Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

Overview

General Information

Sample Name: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Analysis ID: 1345579
MD5: 4a57aaabbc130e2ff9f78a1231680e14
SHA1: a372c732016750f03ecf5465a4b71ee170a0ae52
SHA256: 5ef8f6039eee8fa8cb4a3ae505f4f17d4a98570ec25c3279a89ee829aa6f0431
Tags: exe
Infos:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Classification

Name Description Attribution Blogpost URLs Link
Agent Tesla, AgentTesla A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
 https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

AV Detection
barindex
Found malware configuration
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.6448.3.memstrmin Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Host": "us2.smtp.mailhostbox.com", "Username": "lawsaman@steveboi.com", "Password": "!Gphfth8 "}
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe ReversingLabs: Detection: 23%
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Virustotal: Detection: 27% Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Yandex Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Yandex\YandexBrowser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Iridium Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Iridium\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Chromium
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Chromium\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 7Star
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 7Star\7Star\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Torch Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Torch\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Cool Novo
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: MapleStudio\ChromePlus\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Kometa
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Kometa\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Amigo
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Amigo\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Brave
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: BraveSoftware\Brave-Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: CentBrowser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: CentBrowser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Chedot
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Chedot\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Orbitum
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Orbitum\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Sputnik
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Sputnik\Sputnik\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Comodo Dragon
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Comodo\Dragon\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Vivaldi
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Vivaldi\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Citrio
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: CatalinaGroup\Citrio\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 360 Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 360Chrome\Chrome\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Uran
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: uCozMedia\Uran\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Liebao Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: liebao\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Elements Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Elements Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Epic Privacy
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Epic Privacy Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Coccoc
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: CocCoc\Browser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Sleipnir 6
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: QIP Surf
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: QIP Surf\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Coowon
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Coowon\Coowon\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Chrome
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Google\Chrome\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Edge Chromium
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Microsoft\Edge\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Firefox
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Mozilla\Firefox\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SeaMonkey
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Mozilla\SeaMonkey\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Thunderbird
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Thunderbird\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: BlackHawk
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \NETGATE Technologies\BlackHawk\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: CyberFox
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \8pecxstudios\Cyberfox\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: K-Meleon
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \K-Meleon\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IceCat
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Mozilla\icecat\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: PaleMoon
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Moonchild Productions\Pale Moon\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IceDragon
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Comodo\IceDragon\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: WaterFox
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Waterfox\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Postbox
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Postbox\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Flock
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Flock\Browser\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: APPDATA
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 00061561
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Berkelet DB
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 00000002
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 1.85 (Hash, version 2, native byte-order)
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Unknow database format
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SQLite format 3
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: table
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: UNIQUE
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SEQUENCE {
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {0:X2}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {0:X2}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {0:X2}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: policy
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: blob
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: chrome
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {{{0}}}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: chrome
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {{{0}}}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: sha512
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: sha512
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ObjectLength
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ChainingModeGCM
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: AuthTagLength
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ChainingMode
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: KeyDataBlob
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Microsoft Primitive Provider
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: :Zone.Identifier
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SystemDrive
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {0:X2}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SELECT * FROM Win32_Processor
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Name
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: .tmp
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: None
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: win32_processor
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: processorID
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 0903b35d-ffcd-4c9d-a3b7-51fd7e4b2c22
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Win32_NetworkAdapterConfiguration
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IPEnabled
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: MacAddress
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 8f1b120f-6033-4b90-8e60-8a414f8d073f
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Win32_BaseBoard
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SerialNumber
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 299748ea-2a39-43bb-bba9-e1c716c8b7f5
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yyyy_MM_dd_HH_mm_ss
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: .html
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: text/html
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yyyy_MM_dd_HH_mm_ss
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: .html
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {0}:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: StorageSize: {0} (0x{0:X})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Version: 0x{0:X}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: FormatID: {0}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the SerializedPropertyStorage is less than 28 ({0})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the SerializedPropertyStore is less than {0} ({1})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Version is not equal to {0} ({1})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Type: {0}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Value: {0}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ValueSize: {0} (0x{0:X})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: NameSize: {0} (0x{0:X})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Name: {0}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the StringName is less than 9 ({0})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the StringName is not equal to {0} ({1})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the NameSize is not equal to {0} ({1})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ValueSize: {0} (0x{0:X})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ID: 0x{0:X}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the StringName is less than 9 ({0})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the StringName is not equal to {0} ({1})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the SerializedPropertyStore is less than 8 ({0})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Size of the SerializedPropertyStore is less than {0} ({1})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: StoreSize: {0} (0x{0X})
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Device\LanmanRedirector\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Device\LanmanRedirector\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Failed to retrieve system handle information.
