Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.8071

Overview

General Information

Sample Name:SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.8071 (renamed file extension from 8071 to exe)
Analysis ID:255523
MD5:d0bed35c9c0c8978d426739cda487034
SHA1:4a34825946a8c3ce267ecb6cf27d8d9b212344a6
SHA256:99876ee50802848768d32d6cd179141603d76259e33c223b47204e33ef4b416d

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Yara detected AgentTesla
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "rgmGF", "URL: ": "http://9CoRfvygQs0j.com", "To: ": "ninovirus1018@gmail.com", "ByHost: ": "mail.serrador.com:587", "Password: ": "=0AzzeneHCSpO", "From: ": "jordi@serrador.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1268916643.00000000026F2000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000001.00000002.1533839219.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000001.00000002.1538237555.0000000002968000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000001.00000002.1538237555.0000000002968000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1268968674.000000000274B000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.920000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              1.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.2190000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                1.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.920000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.26a0000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.26f0000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 2 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.2360.1.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "rgmGF", "URL: ": "http://9CoRfvygQs0j.com", "To: ": "ninovirus1018@gmail.com", "ByHost: ": "mail.serrador.com:587", "Password: ": "=0AzzeneHCSpO", "From: ": "jordi@serrador.com"}
                      Machine Learning detection for sampleShow sources
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004082AC FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_004082AC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00404F60 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00404F60
                      Source: global trafficTCP traffic: 192.168.2.5:49742 -> 37.59.208.97:587
                      Source: global trafficTCP traffic: 192.168.2.5:49742 -> 37.59.208.97:587
                      Source: unknownDNS traffic detected: queries for: mail.serrador.com
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539261572.0000000002AB2000.00000004.00000001.sdmpString found in binary or memory: http://9CoRfvygQs0j.com
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://cert.int-x3.letsencrypt.org/0
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://mail.serrador.com
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.int-x3.letsencrypt.org0/
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1539052072.0000000002A88000.00000004.00000001.sdmpString found in binary or memory: http://serrador.com
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00420B6C GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader,0_2_00420B6C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0043E9C0 GetKeyboardState,0_2_0043E9C0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045C558 NtdllDefWindowProc_A,0_2_0045C558
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0042A61C NtdllDefWindowProc_A,0_2_0042A61C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045CD00 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0045CD00
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045CDB0 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_0045CDB0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00451884 GetSubMenu,SaveDC,RestoreDC,73D2B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,0_2_00451884
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0044193C NtdllDefWindowProc_A,GetCapture,0_2_0044193C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_022700A2 NtQueryInformationProcess,NtQueryInformationProcess,0_2_022700A2
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_02276599 SetThreadContext,NtResumeThread,VirtualAlloc,CreateProcessW,NtUnmapViewOfSection,GetThreadContext,0_2_02276599
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_02275BEB NtCreateSection,0_2_02275BEB
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_02277CA3 NtMapViewOfSection,0_2_02277CA3
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_00454159 NtCreateSection,1_2_00454159
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00456A500_2_00456A50
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004518840_2_00451884
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_0044D9761_2_0044D976
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_0045313D1_2_0045313D
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_022DFB301_2_022DFB30
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_022DFB211_2_022DFB21
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B00401_2_027B0040
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B24561_2_027B2456
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B2F801_2_027B2F80
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B1D7C1_2_027B1D7C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027BC0F01_2_027BC0F0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B2E901_2_027B2E90
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B73701_2_027B7370
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B77271_2_027B7727
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B779B1_2_027B779B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_027B3C701_2_027B3C70
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A25F201_2_05A25F20
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A27ED81_2_05A27ED8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2F6601_2_05A2F660
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2AE721_2_05A2AE72
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A256501_2_05A25650
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A290C81_2_05A290C8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2F0291_2_05A2F029
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A253081_2_05A25308
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BDAD1_2_05A2BDAD
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BDF71_2_05A2BDF7
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BD191_2_05A2BD19
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BD631_2_05A2BD63
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BC851_2_05A2BC85
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BCCF1_2_05A2BCCF
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BC3B1_2_05A2BC3B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BFAE1_2_05A2BFAE
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BF1F1_2_05A2BF1F
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BE8B1_2_05A2BE8B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BED51_2_05A2BED5
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BE411_2_05A2BE41
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A290BB1_2_05A290BB
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BBD71_2_05A2BBD7
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2AE721_2_05A2AE72
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2BACE1_2_05A2BACE
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: String function: 004034C4 appears 35 times
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: String function: 00405F6C appears 61 times
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: String function: 00403E88 appears 77 times
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000000.00000002.1268638643.0000000002260000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000000.00000002.1268954918.0000000002738000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamevDaeoaHCSCscEfTEGJsXALTUxB.exe4 vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1533863148.0000000000448000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamevDaeoaHCSCscEfTEGJsXALTUxB.exe4 vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540831876.0000000005C70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540303295.0000000005600000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540814591.0000000005C60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1533806659.0000000000197000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540145749.0000000005100000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeSection loaded: mscorwks.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeSection loaded: mscorsec.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeSection loaded: mscorjit.dllJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@2/1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0041DC54 GetLastError,FormatMessageA,0_2_0041DC54
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0040845E GetDiskFreeSpaceA,0_2_0040845E
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0227795B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,VirtualAlloc,0_2_0227795B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00416250 FindResourceA,LoadResource,SizeofResource,LockResource,0_2_00416250
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe'
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

