Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
ReversingLabs: Detection: 26% |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Virustotal: Detection: 30% |
Perma Link |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Joe Sandbox ML: detected |
Source: Yara match |
File source: 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe PID: 2636, type: MEMORYSTR |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process Stats: CPU usage > 49% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F1C624 |
0_2_00007FF848F1C624 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F24D51 |
0_2_00007FF848F24D51 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F25DAC |
0_2_00007FF848F25DAC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F1CDE9 |
0_2_00007FF848F1CDE9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F1586D |
0_2_00007FF848F1586D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F10F2D |
0_2_00007FF848F10F2D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F1A780 |
0_2_00007FF848F1A780 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F25E3A |
0_2_00007FF848F25E3A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F18F28 |
0_2_00007FF848F18F28 |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static PE information: No import functions for PE file found |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4553321535.000002D72CF18000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameAmovadeh0 vs SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000000.2103518247.000002D71ACF2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameAcegevuyaH vs SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Binary or memory string: OriginalFilenameAcegevuyaH vs SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, GenericCreateGlobalFunctions.cs |
Task registration methods: 'TaskStopsLongTimePattern' |
Source: classification engine |
Classification label: mal80.expl.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
ReversingLabs: Detection: 26% |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Virustotal: Detection: 30% |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
String found in binary or memory: /AddInServer |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll |
Jump to behavior |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, TaskWaitBegincDisplayClass115.cs |
.Net Code: ModuleReflectionOnlyLoadFrom |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F17963 push ebx; retf |
0_2_00007FF848F1796A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848F100BD pushad ; iretd |
0_2_00007FF848F100C1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Code function: 0_2_00007FF848FF026B push esp; retf 4810h |
0_2_00007FF848FF0312 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe PID: 2636, type: MEMORYSTR |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: WINE_GET_UNIX_FILE_NAME |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SBIEDLL.DLL |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Memory allocated: 2D71C7F0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Memory allocated: 2D734AF0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Memory allocated: 2D73D2B0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Window / User API: threadDelayed 9966 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe TID: 5300 |
Thread sleep count: 9966 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe TID: 5300 |
Thread sleep time: -9966000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
System information queried: CurrentTimeZoneInformation |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA II |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process Stats: CPU usage > 42% for more than 60s |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Process token adjusted: Debug |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |