Click to jump to signature section
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File created: C:\Users\user~1\AppData\Local\Temp\OCLC.OPEN.FrontendInstaller00000.log | Jump to behavior |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb0 source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\sfxca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\setup.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdbPRh{ source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scaexec.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb| source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: z: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: x: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: v: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: t: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: r: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: p: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: n: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: l: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: j: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: h: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: f: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: b: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: y: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: w: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: u: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: s: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: q: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: o: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: m: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: k: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: i: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: g: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: e: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: c: | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File opened: a: | Jump to behavior |
Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown | DNS traffic detected: queries for: time.windows.com |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.00000000011F2000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamescaexec.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.00000000011F2000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamesetup.exeL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameOCLC.OPEN.CustomActions.dllD vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameSfxCA.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.0000000001155000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameprinteula.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.000000000118B000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamewixca.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, 00000000.00000000.1371918454.000000000118B000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamescasched.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenameOCLC.OPEN.CustomActions.dllD vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenameSfxCA.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenameprinteula.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenamewixca.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenamescasched.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenamescaexec.dllL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Binary or memory string: OriginalFilenamesetup.exeL vs SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine | Classification label: clean2.winEXE@2/2@1/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File created: C:\Users\user~1\AppData\Local\Temp\{5BDC703B-E4F6-43C5-8B5F-3A45E826F992}\ | Jump to behavior |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe "C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe" |
Source: unknown | Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: srpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: tsappcmp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: msihnd.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: pcacli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | Section loaded: tsappcmp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56ad4c5d-b908-4f85-8ff1-7940c29b3bcf}\InProcServer32 | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static file information: File size 15797760 > 1048576 |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xf01c00 |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb0 source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\sfxca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: E:\delivery\Dev\wix37_public\build\ship\x86\setup.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdbPRh{ source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scaexec.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\PrintEula.pdb source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: | Binary string: C:\delivery\Dev\wix35_public\build\ship\x86\scasched.pdb| source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe, OCLC.OPEN.FrontendInstaller.msi.0.dr |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File created: C:\Users\user~1\AppData\Local\Temp\OCLC.OPEN.FrontendInstaller00000.log | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | File Volume queried: C:\ FullSizeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Downloader.MSIL.gen.rexp.13867.10030.exe | Code function: 0_2_00336A2F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, | 0_2_00336A2F |