Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
ReversingLabs: Detection: 18% |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\OneDrive\OneDrive - Haley Consulting, LLC\Projects\Client\TCC\FPDesktop\obj\Debug\FPDesktop.pdb source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 4x nop then jmp 06A06013h |
0_2_06A05DA8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 4x nop then jmp 06A06013h |
0_2_06A05D99 |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3329137545.0000000002501000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
String found in binary or memory: http://www.xguardian.net/xguardian/aws_ec2_pool_vm.cfm?Domain=theconcretecompany.com&Pool=2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D4A5F8 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, |
0_2_06D4A5F8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_00B4C1B8 |
0_2_00B4C1B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_00B4DBD0 |
0_2_00B4DBD0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06A05C14 |
0_2_06A05C14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06A05BD4 |
0_2_06A05BD4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06A0F9E0 |
0_2_06A0F9E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06A06438 |
0_2_06A06438 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06A06D91 |
0_2_06A06D91 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06A01B04 |
0_2_06A01B04 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D47E58 |
0_2_06D47E58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D44DF0 |
0_2_06D44DF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D41E60 |
0_2_06D41E60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D47E58 |
0_2_06D47E58 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D45CB0 |
0_2_06D45CB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D45BE4 |
0_2_06D45BE4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Code function: 0_2_06D44DF0 |
0_2_06D44DF0 |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000000.2082136568.00000000001A2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameFPDesktop.exe4 vs SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3328353865.000000000090E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Binary or memory string: OriginalFilenameFPDesktop.exe4 vs SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Source: classification engine |
Classification label: mal48.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
ReversingLabs: Detection: 18% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\OneDrive\OneDrive - Haley Consulting, LLC\Projects\Client\TCC\FPDesktop\obj\Debug\FPDesktop.pdb source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Static PE information: 0xA3490A5B [Sun Oct 22 20:43:07 2056 UTC] |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Memory allocated: B40000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Memory allocated: 2500000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Memory allocated: 4500000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe TID: 2852 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe, 00000000.00000002.3328353865.0000000000942000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.AdwareX-gen.9076.19863.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |