_2_0138F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]	5_2_0138F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138F527 mov eax, dword ptr fs:[00000030h]	5_2_0138F527
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359515 mov ecx, dword ptr fs:[00000030h]	5_2_01359515
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135751A mov eax, dword ptr fs:[00000030h]	5_2_0135751A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137C577 mov eax, dword ptr fs:[00000030h]	5_2_0137C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137C577 mov eax, dword ptr fs:[00000030h]	5_2_0137C577
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]	5_2_01413518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]	5_2_01413518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01413518 mov eax, dword ptr fs:[00000030h]	5_2_01413518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B540 mov eax, dword ptr fs:[00000030h]	5_2_0135B540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B540 mov eax, dword ptr fs:[00000030h]	5_2_0135B540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141E539 mov eax, dword ptr fs:[00000030h]	5_2_0141E539
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135354C mov eax, dword ptr fs:[00000030h]	5_2_0135354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135354C mov eax, dword ptr fs:[00000030h]	5_2_0135354C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D3540 mov eax, dword ptr fs:[00000030h]	5_2_013D3540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013865A0 mov eax, dword ptr fs:[00000030h]	5_2_013865A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013835A1 mov eax, dword ptr fs:[00000030h]	5_2_013835A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01353591 mov eax, dword ptr fs:[00000030h]	5_2_01353591
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382581 mov eax, dword ptr fs:[00000030h]	5_2_01382581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141B581 mov eax, dword ptr fs:[00000030h]	5_2_0141B581
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013595F0 mov eax, dword ptr fs:[00000030h]	5_2_013595F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013595F0 mov ecx, dword ptr fs:[00000030h]	5_2_013595F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013895EC mov eax, dword ptr fs:[00000030h]	5_2_013895EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136D5E0 mov eax, dword ptr fs:[00000030h]	5_2_0136D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136D5E0 mov eax, dword ptr fs:[00000030h]	5_2_0136D5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014205AC mov eax, dword ptr fs:[00000030h]	5_2_014205AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014205AC mov eax, dword ptr fs:[00000030h]	5_2_014205AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013515C1 mov eax, dword ptr fs:[00000030h]	5_2_013515C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]	5_2_0136B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]	5_2_0136B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B433 mov eax, dword ptr fs:[00000030h]	5_2_0136B433
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372430 mov eax, dword ptr fs:[00000030h]	5_2_01372430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01372430 mov eax, dword ptr fs:[00000030h]	5_2_01372430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01354439 mov eax, dword ptr fs:[00000030h]	5_2_01354439
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01428450 mov eax, dword ptr fs:[00000030h]	5_2_01428450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358410 mov eax, dword ptr fs:[00000030h]	5_2_01358410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B477 mov eax, dword ptr fs:[00000030h]	5_2_0137B477
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]	5_2_0142740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]	5_2_0142740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142740D mov eax, dword ptr fs:[00000030h]	5_2_0142740D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358466 mov eax, dword ptr fs:[00000030h]	5_2_01358466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358466 mov eax, dword ptr fs:[00000030h]	5_2_01358466
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137746D mov eax, dword ptr fs:[00000030h]	5_2_0137746D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01359450 mov eax, dword ptr fs:[00000030h]	5_2_01359450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013EC450 mov eax, dword ptr fs:[00000030h]	5_2_013EC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013EC450 mov eax, dword ptr fs:[00000030h]	5_2_013EC450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A44B mov eax, dword ptr fs:[00000030h]	5_2_0138A44B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013634B1 mov eax, dword ptr fs:[00000030h]	5_2_013634B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013634B1 mov eax, dword ptr fs:[00000030h]	5_2_013634B1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D4B0 mov eax, dword ptr fs:[00000030h]	5_2_0138D4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E64B5 mov eax, dword ptr fs:[00000030h]	5_2_013E64B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E64B5 mov eax, dword ptr fs:[00000030h]	5_2_013E64B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]	5_2_013E34A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]	5_2_013E34A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E34A0 mov eax, dword ptr fs:[00000030h]	5_2_013E34A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013614A9 mov eax, dword ptr fs:[00000030h]	5_2_013614A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013614A9 mov ecx, dword ptr fs:[00000030h]	5_2_013614A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136849B mov eax, dword ptr fs:[00000030h]	5_2_0136849B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135649B mov eax, dword ptr fs:[00000030h]	5_2_0135649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135649B mov eax, dword ptr fs:[00000030h]	5_2_0135649B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01351480 mov eax, dword ptr fs:[00000030h]	5_2_01351480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014114FB mov eax, dword ptr fs:[00000030h]	5_2_014114FB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01414496 mov eax, dword ptr fs:[00000030h]	5_2_01414496
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013884E0 mov eax, dword ptr fs:[00000030h]	5_2_013884E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]	5_2_01356730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]	5_2_01356730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356730 mov eax, dword ptr fs:[00000030h]	5_2_01356730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138E730 mov eax, dword ptr fs:[00000030h]	5_2_0138E730
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B73D mov eax, dword ptr fs:[00000030h]	5_2_0137B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B73D mov eax, dword ptr fs:[00000030h]	5_2_0137B73D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411751 mov eax, dword ptr fs:[00000030h]	5_2_01411751
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137F716 mov eax, dword ptr fs:[00000030h]	5_2_0137F716
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01384710 mov eax, dword ptr fs:[00000030h]	5_2_01384710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D715 mov eax, dword ptr fs:[00000030h]	5_2_0138D715
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D715 mov eax, dword ptr fs:[00000030h]	5_2_0138D715
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A70E mov eax, dword ptr fs:[00000030h]	5_2_0138A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A70E mov eax, dword ptr fs:[00000030h]	5_2_0138A70E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C707 mov eax, dword ptr fs:[00000030h]	5_2_0138C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C707 mov ecx, dword ptr fs:[00000030h]	5_2_0138C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C707 mov eax, dword ptr fs:[00000030h]	5_2_0138C707
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142070D mov eax, dword ptr fs:[00000030h]	5_2_0142070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0142070D mov eax, dword ptr fs:[00000030h]	5_2_0142070D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov ecx, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01358760 mov eax, dword ptr fs:[00000030h]	5_2_01358760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137E760 mov eax, dword ptr fs:[00000030h]	5_2_0137E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137E760 mov eax, dword ptr fs:[00000030h]	5_2_0137E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135A745 mov eax, dword ptr fs:[00000030h]	5_2_0135A745
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014287CF mov eax, dword ptr fs:[00000030h]	5_2_014287CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014117D2 mov eax, dword ptr fs:[00000030h]	5_2_014117D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01368794 mov eax, dword ptr fs:[00000030h]	5_2_01368794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]	5_2_013D7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]	5_2_013D7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D7794 mov eax, dword ptr fs:[00000030h]	5_2_013D7794
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013937F5 mov eax, dword ptr fs:[00000030h]	5_2_013937F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013837EB mov eax, dword ptr fs:[00000030h]	5_2_013837EB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013797ED mov eax, dword ptr fs:[00000030h]	5_2_013797ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D7CA mov eax, dword ptr fs:[00000030h]	5_2_0138D7CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138D7CA mov eax, dword ptr fs:[00000030h]	5_2_0138D7CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C63D mov eax, dword ptr fs:[00000030h]	5_2_0138C63D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135A63B mov eax, dword ptr fs:[00000030h]	5_2_0135A63B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135A63B mov eax, dword ptr fs:[00000030h]	5_2_0135A63B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135E620 mov eax, dword ptr fs:[00000030h]	5_2_0135E620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B62E mov eax, dword ptr fs:[00000030h]	5_2_0136B62E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136B62E mov eax, dword ptr fs:[00000030h]	5_2_0136B62E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01387620 mov eax, dword ptr fs:[00000030h]	5_2_01387620
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D5623 mov eax, dword ptr fs:[00000030h]	5_2_013D5623
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A61C mov eax, dword ptr fs:[00000030h]	5_2_0138A61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138A61C mov eax, dword ptr fs:[00000030h]	5_2_0138A61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01351618 mov eax, dword ptr fs:[00000030h]	5_2_01351618