                      Data Obfuscation:

                      barindex
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeUnpacked PE file: 1.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rsrc:R;.reloc:R;
                      Detected unpacking (creates a PE file in dynamic memory)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeUnpacked PE file: 1.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.2190000.3.unpack
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeUnpacked PE file: 1.2.SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe.400000.0.unpack
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004262E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004262E4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00448F34 push 00448FC1h; ret 0_2_00448FB9
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00416058 push ecx; mov dword ptr [esp], edx0_2_0041605A
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00438074 push 004380CDh; ret 0_2_004380C5
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004260EC push 00426118h; ret 0_2_00426110
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00424140 push 0042416Ch; ret 0_2_00424164
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0044A1FC push 0044A228h; ret 0_2_0044A220
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00428324 push 0042837Dh; ret 0_2_00428375
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00452338 push 004523A3h; ret 0_2_0045239B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004243F4 push 00424420h; ret 0_2_00424418
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004603FC push 00460428h; ret 0_2_00460420
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0042E428 push 0042E45Bh; ret 0_2_0042E453
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004324B8 push 0043252Eh; ret 0_2_00432526
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0043E760 push ecx; mov dword ptr [esp], ecx0_2_0043E764
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00460700 push 0046072Ch; ret 0_2_00460724
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0042C710 push ecx; mov dword ptr [esp], ecx0_2_0042C715
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00410792 push 0041080Ah; ret 0_2_00410802
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00410794 push 0041080Ah; ret 0_2_00410802
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045E798 push 0045E7F2h; ret 0_2_0045E7EA
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0041A87E push 0041A92Bh; ret 0_2_0041A923
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0041080C push 004108B4h; ret 0_2_004108AC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00406828 push ecx; mov dword ptr [esp], eax0_2_00406829
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004608D8 push 004608FEh; ret 0_2_004608F6
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0041A880 push 0041A92Bh; ret 0_2_0041A923
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0041A930 push 0041A9C0h; ret 0_2_0041A9B8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004109A0 push 004109CCh; ret 0_2_004109C4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00406A44 push 00406A70h; ret 0_2_00406A68
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00426A70 push 00426ABFh; ret 0_2_00426AB7
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00406A0C push 00406A38h; ret 0_2_00406A30
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00426AE0 push 00426B0Ch; ret 0_2_00426B04
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00426B50 push 00426B7Ch; ret 0_2_00426B74
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00424B74 push 00424BA0h; ret 0_2_00424B98
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045C5E0 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,0_2_0045C5E0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00444238 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,0_2_00444238
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0042462C IsIconic,GetWindowPlacement,GetWindowRect,0_2_0042462C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045CD00 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0045CD00
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0045CDB0 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,0_2_0045CDB0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00443060 IsIconic,GetCapture,0_2_00443060
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00459608 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,0_2_00459608
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00443914 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,0_2_00443914
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004262E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004262E4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Contains functionality to detect sleep reduction / modificationsShow sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00437EFC0_2_00437EFC
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,0_2_0045BB50
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWindow / User API: threadDelayed 754Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6248Thread sleep count: 42 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6248Thread sleep count: 754 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -89250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -88923s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -88314s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -87282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -58000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -86673s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -56876s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -113376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -113000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -56000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -83673s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -111188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -110752s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -82032s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -109000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -108564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -80391s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -80064s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -106376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -106000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -78750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -78423s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -104188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -77814s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -51594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -51376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -76782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -76500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -101564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -50500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -50282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -75141s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -49876s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -99376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -99000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -49188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -49000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -48782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -72891s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -72564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -48094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -71532s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -95000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -70923s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -46594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -69564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -92376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -92000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -45500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -45282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -67641s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -89752s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -44188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -66000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -43782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -43094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -42876s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -64032s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -85000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -42000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -83188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -82752s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -40688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -81000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -80564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -39594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -39376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -78376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -78000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -38500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -38282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -76188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -75752s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -37188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -74000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -73564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -36282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -54141s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -53814s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -35688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -53250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -35188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -52500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -34782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -51891s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -51564s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -34094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -33876s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -50250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -49923s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -33000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -32594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -32376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -48282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -64000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -31500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -31282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -62188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -61752s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -30376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -30094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -44064s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -42423s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -40500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -39750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -37782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -37500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -37173s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -35814s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -89673s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -88032s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -87750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -86391s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -86064s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -84423s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -55188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -82500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -81141s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -80814s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -79173s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -51688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -51500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -50594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -50376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -49282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -48188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -48000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -70641s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -70314s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -45782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -67032s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -66750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -43594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -43376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -63423s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -61782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -61500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -60141s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -59814s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -58173s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -56532s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -56250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -54891s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -36376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -35282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -34188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -33094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -32876s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -47673s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -46032s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -30500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -46688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -44282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -42094s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -41876s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -40782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -39688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -39500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -38594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -38376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -37282s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -32688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -32500s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -31594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe TID: 6084Thread sleep time: -31376s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004082AC FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_004082AC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_00404F60 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00404F60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_0041E1E4 GetSystemInfo,0_2_0041E1E4
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540303295.0000000005600000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeBinary or memory string: VMwareVMware
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540303295.0000000005600000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540303295.0000000005600000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1541002461.0000000005F37000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exe, 00000001.00000002.1540303295.0000000005600000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess queried: DebugFlagsJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess queried: DebugObjectHandleJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_05A2AE72 KiUserExceptionDispatcher,KiUserExceptionDispatcher,KiUserExceptionDispatcher,LdrInitializeThunk,1_2_05A2AE72
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_0044F6F3 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0044F6F3
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 0_2_004262E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004262E4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_00453412 mov eax, dword ptr fs:[00000030h]1_2_00453412
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_004534D0 mov eax, dword ptr fs:[00000030h]1_2_004534D0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_0044E746 SetUnhandledExceptionFilter,1_2_0044E746
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_0044F6F3 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0044F6F3
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_00451D7F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00451D7F
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.exeCode function: 1_2_0044FBB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0044FBB5
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.GrandS