Windows Analysis Report
SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe

Overview

General Information

Sample name: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Analysis ID: 1429050
MD5: cc32b562c4288cf37e43c3035aed3621
SHA1: b0ec7f6d4bc40442b105658e9101a9ae8f687b76
SHA256: fdfb3b626e16bfc9bd0eb8b77f67f7f9ba533884aff01379086b2038d9c6dd5d
Tags: exe
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Detected potential crypto function
Enables debug privileges
Potential time zone aware malware
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: certificate valid
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\_External\ExcelDna\Source\ExcelDna\x64\Release\ExcelDna64.pdb source: FormulaDesk Math 64.xll
Source: Binary string: D:\Projects\Slyce\excel-add-ins\Installer\SmartAssembly\Output\FormulaDesk.Installer.pdb source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Source: Binary string: D:\Projects\_External\ExcelDna\Source\ExcelDna\Release\ExcelDna.pdb source: FormulaDesk Math 32.xll
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: http://ocsp.sectigo.com0%
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://sawebservice.red-gate.com/
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2970326644.00000000030E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://www.red-gate.com/products/dotnet-development/smartassembly/?utm_source=smartassemblyui&utm_me
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://www.slyce.com
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://www.smartassembly.com/webservices/Reporting/
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://www.smartassembly.com/webservices/Reporting/UploadReport2
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://www.smartassembly.com/webservices/UploadReportLogin/
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2972183197.000000001CE32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, FormulaDesk Math 32.xll, FormulaDesk Math 64.xll String found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: https://www.formuladesk.com/email-signup/
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: https://www.formuladesk.com/logevent.html
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: https://www.formuladesk.com/update/index.html?version=%Security
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Code function: 0_2_00007FFD9B883560 0_2_00007FFD9B883560
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Code function: 0_2_00007FFD9B8864F6 0_2_00007FFD9B8864F6
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000000.1714347814.0000000000D16000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameFormulaDesk.Installer.exeL vs SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2970326644.00000000030E1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameriched20.dllp( vs SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2970326644.00000000030E1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, 00000000.00000002.2970326644.00000000030E1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ,\\StringFileInfo\\000004B0\\OriginalFilename vs SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Binary or memory string: OriginalFilenameFormulaDesk.Installer.exeL vs SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Uses 32bit PE files
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe, --.cs Cryptographic APIs: 'TransformFinalBlock'
Source: classification engine Classification label: clean3.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Mutant created: NULL
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: WelcomeScreen#SmartAssembly.exe+/AddExceptionReport "
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe String found in binary or memory: D:\Projects\Slyce\excel-add-ins\Installer\SmartAssembly\Output\FormulaDesk.Installer.pdb
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\11.0\Excel\InstallRoot Jump to behavior
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: certificate valid
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static file information: File size 5543648 > 1048576
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x543000
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\_External\ExcelDna\Source\ExcelDna\x64\Release\ExcelDna64.pdb source: FormulaDesk Math 64.xll
Source: Binary string: D:\Projects\Slyce\excel-add-ins\Installer\SmartAssembly\Output\FormulaDesk.Installer.pdb source: SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe
Source: Binary string: D:\Projects\_External\ExcelDna\Source\ExcelDna\Release\ExcelDna.pdb source: FormulaDesk Math 32.xll
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Code function: 0_2_00007FFD9B889DA7 push edx; iretd 0_2_00007FFD9B889DBB
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Memory allocated: 1240000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Memory allocated: 1B0E0000 memory reserve | memory write watch Jump to behavior
Potential time zone aware malware
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Enables debug privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Process token adjusted: Debug Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1429050 Sample: SecuriteInfo.com.PUA.MSIL.E... Startdate: 20/04/2024 Architecture: WINDOWS Score: 3 4 SecuriteInfo.com.PUA.MSIL.Exceldna.15523.25242.exe 2 2->4         started       
No contacted IP infos