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ()]G.
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: YsSY
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: XRxX
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: XXxX
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ccccCicb
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ?=__
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: UyYY
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: XRxX
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SYX}qYYYIyYYYYyY
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: XPxX
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: X\xX
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: X^xX
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: BB[bB
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: *SY[rqXY
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: BBMbB
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: '''''?'''"
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: T:T5
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: image/jpg
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yyyy_MM_dd_HH_mm_ss
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: .jpeg
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: /log.tmp
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>[
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yyyy-MM-dd HH:mm:ss
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ]<br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Time:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: MM/dd/yyyy HH:mm:ss
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>User Name:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>Computer Name:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>OSFullName:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>CPU:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>RAM:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IP Address:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <hr>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: New
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: MM/dd/yyyy HH:mm:ss
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IP Address:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: true
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: us2.smtp.mailhostbox.com
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: lawsaman@steveboi.com
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: !Gphfth8
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: lawsaman@steveboi.com
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: false
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: appdata
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yCfxxa
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yCfxxa.exe
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: yCfxxa
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Type
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <hr>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <b>[
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ]</b> (
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: )<br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {BACK}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {ALT+TAB}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {ALT+F4}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {TAB}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {ESC}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {Win}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {CAPSLOCK}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {KEYUP}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {KEYDOWN}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {KEYLEFT}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {KEYRIGHT}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {DEL}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {END}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {HOME}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {Insert}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {NumLock}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {PageDown}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {PageUp}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {ENTER}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F1}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F2}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F3}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F4}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F5}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F6}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F7}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F8}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F9}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F10}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F11}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {F12}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: control
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: {CTRL}
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: &amp;
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: &lt;
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: &gt;
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: &quot;
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <br><hr>Copied Text: <br>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <hr>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: logins
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IE/Edge
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Secure Note
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 3CCD5499-87A8-4B10-A215-608888DD3B55
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Web Password Credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 154E23D0-C644-4E6F-8CE6-5069272F999F
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Credential Picker Protector
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Web Credentials
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Credentials
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Domain Certificate Credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 3E0E35BE-1B77-43E7-B873-AED901B6275B
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Domain Password Credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Windows Extended Credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: 00000000-0000-0000-0000-000000000000
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SchemaId
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pResourceElement
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pIdentityElement
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pPackageSid
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pAuthenticatorElement
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IE/Edge
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: UC Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: UCBrowser\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Login Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: journal
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: wow_logins
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Safari for Windows
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Common Files\Apple\Apple Application Support\plutil.exe
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Apple Computer\Preferences\keychain.plist
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <array>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <dict>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <string>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: </string>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <string>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: </string>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: <data>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: </data>
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: -convert xml1 -s -o "
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \fixed_keychain.xml"
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Microsoft\Credentials\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Microsoft\Credentials\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Microsoft\Credentials\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Microsoft\Credentials\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Microsoft\Protect\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: credential
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: QQ Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Tencent\QQBrowser\User Data
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Default\EncryptedStorage
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Profile
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \EncryptedStorage
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: entries
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: category
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Password
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: str3
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: str2
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: blob0
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: password_value
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IncrediMail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: PopPassword
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SmtpPassword
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Software\IncrediMail\Identities\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Accounts_New
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: PopPassword
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SmtpPassword
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SmtpServer
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: EmailAddress
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Eudora
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Software\Qualcomm\Eudora\CommandLine\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: current
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Settings
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SavePasswordText
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Settings
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ReturnAddress
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Falkon Browser
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \falkon\profiles\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: profiles.ini
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: startProfile=([A-z0-9\/\.\"]+)
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: profiles.ini
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \browsedata.db
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: autofill
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: ClawsMail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Claws-mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \clawsrc
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \clawsrc
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: passkey0
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: master_passphrase_salt=(.+)
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: master_passphrase_pbkdf2_rounds=(.+)
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \accountrc
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: smtp_server
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: address
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: account
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Email
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Server
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SchemaId
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pResourceElement
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pIdentityElement
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pPackageSid
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: pAuthenticatorElement
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: syncpassword
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: mailoutgoing
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: FoxMail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Executable
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: FoxmailPath
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Storage\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Storage\
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \VirtualStore\Program Files\Foxmail\mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \VirtualStore\Program Files\Foxmail\mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \VirtualStore\Program Files (x86)\Foxmail\mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \VirtualStore\Program Files (x86)\Foxmail\mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Accounts\Account.rec0
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Accounts\Account.rec0
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Account.stg
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Account.stg
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: POP3Host
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SMTPHost
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: IncomingServer
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Account
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: MailAddress
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Password
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: POP3Password
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Opera Mail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Opera Mail\Opera Mail\wand.dat
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Opera Mail\Opera Mail\wand.dat
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: opera:
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: abcdefghijklmnopqrstuvwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: PocoMail
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: appdata
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: \Pocomail\accounts.ini
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Email
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: POPPass
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SMTPPass
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: SMTP
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: eM Client
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: eM Client\accounts.dat
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: eM Client
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: Accounts
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: "Username":"
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack String decryptor: "Secret":"
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: qEk.pdbSHA256K source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: Binary string: qEk.pdb source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 208.91.198.143 208.91.198.143
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.6:49701 -> 208.91.198.143:587
Uses SMTP (mail sending)
Source: global traffic TCP traffic: 192.168.2.6:49701 -> 208.91.198.143:587
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com0A
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://us2.smtp.mailhostbox.com
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3324006845.0000000002FC7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3327151487.00000000066F2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sectigo.com/CPS0
Source: unknown DNS traffic detected: queries for: us2.smtp.mailhostbox.com

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Contains functionality to log keystrokes (.Net Source)
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, rty.cs .Net Code: PI75tnp3f
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.raw.unpack, rty.cs .Net Code: PI75tnp3f

System Summary
barindex
.NET source code contains very large array initializations
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.2e73e84.0.raw.unpack, RFebBaClhEWIFvwxqU.cs Large array initialization: : array initializer size 9041
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.5690000.10.raw.unpack, RFebBaClhEWIFvwxqU.cs Large array initialization: : array initializer size 9041
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 0_2_0134F698 0_2_0134F698
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 0_2_0134CE1C 0_2_0134CE1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 0_2_0134F688 0_2_0134F688
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_01754228 3_2_01754228
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_0175AB38 3_2_0175AB38
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_01754E40 3_2_01754E40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_01754570 3_2_01754570
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_061C0040 3_2_061C0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_061CD598 3_2_061CD598
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_061CBAA8 3_2_061CBAA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_0620CCF0 3_2_0620CCF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_0620BD08 3_2_0620BD08
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_06206A00 3_2_06206A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_06202378 3_2_06202378
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_06208340 3_2_06208340
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_06205948 3_2_06205948
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_0620F330 3_2_0620F330
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_06200040 3_2_06200040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_062060D8 3_2_062060D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_06200016 3_2_06200016
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000002.2074467383.0000000007650000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000002.2071631481.0000000003FFE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename68d39da3-494e-457a-86fc-063f75f57104.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000002.2071631481.0000000003FFE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000002.2074698879.0000000007760000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameqEk.exe> vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000002.2068910816.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000000.2059076341.0000000000B2A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameqEk.exe> vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000000.00000002.2071062606.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename68d39da3-494e-457a-86fc-063f75f57104.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322355919.0000000000D39000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322250910.000000000043E000.00000040.00000400.00020000.00000000.sdmp Binary or memory string: OriginalFilename68d39da3-494e-457a-86fc-063f75f57104.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000E68000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Binary or memory string: OriginalFilenameqEk.exe> vs SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe ReversingLabs: Detection: 23%
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Virustotal: Detection: 27%
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.log Jump to behavior
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, qTfQUvDQoguZrmp9yH.cs Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, qTfQUvDQoguZrmp9yH.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, qTfQUvDQoguZrmp9yH.cs Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, RQmbubB7xiBqv88hTo.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll Jump to behavior
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, XYinPl.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, XYinPl.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, XYinPl.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, XYinPl.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, SGDyC.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, SGDyC.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, OXoLR2U.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, OXoLR2U.cs Cryptographic APIs: 'TransformFinalBlock'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: qEk.pdbSHA256K source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe