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]	5_2_0135C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]	5_2_0135C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C600 mov eax, dword ptr fs:[00000030h]	5_2_0135C600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov ecx, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01375600 mov eax, dword ptr fs:[00000030h]	5_2_01375600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01374670 mov eax, dword ptr fs:[00000030h]	5_2_01374670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411608 mov eax, dword ptr fs:[00000030h]	5_2_01411608
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0136766D mov eax, dword ptr fs:[00000030h]	5_2_0136766D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013E6652 mov eax, dword ptr fs:[00000030h]	5_2_013E6652
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013586A0 mov eax, dword ptr fs:[00000030h]	5_2_013586A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D46A7 mov eax, dword ptr fs:[00000030h]	5_2_013D46A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013676E2 mov eax, dword ptr fs:[00000030h]	5_2_013676E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013816E0 mov ecx, dword ptr fs:[00000030h]	5_2_013816E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013836CC mov eax, dword ptr fs:[00000030h]	5_2_013836CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014156B6 mov eax, dword ptr fs:[00000030h]	5_2_014156B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014156B6 mov eax, dword ptr fs:[00000030h]	5_2_014156B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov ecx, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013806C0 mov eax, dword ptr fs:[00000030h]	5_2_013806C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411951 mov eax, dword ptr fs:[00000030h]	5_2_01411951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0141E962 mov eax, dword ptr fs:[00000030h]	5_2_0141E962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01428966 mov eax, dword ptr fs:[00000030h]	5_2_01428966
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135C962 mov eax, dword ptr fs:[00000030h]	5_2_0135C962
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135395E mov eax, dword ptr fs:[00000030h]	5_2_0135395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135395E mov eax, dword ptr fs:[00000030h]	5_2_0135395E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B944 mov eax, dword ptr fs:[00000030h]	5_2_0137B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137B944 mov eax, dword ptr fs:[00000030h]	5_2_0137B944
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013899BC mov eax, dword ptr fs:[00000030h]	5_2_013899BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C9BF mov eax, dword ptr fs:[00000030h]	5_2_0138C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0138C9BF mov eax, dword ptr fs:[00000030h]	5_2_0138C9BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov ecx, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013799BF mov eax, dword ptr fs:[00000030h]	5_2_013799BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014119D8 mov eax, dword ptr fs:[00000030h]	5_2_014119D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013D69A6 mov eax, dword ptr fs:[00000030h]	5_2_013D69A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014289E7 mov eax, dword ptr fs:[00000030h]	5_2_014289E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0135B990 mov eax, dword ptr fs:[00000030h]	5_2_0135B990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01382990 mov eax, dword ptr fs:[00000030h]	5_2_01382990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014149A4 mov eax, dword ptr fs:[00000030h]	5_2_014149A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013699C7 mov eax, dword ptr fs:[00000030h]	5_2_013699C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01411843 mov eax, dword ptr fs:[00000030h]	5_2_01411843
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137A830 mov eax, dword ptr fs:[00000030h]	5_2_0137A830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_01356800 mov eax, dword ptr fs:[00000030h]	5_2_01356800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_0137F86D mov eax, dword ptr fs:[00000030h]	5_2_0137F86D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_014118CA mov eax, dword ptr fs:[00000030h]	5_2_014118CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov ecx, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013628AE mov eax, dword ptr fs:[00000030h]	5_2_013628AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Code function: 5_2_013878A0 mov eax, dword ptr fs:[00000030h]	5_2_013878A0

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Process queried: DebugPort

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Code function: 5_2_0139967A LdrInitializeThunk,

5_2_0139967A

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Memory allocated: page read and write | page guard

Injects a PE file into a foreign processes

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe base: 400000 value starts with: 4D5A

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.21214.29334.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Source: Yara match

File source: 00000005.00000002.311228472.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality