Drops startup file

Obfuscated with Agile.Net obfuscator

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Reads WinSCP keys stored on the system

Tries to access WinSCP stored sessions.

Reads user/profile data of web browsers

Infostealers often target stored browser data, which can include saved credentials etc.

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext