Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File created: C:\Users\user~1\AppData\Local\Temp\OCLC.OPEN.FrontendInstaller00000.log |
Jump to behavior |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb0 source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\sfxca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\setup.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdbPRh{ source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scaexec.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb| source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: z: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: x: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: v: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: t: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: r: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: p: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: n: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: l: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: j: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: h: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: f: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: b: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: y: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: w: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: u: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: s: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: q: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: o: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: m: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: k: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: i: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: g: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: e: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: c: |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File opened: a: |
Jump to behavior |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
DNS traffic detected: queries for: time.windows.com |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.00000000011F2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamescaexec.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.00000000011F2000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamesetup.exeL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameOCLC.OPEN.CustomActions.dllD vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameSfxCA.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameprinteula.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.000000000118B000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamewixca.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.000000000118B000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamescasched.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenameOCLC.OPEN.CustomActions.dllD vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenameSfxCA.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenameprinteula.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenamewixca.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenamescasched.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenamescaexec.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Binary or memory string: OriginalFilenamesetup.exeL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean2.winEXE@2/2@1/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File created: C:\Users\user~1\AppData\Local\Temp\{5BDC703B-E4F6-43C5-8B5F-3A45E826F992}\ |
Jump to behavior |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe "C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe" |
Source: unknown |
Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: srpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: tsappcmp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: msihnd.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: pcacli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Windows\System32\msiexec.exe |
Section loaded: tsappcmp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56ad4c5d-b908-4f85-8ff1-7940c29b3bcf}\InProcServer32 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static file information: File size 15797760 > 1048576 |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xf01c00 |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb0 source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\sfxca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\setup.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdbPRh{ source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scaexec.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: |
Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb| source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File created: C:\Users\user~1\AppData\Local\Temp\OCLC.OPEN.FrontendInstaller00000.log |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Code function: 0_2_00336A2F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
0_2_00336A2F |