Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe

Overview

General Information

Sample name:SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe
Analysis ID:1617367
MD5:1174c68cc0963934ab411ae67c91e185
SHA1:5872f7d68d6500c641755de2fc9c69019a269d6e
SHA256:3f43d89c42b8785ad4ed9aecdc397dadd4f68084fb95af61c77e5acfb26fb7e1
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
Installs a global keyboard hook
Sample or dropped binary is a compiled AutoHotkey binary
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe (PID: 6820 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe" MD5: 1174C68CC0963934AB411AE67C91E185)
    • SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe (PID: 3644 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe" /script /f "\\.\pipe\AHKPNDFNIOH" MD5: 1174C68CC0963934AB411AE67C91E185)
      • cmd.exe (PID: 3824 cmdline: C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 1196 cmdline: powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" MD5: 04029E121A0CFA5991749937DD22A1D9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt", CommandLine: C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe" /script /f "\\.\pipe\AHKPNDFNIOH" , ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, ParentProcessId: 3644, ParentProcessName: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt", ProcessId: 3824, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" , CommandLine: powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" , CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3824, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" , ProcessId: 1196, ProcessName: powershell.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-02-17T20:36:45.469277+010020283713Unknown Traffic192.168.2.749706132.145.76.202443TCP
2025-02-17T20:36:46.473705+010020283713Unknown Traffic192.168.2.749707132.145.76.202443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeReversingLabs: Detection: 18%
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeVirustotal: Detection: 22%Perma Link
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 132.145.76.202:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 132.145.76.202:443 -> 192.168.2.7:49707 version: TLS 1.2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BA270 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00000001400BA270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BA370 FindFirstFileW,FindClose,FindFirstFileW,FindClose,0_2_00000001400BA370
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400742C0 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose,0_2_00000001400742C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004A390 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_000000014004A390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008E5C0 GetFileAttributesW,FindFirstFileW,FindClose,0_2_000000014008E5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140074620 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,free,0_2_0000000140074620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140074C70 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,0_2_0000000140074C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008DFD0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,0_2_000000014008DFD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BA270 GetFileAttributesW,FindFirstFileW,FindClose,2_2_00000001400BA270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BA370 FindFirstFileW,FindClose,FindFirstFileW,FindClose,2_2_00000001400BA370
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400742C0 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose,2_2_00000001400742C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004A390 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,2_2_000000014004A390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008E5C0 GetFileAttributesW,FindFirstFileW,FindClose,2_2_000000014008E5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140074620 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,free,2_2_0000000140074620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140074C70 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,2_2_0000000140074C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008DFD0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,2_2_000000014008DFD0
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49706 -> 132.145.76.202:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49707 -> 132.145.76.202:443
Source: global trafficHTTP traffic detected: GET /hash2411/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: nikantahk.ftp.sh
Source: global trafficHTTP traffic detected: GET /check_key/ZTYEYRXMQ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: nikantahk.ftp.sh
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EEDA8 InternetReadFile,0_2_00000001400EEDA8
Source: global trafficHTTP traffic detected: GET /nikantahhk/skreenahkafk/refs/heads/main/install_ahk0_1.exe HTTP/1.1User-Agent: AutoHotkeyHost: raw.githubusercontent.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /hash2411/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: nikantahk.ftp.sh
Source: global trafficHTTP traffic detected: GET /check_key/ZTYEYRXMQ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: nikantahk.ftp.sh
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: nikantahk.ftp.sh
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2694990596.0000000140001000.00000040.00000001.01000000.00000003.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://autohotkey.com
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000000.00000002.1480333623.0000000140001000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2694990596.0000000140001000.00000040.00000001.01000000.00000003.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://autohotkey.comCould
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/check_key/
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2694080948.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/check_key/ZTYEYRXMQ
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1516905626.00000000032F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/check_key/ZTYEYRXMQI~
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/hash2411/
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/nfo
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/wsSe
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh/y
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.0000000000974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nikantahk.ftp.sh:443/hash2411/
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000095D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://racom/nikantahrefs/heads/main/0.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000095D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raent.com/nikantah/heads/main/858.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000094F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000094D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000094F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000094D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/T
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/676.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/7685.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/832.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/833.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/836.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/837.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/839.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/843.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/846.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/858.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/9896.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/anti_afk.exe
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/bilet.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/bonusf10.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/conf.ini
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/dostf10.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/eda0.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/glosf10.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/goles.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/imeg_5vito.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000094F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000094D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/install_ahk0_1.exeb~
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.00000000008C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/install_ahk0_1.exee~
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/install_ahk0_1.exeinstall_
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/kazik.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/loter.png
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/password.ahk
Source: install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/password_secretive.ahk
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/pers.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/persf10.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/ragu.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/res2.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/shopf10.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/smuzi.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/test123.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693696124.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, install_ahk0_1.exe.2.drString found in binary or memory: https://raw.githubusercontent.com/nikantahhk/skreenahkafk/refs/heads/main/zadanf10.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000095D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.m/nikantahhkfs/heads/main/test123.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000095D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.t.com/nikantahhkeads/main/peers.png
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000095D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rawnt.com/nikantahhheads/main/pe.ahk
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 132.145.76.202:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 132.145.76.202:443 -> 192.168.2.7:49707 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140007240 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard,0_2_0000000140007240
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BD430 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,0_2_00000001400BD430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EEBF8 SetClipboardData,0_2_00000001400EEBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140006EA0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,0_2_0000000140006EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BD430 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,2_2_00000001400BD430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EEBF8 SetClipboardData,2_2_00000001400EEBF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140006EA0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,2_2_0000000140006EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140007120 GetClipboardFormatNameW,GetClipboardData,0_2_0000000140007120
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140062000 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyCursor,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,0_2_0000000140062000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001D180 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,SendInput,0_2_000000014001D180
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140001BAC GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer,0_2_0000000140001BAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140001BAC GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer,2_2_0000000140001BAC

System Summary

barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140063220 RegisterClipboardFormatW,GetMenu,CheckMenuItem,MoveWindow,GetSysColor,SetBkColor,SetTextColor,GetSysColorBrush,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DrawIconEx,ExcludeClipRect,CreateRectRgn,GetClipRgn,GetSysColorBrush,FillRgn,DeleteObject,GetClipBox,FillRect,GetClientRect,MoveWindow,MoveWindow,MoveWindow,InvalidateRect,ShowWindow,Shell_NotifyIconW,Shell_NotifyIconW,RegisterClipboardFormatW,SendMessageTimeoutW,PostMessageW,SendMessageTimeoutW,PostMessageW,inet_ntoa,_itow,NtdllDefWindowProc_W,0_2_0000000140063220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3FEC ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A7FF8 NtdllDialogWndProc_W,0_2_00000001400A7FF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A404A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A404A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8060 NtdllDialogWndProc_W,0_2_00000001400A8060
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A40A8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A40A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A40D9 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A40D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A80D7 NtdllDialogWndProc_W,0_2_00000001400A80D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A834C NtdllDialogWndProc_W,0_2_00000001400A834C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006337B NtdllDefWindowProc_W,0_2_000000014006337B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400633AE SetFocus,NtdllDefWindowProc_W,0_2_00000001400633AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8760 NtdllDialogWndProc_W,0_2_00000001400A8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A87E8 GetClipBox,FillRect,NtdllDialogWndProc_W,0_2_00000001400A87E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8834 NtdllDialogWndProc_W,0_2_00000001400A8834
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8875 FillRect,SetBkColor,GetClassLongPtrW,FillRect,SetTextColor,SendMessageW,SendMessageW,DrawTextW,SetTextColor,NtdllDialogWndProc_W,0_2_00000001400A8875
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE890 NtdllDefWindowProc_W,GetMenuStringW,SetMenu,GetPropW,SetPropW,RedrawWindow,SetParent,PtInRect,InsertMenuItemW,SetMenuDefaultItem,SetMenuItemInfoW,CreateMenu,CreatePopupMenu,SetMenuInfo,AppendMenuW,0_2_00000001400EE890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE958 NtdllDialogWndProc_W,0_2_00000001400EE958
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A89CF NtdllDialogWndProc_W,0_2_00000001400A89CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A89F4 ScreenToClient,EnumChildWindows,GetDlgCtrlID,PostMessageW,NtdllDialogWndProc_W,0_2_00000001400A89F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140063A99 PostMessageW,NtdllDefWindowProc_W,0_2_0000000140063A99
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8AB8 NtdllDialogWndProc_W,0_2_00000001400A8AB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8AD8 NtdllDialogWndProc_W,0_2_00000001400A8AD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8C16 ShowWindow,PostMessageW,NtdllDialogWndProc_W,0_2_00000001400A8C16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8C6D GetDlgCtrlID,NtdllDialogWndProc_W,0_2_00000001400A8C6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140063C96 NtdllDefWindowProc_W,0_2_0000000140063C96
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A8CAC GetSysColor,SetTextColor,SetBkMode,GetStockObject,SetBkColor,SetBkColor,GetSysColor,SetBkColor,GetSysColorBrush,GetSysColor,SetBkColor,GetSysColorBrush,NtdllDialogWndProc_W,0_2_00000001400A8CAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3E60 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,0_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A7EA0 PostMessageW,PostMessageW,DragQueryPoint,ClientToScreen,EnumChildWindows,GetDlgCtrlID,PostMessageW,DragFinish,NtdllDialogWndProc_W,0_2_00000001400A7EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3F8F ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3F8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A7F8D SendMessageW,PostMessageW,NtdllDialogWndProc_W,0_2_00000001400A7F8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3F85 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3F85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3FBA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3FBA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140063220 RegisterClipboardFormatW,GetMenu,CheckMenuItem,MoveWindow,GetSysColor,SetBkColor,SetTextColor,GetSysColorBrush,CreateCompatibleDC,SelectObject,BitBlt,SelectObject,DeleteDC,DrawIconEx,ExcludeClipRect,CreateRectRgn,GetClipRgn,GetSysColorBrush,FillRgn,DeleteObject,GetClipBox,FillRect,GetClientRect,MoveWindow,MoveWindow,MoveWindow,InvalidateRect,ShowWindow,Shell_NotifyIconW,Shell_NotifyIconW,RegisterClipboardFormatW,SendMessageTimeoutW,PostMessageW,SendMessageTimeoutW,PostMessageW,inet_ntoa,_itow,NtdllDefWindowProc_W,2_2_0000000140063220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3E60 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,2_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A7EA0 PostMessageW,PostMessageW,DragQueryPoint,ClientToScreen,EnumChildWindows,GetDlgCtrlID,PostMessageW,DragFinish,NtdllDialogWndProc_W,2_2_00000001400A7EA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3FEC ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8FE2 NtdllDialogWndProc_W,2_2_00000001400A8FE2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A7FF8 NtdllDialogWndProc_W,2_2_00000001400A7FF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A404A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A404A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8060 NtdllDialogWndProc_W,2_2_00000001400A8060
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A40A8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A40A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A40D9 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A40D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A80D7 NtdllDialogWndProc_W,2_2_00000001400A80D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A834C NtdllDialogWndProc_W,2_2_00000001400A834C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006337B NtdllDefWindowProc_W,2_2_000000014006337B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400633AE SetFocus,NtdllDefWindowProc_W,2_2_00000001400633AE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8760 NtdllDialogWndProc_W,2_2_00000001400A8760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A87E8 GetClipBox,FillRect,NtdllDialogWndProc_W,2_2_00000001400A87E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8834 NtdllDialogWndProc_W,2_2_00000001400A8834
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8875 FillRect,SetBkColor,GetClassLongPtrW,FillRect,SetTextColor,SendMessageW,SendMessageW,DrawTextW,SetTextColor,NtdllDialogWndProc_W,2_2_00000001400A8875
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE890 NtdllDefWindowProc_W,2_2_00000001400EE890
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE958 NtdllDialogWndProc_W,2_2_00000001400EE958
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A89CF NtdllDialogWndProc_W,2_2_00000001400A89CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A89F4 ScreenToClient,EnumChildWindows,GetDlgCtrlID,PostMessageW,NtdllDialogWndProc_W,2_2_00000001400A89F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140063A99 PostMessageW,NtdllDefWindowProc_W,2_2_0000000140063A99
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8AB8 NtdllDialogWndProc_W,2_2_00000001400A8AB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8AD8 NtdllDialogWndProc_W,2_2_00000001400A8AD8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8C16 ShowWindow,PostMessageW,NtdllDialogWndProc_W,2_2_00000001400A8C16
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8C6D GetDlgCtrlID,NtdllDialogWndProc_W,2_2_00000001400A8C6D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140063C96 NtdllDefWindowProc_W,2_2_0000000140063C96
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A8CAC GetSysColor,SetTextColor,SetBkMode,GetStockObject,SetBkColor,SetBkColor,GetSysColor,SetBkColor,GetSysColorBrush,GetSysColor,SetBkColor,GetSysColorBrush,NtdllDialogWndProc_W,2_2_00000001400A8CAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3F8F ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3F8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A7F8D SendMessageW,PostMessageW,NtdllDialogWndProc_W,2_2_00000001400A7F8D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3F85 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3F85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3FBA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3FBA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006C870: _swprintf,CreateFileW,DeviceIoControl,CloseHandle,0_2_000000014006C870
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008E640 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_000000014008E640
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE810 ExtractIconW,EnumDisplayMonitors,RegisterClipboardFormatW,ExitWindowsEx,0_2_00000001400EE810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE820 SetWindowPos,RegisterClipboardFormatW,ExitWindowsEx,0_2_00000001400EE820
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE858 IsIconic,RegisterClipboardFormatW,ExitWindowsEx,0_2_00000001400EE858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE900 ExitWindowsEx,0_2_00000001400EE900
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008E640 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_000000014008E640
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE810 ExtractIconW,EnumDisplayMonitors,RegisterClipboardFormatW,ExitWindowsEx,2_2_00000001400EE810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE820 SetWindowPos,RegisterClipboardFormatW,DialogBoxParamW,GetMenuStringW,ExitWindowsEx,SetMenu,GetPropW,SetPropW,RedrawWindow,2_2_00000001400EE820
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE858 IsIconic,RegisterClipboardFormatW,ExitWindowsEx,2_2_00000001400EE858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE898 SetForegroundWindow,DialogBoxParamW,ExitWindowsEx,2_2_00000001400EE898
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE900 ExitWindowsEx,2_2_00000001400EE900
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400291A00_2_00000001400291A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400632200_2_0000000140063220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002A2490_2_000000014002A249
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400332700_2_0000000140033270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400962C00_2_00000001400962C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400793100_2_0000000140079310
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400933900_2_0000000140093390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002B3D70_2_000000014002B3D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002A7570_2_000000014002A757
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BC9300_2_00000001400BC930
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140001BAC0_2_0000000140001BAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140080F000_2_0000000140080F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140094FD10_2_0000000140094FD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400620000_2_0000000140062000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E5FF40_2_00000001400E5FF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005D01B0_2_000000014005D01B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400140300_2_0000000140014030
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007D0400_2_000000014007D040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400130500_2_0000000140013050
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005B0900_2_000000014005B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DD0980_2_00000001400DD098
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005E0A00_2_000000014005E0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A00B00_2_00000001400A00B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DE0A40_2_00000001400DE0A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400710D00_2_00000001400710D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E00DC0_2_00000001400E00DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400570E00_2_00000001400570E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A60ED0_2_00000001400A60ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400971100_2_0000000140097110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C1100_2_000000014009C110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400591400_2_0000000140059140
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006D1420_2_000000014006D142
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008D1600_2_000000014008D160
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400821B00_2_00000001400821B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008B1D00_2_000000014008B1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400841F00_2_00000001400841F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007C1F00_2_000000014007C1F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400CA2100_2_00000001400CA210
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400AC2100_2_00000001400AC210
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E12040_2_00000001400E1204
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BF2200_2_00000001400BF220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400112700_2_0000000140011270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400722B00_2_00000001400722B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A32CB0_2_00000001400A32CB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005D2C80_2_000000014005D2C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E62C80_2_00000001400E62C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A32D90_2_00000001400A32D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A32E40_2_00000001400A32E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006F3200_2_000000014006F320
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005331B0_2_000000014005331B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400873300_2_0000000140087330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400063700_2_0000000140006370
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009A3800_2_000000014009A380
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE3880_2_00000001400EE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014000338D0_2_000000014000338D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400163900_2_0000000140016390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A33A00_2_00000001400A33A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400703A00_2_00000001400703A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008A3980_2_000000014008A398
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A33B90_2_00000001400A33B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A33C10_2_00000001400A33C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE3E00_2_00000001400EE3E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A33D70_2_00000001400A33D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE3E80_2_00000001400EE3E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE3F80_2_00000001400EE3F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400414080_2_0000000140041408
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400474200_2_0000000140047420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400394200_2_0000000140039420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001C4300_2_000000014001C430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400AA4600_2_00000001400AA460
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE4680_2_00000001400EE468
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE4800_2_00000001400EE480
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE4880_2_00000001400EE488
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004D4900_2_000000014004D490
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005B49B0_2_000000014005B49B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE4A80_2_00000001400EE4A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400574B00_2_00000001400574B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400684C00_2_00000001400684C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006E4C00_2_000000014006E4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001B4C00_2_000000014001B4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE4C80_2_00000001400EE4C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007A4E00_2_000000014007A4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400594E00_2_00000001400594E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE5000_2_00000001400EE500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400435060_2_0000000140043506
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007B5100_2_000000014007B510
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE5080_2_00000001400EE508
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A55700_2_00000001400A5570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014000F5700_2_000000014000F570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001D5800_2_000000014001D580
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008958F0_2_000000014008958F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006A5A00_2_000000014006A5A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400185A00_2_00000001400185A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400B55B00_2_00000001400B55B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A95C00_2_00000001400A95C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400585E00_2_00000001400585E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005C5E00_2_000000014005C5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400646100_2_0000000140064610
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE6180_2_00000001400EE618
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005363B0_2_000000014005363B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400676500_2_0000000140067650
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A565B0_2_00000001400A565B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C66D0_2_000000014009C66D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400826700_2_0000000140082670
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006C6700_2_000000014006C670
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C67C0_2_000000014009C67C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008869E0_2_000000014008869E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400666A00_2_00000001400666A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C6980_2_000000014009C698
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C6BA0_2_000000014009C6BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400196C00_2_00000001400196C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C6DB0_2_000000014009C6DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C6E70_2_000000014009C6E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C70D0_2_000000014009C70D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400AE7200_2_00000001400AE720
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C74E0_2_000000014009C74E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002E7500_2_000000014002E750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400927600_2_0000000140092760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005E7600_2_000000014005E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EC78C0_2_00000001400EC78C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008D7900_2_000000014008D790
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A67880_2_00000001400A6788
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014003F7990_2_000000014003F799
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BE7C00_2_00000001400BE7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001F7C00_2_000000014001F7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009E7F80_2_000000014009E7F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400708100_2_0000000140070810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014000280B0_2_000000014000280B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400508300_2_0000000140050830
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004D8300_2_000000014004D830
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400408A30_2_00000001400408A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004B8E00_2_000000014004B8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400158E00_2_00000001400158E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006C9400_2_000000014006C940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004E9700_2_000000014004E970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400599800_2_0000000140059980
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A599C0_2_00000001400A599C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007E9B00_2_000000014007E9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140047A150_2_0000000140047A15
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005DA1D0_2_000000014005DA1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A4A400_2_00000001400A4A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140069A500_2_0000000140069A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004FA700_2_000000014004FA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A6A650_2_00000001400A6A65
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140060A800_2_0000000140060A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140021A900_2_0000000140021A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400B8AC00_2_00000001400B8AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140087AC00_2_0000000140087AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140072AE00_2_0000000140072AE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005AB100_2_000000014005AB10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006BB900_2_000000014006BB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140012C300_2_0000000140012C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140042C350_2_0000000140042C35
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001DC500_2_000000014001DC50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BAC700_2_00000001400BAC70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400C4C800_2_00000001400C4C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005FC800_2_000000014005FC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005DC820_2_000000014005DC82
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140055C900_2_0000000140055C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009BCA00_2_000000014009BCA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140023CA00_2_0000000140023CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140046D490_2_0000000140046D49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007ED680_2_000000014007ED68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400ECD700_2_00000001400ECD70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140058D700_2_0000000140058D70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008BD900_2_000000014008BD90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140053D900_2_0000000140053D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400D4DC00_2_00000001400D4DC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140099DB30_2_0000000140099DB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DBDB40_2_00000001400DBDB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140091DD00_2_0000000140091DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140098DE00_2_0000000140098DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140076DE00_2_0000000140076DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A5DE10_2_00000001400A5DE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008AE000_2_000000014008AE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140087E300_2_0000000140087E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140054E300_2_0000000140054E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3E600_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006AE600_2_000000014006AE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001FE900_2_000000014001FE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400AFEA00_2_00000001400AFEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007FEB00_2_000000014007FEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014007DED00_2_000000014007DED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140064EE00_2_0000000140064EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140037EE00_2_0000000140037EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A0EF00_2_00000001400A0EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006DEF90_2_000000014006DEF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004CF200_2_000000014004CF20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140051F500_2_0000000140051F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140057F600_2_0000000140057F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140065F900_2_0000000140065F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005EFD00_2_000000014005EFD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014000AFE00_2_000000014000AFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400140302_2_0000000140014030
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400130502_2_0000000140013050
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C1102_2_000000014009C110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400291A02_2_00000001400291A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400E12042_2_00000001400E1204
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400632202_2_0000000140063220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400722B02_2_00000001400722B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400962C02_2_00000001400962C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400E62C82_2_00000001400E62C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400793102_2_0000000140079310
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400933902_2_0000000140093390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002B3D72_2_000000014002B3D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005B49B2_2_000000014005B49B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002A7572_2_000000014002A757
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BE7C02_2_00000001400BE7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004FA702_2_000000014004FA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140001BAC2_2_0000000140001BAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140055C902_2_0000000140055C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008AE002_2_000000014008AE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3E602_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140037EE02_2_0000000140037EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400620002_2_0000000140062000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400E5FF42_2_00000001400E5FF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005D01B2_2_000000014005D01B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007D0402_2_000000014007D040
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005B0902_2_000000014005B090
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400DD0982_2_00000001400DD098
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005E0A02_2_000000014005E0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A00B02_2_00000001400A00B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400DE0A42_2_00000001400DE0A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400710D02_2_00000001400710D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400E00DC2_2_00000001400E00DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400570E02_2_00000001400570E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A60ED2_2_00000001400A60ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400971102_2_0000000140097110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400591402_2_0000000140059140
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006D1422_2_000000014006D142
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008D1602_2_000000014008D160
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400821B02_2_00000001400821B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008B1D02_2_000000014008B1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400841F02_2_00000001400841F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007C1F02_2_000000014007C1F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400CA2102_2_00000001400CA210
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400AC2102_2_00000001400AC210