Source: Binary string: qEk.pdb source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, qTfQUvDQoguZrmp9yH.cs .Net Code: hg4fPor1O4 System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.2e73e84.0.raw.unpack, RFebBaClhEWIFvwxqU.cs .Net Code: System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.5690000.10.raw.unpack, RFebBaClhEWIFvwxqU.cs .Net Code: System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 0_2_01345947 pushfd ; retf 0_2_01345951
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Code function: 3_2_061C76B1 push esp; retf 3_2_061C76BD
Source: initial sample Static PE information: section name: .text entropy: 7.9804605454045685
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, Ewlu4OlmJJrDIZkXBQ.cs High entropy of concatenated method names: 'DgZUHpaNGR', 'cmMUX0RcRl', 'BA7oQrt6rv', 'p9co147ejK', 'pNioFl2ko0', 'bmsogi15hA', 'eecoWCJIAt', 'DCyoLT3GmT', 'HmLoKBb0ML', 'TrYoCNaN0R'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, FWPu0kbfoEgNVl3Iob.cs High entropy of concatenated method names: 'aR3PLFZxm', 'mHxa6iaJa', 'gmwV7TShU', 'HeaXif24T', 'hhL2GUXrk', 'xWql3x39M', 'RsN3RB81JTjSkesKs0', 'aw0WlucuO9jK4WWvXO', 'PhYnIx7GO', 'VnKc50759'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, FbKmdhxG3dpFOIJr68.cs High entropy of concatenated method names: 'nKcqv9ZPaE', 'W85qJd6awW', 'TyKqfxbA38', 'a2sqOYUSVX', 'f17qso28Js', 'EyGqU1d3ho', 'zG7qIlJDF8', 'lAwn3uBncY', 'b7xnNJAEap', 'ROdnYYJ8mi'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, ygpumEfJhwtKISr76d.cs High entropy of concatenated method names: 'Ou4vEQmbub', 'uxivDBqv88', 'L2Qv6c7oKQ', 'AJcveS2wlu', 'nkXvmBQcLT', 'QqBvAUr62J', 'bETHWi6qgPTC0JLS0O', 'buOewEDIMgGZ8i64NQ', 'G0Cvvbo7lF', 'fcBvJqWiXS'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, HTetuCYx2cnLU8oSVj.cs High entropy of concatenated method names: 'B0Un8hGOTv', 'sQCn0LMG74', 'd2LnQExPY5', 'hiIn1hAU5T', 'ae4nkfL6ND', 'LwOnF4YKWT', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, CYu3iW22Qc7oKQHJcS.cs High entropy of concatenated method names: 'OcwoaBj2So', 'tcgoVd9Mfq', 't4LoBp921k', 'NjXo2GHCG6', 'JHqomDg8cW', 'ltXoAK4Ws0', 'uiKoMHqLrh', 'YAvonCTOVW', 'qaooqAh432', 'VZZocHkLNR'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, zNLnS4kjxhFJyLNFIJ.cs High entropy of concatenated method names: 'sNdmCR0cGA', 'YBXmw5ZfYd', 'hVgmknVQkT', 'uREm4sQXpL', 'OBLm0egZh6', 'K3tmQnSyAg', 'b7Fm1PoGgi', 'slEmF48U40', 'x2umgc7Lax', 'R5smWHPnMA'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, j6AN2rzrZuHcEVGLaY.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 't16qZcAu33', 't9FqmG8oo9', 'lsxqA73cA7', 'Oy8qMm9D5f', 'ghJqnrZD1O', 'cH4qqbJOw3', 'jqBqcWOmyv'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, DpFK4evJOmJOJFPMKAf.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aqqckp2wcl', 'kHLc40F98x', 'CAhcp5KMfK', 'Mp2c5sBZk6', 'yrRcihC56T', 'HQccdVBmvj', 'gTrc37PfW7'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, sLT9qB8Ur62Jvjdil0.cs High entropy of concatenated method names: 'aOHIRyCZNn', 'bOMIsu0mfJ', 'mR8IUOp63a', 'GyJIECUlGY', 'XPbIDjD0WG', 'OUQUi3s0eo', 'adNUdZTEh3', 'jiNU3jbcYf', 'xIBUNSk4IZ', 'lIMUYHxQpk'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, Awwyg2dAgUkNGlv85i.cs High entropy of concatenated method names: 'Q5KMNOsUyj', 'qbDMx1QUKC', 'VMLnuSIKDR', 'awknv45SsX', 'ftiMSaVpZ3', 'kqHMwPmjIR', 'ydXM9NZl0O', 'sQlMkm8OIF', 'xcVM4UrJRS', 'nDnMpcOOr3'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, JcK93u9dmt6AOiULJk.cs High entropy of concatenated method names: 'SlpZBQtDAc', 'rBjZ24fOQ8', 'FwPZ8A6PvO', 'iJ4Z0kkMav', 'ikxZ1jCg6L', 'udQZFgMQw6', 'td9ZWxkqrj', 'MH1ZLq7ho6', 'mPPZCYgnQh', 'NeaZStDb2o'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, AVtOeHonjWY5gT9u12.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'apnbYV8aRP', 'k26bxY7pi8', 'gchbzVUass', 'OUnJuNHxJT', 'a74JvhRsr3', 'eS9JbsXQfU', 'z8QJJIJyH6', 'FW3HrOIWikSqAL6XkQH'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, Ws654NglxAGvjHgiiV.cs High entropy of concatenated method names: 'PNKIpKs40A', 'El8I57A0og', 'zwvIiIVsMR', 'ToString', 'DT4IdM6Hmc', 'dYrI35BMXx', 'Wk3g0v2GCfdbNaUhG2f', 'mtPbRb2uEFlAL1SVaQU', 'vX3dJ22dc22r0qQxB49', 'EIj5AV2KCZJOv69kGj7'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, DFsGsPpsdQW4TYyxMN.cs High entropy of concatenated method names: 'ToString', 'Qs1ASdFmVh', 'N7vA0H6UUG', 'YQEAQvcAU7', 'sNVA1qUJfc', 'pYWAFnJ3mY', 'qV9AgXflAN', 'QjeAW6a2DQ', 'PwYALR4FHL', 'zVMAKkWYhG'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, WWfyqDvu1AcOSSvRl5e.cs High entropy of concatenated method names: 'wGwqjr35h9', 'uxHqr4PwEp', 'Xt1qPW5rPA', 'Qx1qaXtNn6', 'YbOqHj0MGx', 'tVlqV2N5SM', 'OlvqXB99mG', 'WVLqBg1hX9', 'i0pq2hhpiZ', 'yWWqlNEy5X'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, bH8p3XNmQfoJKA8eku.cs High entropy of concatenated method names: 'ICsnOu6RNZ', 'FkYns3tlha', 'sdQnomcnTy', 'eKXnUkY4O9', 'Wv8nI9KI3p', 'DLknEikFdX', 'uo9nDUHMt0', 'abVnTE8bZ2', 'dN7n6kYhIy', 'isrnepp5Wn'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, qTfQUvDQoguZrmp9yH.cs High entropy of concatenated method names: 'VD5JRHoYxd', 'A3vJOYiEOo', 'uaZJswMKxj', 'zPcJo2vTKy', 'kv5JUwr9R2', 'c5UJI1tJ90', 'SLxJE3GIBv', 'NshJD7Q2wX', 'cJUJTIS8o1', 'XcaJ6Iw63r'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, VOQ4m5KO8jvf7NLmhH.cs High entropy of concatenated method names: 'ovOEjdJ9Hb', 'Go6Er6TTCW', 'EToEPtKHyQ', 'IhdEaZB2fJ', 'wB0EHw9Lkp', 'YGtEVcpG9x', 'PG0EXl7INp', 'v0mEB6D2p0', 'jk0E2ixvop', 'NjaElXwmiX'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, RQmbubB7xiBqv88hTo.cs High entropy of concatenated method names: 'erosk6il0F', 'ySRs4vxRKB', 'nsGsp1aWCF', 'Ap8s5P4jeM', 'HOYsikWqiI', 'FSMsdjT4pT', 'oEOs3BRrdN', 'AkYsNi2JO4', 'vJ3sYl24eC', 'CfUsxmFqDw'
Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.7650000.13.raw.unpack, dDwAO9sHaPfheN0kNk.cs High entropy of concatenated method names: 'Dispose', 'FvwvYjfcjh', 'OnMb07v7JM', 'mhHvvDv7MT', 'hbHvx8p3Xm', 'HfovzJKA8e', 'ProcessDialogKey', 'Qu0buTetuC', 'Y2cbvnLU8o', 'OVjbblbKmd'
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe PID: 1936, type: MEMORYSTR
