Static PE information: LOCAL_SYMS _STRIPPED, 32BIT_MAC HINE, EXEC UTABLE_IMA GE, LINE_N UMS_STRIPP ED, RELOCS _STRIPPEDįound installer window with terms and condition text Source: C:\Users\u ser\AppDat a\Local\Te mp\vcredis t_x86.exeĬode function: 17_2_01004 BAD Initia lizeSecuri tyDescript or,Initial izeAcl,Add AccessAllo wedAce,Add AccessAllo wedAce,Add AccessAllo wedAce,Add AccessAllo wedAce,Set SecurityDe scriptorDa cl,GetCurr entDirecto ryA,GetSys temDirecto ryA,QueryD osDeviceA, _strlwr,st rstr,strst r,strstr,G etDiskFree SpaceA,Cry ptAcquireC ontextA,sp rintf,Cryp tGenRandom ,sprintf,s printf,Cry ptReleaseC ontext,Get SystemTime ,SystemTim eToFileTim e,DialogBo xParamA,Do sDateTimeT oFileTime, LocalFileT imeToFileT ime,SetFil eTime,Find CloseChang eNotificat ion,SendDl gItemMessa geA,MoveFi leExA,strs tr,_stricm p,SendDlgI temMessage A,CreateFi leA,GetLas tError,Cre ateFileA,S etFilePoin ter,SetFil ePointer,S etEndOfFil e,SetFileP ointer,Cre ateFileA,C reateFileA ,Initializ eCriticalS ectionAndS pinCount,# 17,GetProc essHeap,Cr eateEventA ,CreateEve ntA,Create FileA,Crea teEventA,C reateThrea d,CreateFi leA,WaitFo rSingleObj ect,SendDl gItemMessa geA,Sleep, ShowWindow ,SetParent ,SendDlgIt emMessageA ,SendDlgIt emMessageA ,SendDlgIt emMessageA ,ShowWindo w,LoadStri ngA,LoadSt ringA,Send DlgItemMes sageA,Send DlgItemMes sageA,Send DlgItemMes sageA,Send DlgItemMes sageA,Send DlgItemMes sageA,Show Window,Cre ateFileA,G etFileSize ,ReadFile, CloseHandl e,DeleteFi leA,SendDl gItemMessa geA,SetEnv ironmentVa riableA,Se tEnvironme ntVariable A,SetEnvir onmentVari ableA,SetE nvironment VariableA, ExpandEnvi ronmentStr ingsA,Crea teProcessA ,ShowWindo w,WaitForS ingleObjec t,GetExitC odeProcess ,FindClose ChangeNoti fication,S howWindow, LoadString A,MessageB oxA,Delete CriticalSe ction,Exit Process,Ĭode function: 17_2_01004 2AF GetFil eAttribute sA,LoadLib raryA,GetP rocAddress ,DecryptFi leA,GetLas tError,
Uses Microsoft's Enhanced Cryptographic Provider