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BF2202_2_00000001400BF220
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002A2492_2_000000014002A249
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400332702_2_0000000140033270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400112702_2_0000000140011270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A32CB2_2_00000001400A32CB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005D2C82_2_000000014005D2C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A32D92_2_00000001400A32D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A32E42_2_00000001400A32E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006F3202_2_000000014006F320
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005331B2_2_000000014005331B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400873302_2_0000000140087330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400063702_2_0000000140006370
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009A3802_2_000000014009A380
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE3882_2_00000001400EE388
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014000338D2_2_000000014000338D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400163902_2_0000000140016390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A33A02_2_00000001400A33A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400703A02_2_00000001400703A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008A3982_2_000000014008A398
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A33B92_2_00000001400A33B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A33C12_2_00000001400A33C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE3E02_2_00000001400EE3E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A33D72_2_00000001400A33D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE3F02_2_00000001400EE3F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE3E82_2_00000001400EE3E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4002_2_00000001400EE400
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE3F82_2_00000001400EE3F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400414082_2_0000000140041408
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400474202_2_0000000140047420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400394202_2_0000000140039420
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001C4302_2_000000014001C430
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400AA4602_2_00000001400AA460
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4802_2_00000001400EE480
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4882_2_00000001400EE488
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004D4902_2_000000014004D490
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4A82_2_00000001400EE4A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400574B02_2_00000001400574B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400684C02_2_00000001400684C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006E4C02_2_000000014006E4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001B4C02_2_000000014001B4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4C82_2_00000001400EE4C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007A4E02_2_000000014007A4E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4D82_2_00000001400EE4D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400594E02_2_00000001400594E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE4E82_2_00000001400EE4E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE5002_2_00000001400EE500
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400435062_2_0000000140043506
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE5102_2_00000001400EE510
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007B5102_2_000000014007B510
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE5082_2_00000001400EE508
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A55702_2_00000001400A5570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014000F5702_2_000000014000F570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001D5802_2_000000014001D580
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008958F2_2_000000014008958F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006A5A02_2_000000014006A5A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400185A02_2_00000001400185A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400B55B02_2_00000001400B55B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A95C02_2_00000001400A95C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE5D02_2_00000001400EE5D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400585E02_2_00000001400585E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005C5E02_2_000000014005C5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE6102_2_00000001400EE610
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400646102_2_0000000140064610
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005363B2_2_000000014005363B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400676502_2_0000000140067650
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A565B2_2_00000001400A565B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C66D2_2_000000014009C66D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400826702_2_0000000140082670
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006C6702_2_000000014006C670
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C67C2_2_000000014009C67C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008869E2_2_000000014008869E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400666A02_2_00000001400666A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C6982_2_000000014009C698
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C6BA2_2_000000014009C6BA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400196C02_2_00000001400196C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C6DB2_2_000000014009C6DB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C6E72_2_000000014009C6E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C70D2_2_000000014009C70D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400AE7202_2_00000001400AE720
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C74E2_2_000000014009C74E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002E7502_2_000000014002E750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400927602_2_0000000140092760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005E7602_2_000000014005E760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EC78C2_2_00000001400EC78C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008D7902_2_000000014008D790
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A67882_2_00000001400A6788
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014003F7992_2_000000014003F799
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001F7C02_2_000000014001F7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009E7F82_2_000000014009E7F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400708102_2_0000000140070810
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014000280B2_2_000000014000280B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400508302_2_0000000140050830
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004D8302_2_000000014004D830
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400408A32_2_00000001400408A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004B8E02_2_000000014004B8E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400158E02_2_00000001400158E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BC9302_2_00000001400BC930
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006C9402_2_000000014006C940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004E9702_2_000000014004E970
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400599802_2_0000000140059980
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A599C2_2_00000001400A599C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007E9B02_2_000000014007E9B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140047A152_2_0000000140047A15
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005DA1D2_2_000000014005DA1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A4A402_2_00000001400A4A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140069A502_2_0000000140069A50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A6A652_2_00000001400A6A65
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140060A802_2_0000000140060A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140021A902_2_0000000140021A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400B8AC02_2_00000001400B8AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140087AC02_2_0000000140087AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140072AE02_2_0000000140072AE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005AB102_2_000000014005AB10
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006BB902_2_000000014006BB90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140012C302_2_0000000140012C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140042C352_2_0000000140042C35
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001DC502_2_000000014001DC50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BAC702_2_00000001400BAC70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400C4C802_2_00000001400C4C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005FC802_2_000000014005FC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005DC822_2_000000014005DC82
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009BCA02_2_000000014009BCA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140023CA02_2_0000000140023CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140046D492_2_0000000140046D49
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007ED682_2_000000014007ED68