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 6536 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -16602069666338586s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -100000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99875s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 5132 Thread sleep count: 8328 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 5132 Thread sleep count: 1537 > 30 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99765s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99656s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99547s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99437s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99328s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99218s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -99109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98999s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98890s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98656s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98546s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98437s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98325s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98218s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -98000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97890s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97670s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97562s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97343s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97234s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97125s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -97015s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96906s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96796s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96687s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96578s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96468s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96359s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96249s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96140s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -96031s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95919s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95812s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95703s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95593s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95484s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95375s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95265s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95156s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -95046s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -94937s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -94810s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -94703s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe TID: 1048 Thread sleep time: -94593s >= -30000s Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Window / User API: threadDelayed 8328 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Window / User API: threadDelayed 1537 Jump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 100000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99875 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99765 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99656 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99547 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99437 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99328 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99218 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 99109 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98999 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98890 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98781 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98656 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98546 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98437 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98325 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98218 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98109 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 98000 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97890 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97781 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97670 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97562 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97453 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97343 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97234 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97125 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 97015 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96906 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96796 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96687 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96578 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96468 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96359 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96249 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96140 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 96031 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95919 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95812 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95703 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95593 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95484 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95375 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95265 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95156 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 95046 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 94937 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 94810 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 94703 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Thread delayed: delay time: 94593 Jump to behavior
Source: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe, 00000003.00000002.3322598459.0000000000F10000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Enables debug privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected AgentTesla
Source: Yara match File source: 00000003.00000002.3324006845.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe PID: 6448, type: MEMORYSTR
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2071631481.0000000003FFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000003.00000002.3324006845.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe PID: 6448, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected AgentTesla
Source: Yara match File source: 00000003.00000002.3324006845.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe PID: 6448, type: MEMORYSTR
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.4039e00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.23172.5539.exe.3ffe5e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2071631481.0000000003FFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
208.91.198.143
 us2.smtp.mailhostbox.com United States
394695 PUBLIC-DOMAIN-REGISTRYUS false

Contacted Domains

Name IP Active
us2.smtp.mailhostbox.com 208.91.198.143 true