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400ECD702_2_00000001400ECD70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140058D702_2_0000000140058D70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008BD902_2_000000014008BD90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140053D902_2_0000000140053D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400D4DC02_2_00000001400D4DC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140099DB32_2_0000000140099DB3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400DBDB42_2_00000001400DBDB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140091DD02_2_0000000140091DD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140098DE02_2_0000000140098DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140076DE02_2_0000000140076DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A5DE12_2_00000001400A5DE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140087E302_2_0000000140087E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140054E302_2_0000000140054E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006AE602_2_000000014006AE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001FE902_2_000000014001FE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400AFEA02_2_00000001400AFEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007FEB02_2_000000014007FEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014007DED02_2_000000014007DED0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140064EE02_2_0000000140064EE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A0EF02_2_00000001400A0EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140080F002_2_0000000140080F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014006DEF92_2_000000014006DEF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004CF202_2_000000014004CF20
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140051F502_2_0000000140051F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140057F602_2_0000000140057F60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140065F902_2_0000000140065F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005EFD02_2_000000014005EFD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140094FD12_2_0000000140094FD1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014000AFE02_2_000000014000AFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400ABEF0 appears 40 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 000000014004E5E0 appears 884 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400B9320 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400D7260 appears 124 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400D7D74 appears 56 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400D77F8 appears 50 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 000000014000DA20 appears 58 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400EE238 appears 54 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400EEAA8 appears 34 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 000000014004E250 appears 124 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400E0AF0 appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400EE578 appears 32 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: String function: 00000001400D6A8C appears 774 times
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
Source: install_ahk0_1.exe.2.drStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeStatic PE information: Section: .MPRESS1 ZLIB complexity 1.0003226298845471
Source: classification engineClassification label: mal64.spyw.evad.winEXE@8/6@2/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004FA70 _swprintf,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,0_2_000000014004FA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008E640 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_000000014008E640
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008E640 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_000000014008E640
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014006C280 wcsncpy,GetDiskFreeSpaceExW,free,0_2_000000014006C280
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008E8D0 CreateToolhelp32Snapshot,Process32FirstW,_wcstoi64,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle,0_2_000000014008E8D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008D160 CoInitialize,CoCreateInstance,GetKeyboardLayout,GetFullPathNameW,free,CoUninitialize,0_2_000000014008D160
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BB4B0 LoadLibraryExW,EnumResourceNamesW,FindResourceW,LoadResource,LockResource,GetSystemMetrics,FindResourceW,LoadResource,LockResource,SizeofResource,CreateIconFromResourceEx,FreeLibrary,ExtractIconW,0_2_00000001400BB4B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeFile created: C:\Users\user\Desktop\install_ahk0_1.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeMutant created: \Sessions\1\BaseNamedObjects\Ahk_OnlyOne_3636038109
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1552:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeMutant created: \Sessions\1\BaseNamedObjects\AHK Keybd
Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user~1\AppData\Local\Temp\hashresult.txtJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeFile read: C:\Users\user\Desktop\conf.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeReversingLabs: Detection: 18%
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeVirustotal: Detection: 22%
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe" /script /f "\\.\pipe\AHKPNDFNIOH"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe" /script /f "\\.\pipe\AHKPNDFNIOH" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" > "C:\Users\user~1\AppData\Local\Temp\hashresult.txt"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeFile written: C:\Users\user\Desktop\conf.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeStatic PE information: Image base 0x140000000 > 0x60000000

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeUnpacked PE file: 0.2.SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe.140000000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeUnpacked PE file: 2.2.SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe.140000000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E3028 LoadLibraryW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,0_2_00000001400E3028
Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeStatic PE information: section name: .MPRESS1
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeStatic PE information: section name: .MPRESS2
Source: install_ahk0_1.exe.2.drStatic PE information: section name: text
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DF2E0 push rbp; iretd 0_2_00000001400DF7D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400DF2E0 push rbp; iretd 2_2_00000001400DF7D8
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeStatic PE information: section name: .MPRESS1 entropy: 7.999684975476973
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeFile created: C:\Users\user\Desktop\install_ahk0_1.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3FEC ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DFE7 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DFE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140062000 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyCursor,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,0_2_0000000140062000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DFF6 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DFF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A404A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A404A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A00B0 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,0_2_00000001400A00B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A40A8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A40A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A40D9 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A40D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009C110 realloc,SendMessageW,MulDiv,MulDiv,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,0_2_000000014009C110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400642E0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,0_2_00000001400642E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140087330 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,_swprintf,free,free,0_2_0000000140087330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400AA460 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,0_2_00000001400AA460
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BE5F0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,0_2_00000001400BE5F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BE7C0 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop,0_2_00000001400BE7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400EE858 IsIconic,RegisterClipboardFormatW,ExitWindowsEx,0_2_00000001400EE858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014005D972 IsZoomed,IsIconic,0_2_000000014005D972
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400AE9D0 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow,0_2_00000001400AE9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BAA30 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,0_2_00000001400BAA30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140060A80 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,_swprintf,free,ReleaseDC,SelectObject,DeleteDC,DeleteObject,free,free,GetPixel,ReleaseDC,free,free,0_2_0000000140060A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140076B80 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow,0_2_0000000140076B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3E60 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,0_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3E60 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,0_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DF4D GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DF4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140051F50 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,0_2_0000000140051F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DF5D MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DF5D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DF55 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DF55
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DF6B MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DF6B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3F8F ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3F8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140065F90 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,free,0_2_0000000140065F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3F85 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3F85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014009DFAF MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,0_2_000000014009DFAF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400A3FBA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,0_2_00000001400A3FBA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009C110 realloc,SendMessageW,MulDiv,MulDiv,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,realloc,realloc,free,free,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,2_2_000000014009C110
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BE5F0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,2_2_00000001400BE5F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BE7C0 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop,2_2_00000001400BE7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3E60 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,2_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3E60 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,2_2_00000001400A3E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3FEC ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3FEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DFE7 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DFE7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140062000 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyCursor,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,free,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,free,free,free,free,2_2_0000000140062000
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DFF6 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DFF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A404A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A404A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A00B0 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,2_2_00000001400A00B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A40A8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A40A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A40D9 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A40D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400642E0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,2_2_00000001400642E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140087330 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,_swprintf,free,free,2_2_0000000140087330
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400AA460 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,2_2_00000001400AA460
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE858 IsIconic,RegisterClipboardFormatW,ExitWindowsEx,2_2_00000001400EE858
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014005D972 IsZoomed,IsIconic,2_2_000000014005D972
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400AE9D0 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow,2_2_00000001400AE9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BAA30 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,2_2_00000001400BAA30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140060A80 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,_swprintf,free,ReleaseDC,SelectObject,DeleteDC,DeleteObject,free,free,GetPixel,ReleaseDC,free,free,2_2_0000000140060A80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140076B80 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow,2_2_0000000140076B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DF4D GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DF4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140051F50 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,2_2_0000000140051F50
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DF5D MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DF5D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DF55 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DF55
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DF6B MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DF6B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3F8F ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3F8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140065F90 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,free,2_2_0000000140065F90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3F85 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3F85
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014009DFAF MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,2_2_000000014009DFAF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400A3FBA ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,NtdllDialogWndProc_W,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,2_2_00000001400A3FBA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeWindow / User API: foregroundWindowGot 958Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2933Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4613Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeDropped PE file which has not been started: C:\Users\user\Desktop\install_ahk0_1.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeAPI coverage: 1.0 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeAPI coverage: 2.6 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe TID: 1000Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6688Thread sleep count: 2933 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6688Thread sleep count: 4613 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5832Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1792Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeWMI Queries: IWbemServices::ExecQuery - root\CIMv2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D407 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)0_2_000000014002D407
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D407 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)0_2_000000014002D407
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D40F GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)0_2_000000014002D40F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D40F GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)0_2_000000014002D40F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D416 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)0_2_000000014002D416
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D416 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)0_2_000000014002D416
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D43D GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)0_2_000000014002D43D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D43D GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)0_2_000000014002D43D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D461 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)0_2_000000014002D461
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D461 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)0_2_000000014002D461
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D485 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)0_2_000000014002D485
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002D485 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)0_2_000000014002D485
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001D580 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 000000014001D8E2h country: Spanish (es)0_2_000000014001D580
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140022C90 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 0000000140022E0Dh country: Russian (ru)0_2_0000000140022C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D407 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)2_2_000000014002D407
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D407 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)2_2_000000014002D407
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D40F GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)2_2_000000014002D40F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D40F GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)2_2_000000014002D40F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D416 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)2_2_000000014002D416
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D416 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)2_2_000000014002D416
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D43D GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)2_2_000000014002D43D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D43D GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)2_2_000000014002D43D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D461 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)2_2_000000014002D461
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D461 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)2_2_000000014002D461
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D485 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 000000014002D639h country: Urdu (ur)2_2_000000014002D485
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014002D485 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 000000014002D639h country: Inuktitut (iu)2_2_000000014002D485
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014001D580 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 000000014001D8E2h country: Spanish (es)2_2_000000014001D580
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140022C90 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 0000000140022E0Dh country: Russian (ru)2_2_0000000140022C90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400666A0 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400669D3h0_2_00000001400666A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400666A0 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140066893h0_2_00000001400666A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400666A0 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400669D3h2_2_00000001400666A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400666A0 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140066893h2_2_00000001400666A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BA270 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00000001400BA270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400BA370 FindFirstFileW,FindClose,FindFirstFileW,FindClose,0_2_00000001400BA370
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400742C0 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose,0_2_00000001400742C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004A390 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_000000014004A390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008E5C0 GetFileAttributesW,FindFirstFileW,FindClose,0_2_000000014008E5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140074620 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,free,0_2_0000000140074620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140074C70 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,0_2_0000000140074C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008DFD0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,0_2_000000014008DFD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BA270 GetFileAttributesW,FindFirstFileW,FindClose,2_2_00000001400BA270
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400BA370 FindFirstFileW,FindClose,FindFirstFileW,FindClose,2_2_00000001400BA370
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400742C0 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,GetLastError,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose,2_2_00000001400742C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014004A390 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,2_2_000000014004A390
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008E5C0 GetFileAttributesW,FindFirstFileW,FindClose,2_2_000000014008E5C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140074620 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,free,2_2_0000000140074620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140074C70 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,2_2_0000000140074C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_000000014008DFD0 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,2_2_000000014008DFD0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2693160849.000000000095D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000003.1507140633.000000000095D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140020570 BlockInput,free,BlockInput,0_2_0000000140020570
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DF2C0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00000001400DF2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E3028 LoadLibraryW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,0_2_00000001400E3028
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400E7758 GetProcessHeap,RtlAllocateHeap,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,0_2_00000001400E7758
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DF2C0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00000001400DF2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_00000001400DB8A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00000001400DB8A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400DF2C0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00000001400DF2C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400EE610 SetUnhandledExceptionFilter,2_2_00000001400EE610
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_00000001400DB8A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00000001400DB8A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014004FA70 _swprintf,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,0_2_000000014004FA70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014001F7C0 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,0_2_000000014001F7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014008E770 mouse_event,0_2_000000014008E770
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Get-FileHash -Algorithm SHA256 'C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe' | Select-Object -ExpandProperty Hash" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c powershell -command "get-filehash -algorithm sha256 'c:\users\user\desktop\securiteinfo.com.w32.possiblethreat.6050.24821.exe' | select-object -expandproperty hash" > "c:\users\user~1\appdata\local\temp\hashresult.txt"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c powershell -command "get-filehash -algorithm sha256 'c:\users\user\desktop\securiteinfo.com.w32.possiblethreat.6050.24821.exe' | select-object -expandproperty hash" > "c:\users\user~1\appdata\local\temp\hashresult.txt"Jump to behavior
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: Program Manager
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: Progman
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000000.00000002.1480333623.0000000140001000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2694990596.0000000140001000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Layout FileKbdLayerDescriptorsc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1InitialWorkingDirIndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAllClipboard...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264MasterSpeakersHeadphonesDigitalLineMicrophoneSynthCDTelephonePCSpeakerWaveAuxAnalogVolVolumeOnOffMuteMonoLoudnessStereoEnhBassBoostPanQSoundPanBassTrebleEqualizerRegExFASTSLOWMonitorCountMonitorPrimaryMonitorMonitorWorkAreaMonitorNameAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightShowAddRenameCheckUncheckToggleCheckEnableDisableToggleEnableStandardNoStandardColorNoDefaultDeleteAllTipIconNoIconMainWindowNoMainWindowSubmitCancelHideMinimizeMaximizeRestoreDestroyMarginFontListViewTreeViewFlashNewMoveMoveDrawFocusChooseChooseStringPosFocusVEnabledVisibleHwndNameButtonCheckboxRadioDDLDropDownListComboBoxListBoxUpDownSliderTab2Tab3GroupBoxPicPictureDateTimeMonthCalStatusBarActiveXLinkCustomPriorityInterruptNoTimersCloseWaitCloseStyleExStyleShowDropDownHideDropDownTabLeftTabRightEditPasteCheckedFindStringChoiceListLineCountCurrentLineCurrentColSelectedEjectLockUnlockLabelFileSystemFSSetLabel:SerialTypeStatus
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000000.00000002.1479505865.00000000007E4000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.W32.PossibleThreat.6050.24821.exe, 00000002.00000002.2692525976.00000000007F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Progmanq,
Source: install_ahk0_1.exe.2.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_000000014002A757 GetFileAttributesW,SetCurrentDirectoryW,free,GetSystemTimeAsFileTime,0_2_000000014002A757
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140076750 GetComputerNameW,GetUserNameW,0_2_0000000140076750
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140023EA0 GetModuleHandleW,GetProcAddress,GetVersionExW,0_2_0000000140023EA0
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: WIN_XP
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: WIN_VISTA
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: WIN_7
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: WIN_8
Source: install_ahk0_1.exe.2.drBinary or memory string: ?*A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingleWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%Ix*pPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkCountarraypcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fCallbackFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfo
Source: SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeBinary or memory string: WIN_8.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140028980 Shell_NotifyIconW,RemoveClipboardFormatListener,ChangeClipboardChain,DestroyWindow,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyCursor,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyCursor,DestroyCursor,IsWindow,DestroyWindow,DeleteObject,mciSendStringW,mciSendStringW,RtlDeleteCriticalSection,OleUninitialize,free,free,free,0_2_0000000140028980
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140029620 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,0_2_0000000140029620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 0_2_0000000140080CE0 RemoveClipboardFormatListener,ChangeClipboardChain,0_2_0000000140080CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140029620 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,2_2_0000000140029620
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140028980 Shell_NotifyIconW,RemoveClipboardFormatListener,ChangeClipboardChain,DestroyWindow,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyCursor,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyCursor,DestroyCursor,IsWindow,DestroyWindow,DeleteObject,mciSendStringW,mciSendStringW,RtlDeleteCriticalSection,OleUninitialize,free,free,free,2_2_0000000140028980
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.PossibleThreat.6050.24821.exeCode function: 2_2_0000000140080CE0 RemoveClipboardFormatListener,ChangeClipboardChain,2_2_0000000140080CE0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		121
Input Capture		11
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Screen Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Command and Scripting Interpreter		Logon Script (Windows)1
Access Token Manipulation		3
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin Shares121
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		12
Software Packing		NTDS34
System Information Discovery		Distributed Component Object Model3
Clipboard Data		13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Masquerading		Cached Domain Credentials21
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Virtualization/Sandbox Evasion		DCSync21
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem3
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow11
Application Window Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
System Owner/User Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.