Source: Windows Defender.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: Windows Defender.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: Windows Defender.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: Windows Defender.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: Windows Defender.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: Windows Defender.exe, 00000001.00000002.1274563768.0000000002952000.00000004.00000800.00020000.00000000.sdmp, Windows Defender.exe, 00000001.00000002.1274563768.0000000002962000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.com |
Source: Windows Defender.exe, 00000001.00000002.1274563768.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Windows Defender.exe, 00000001.00000002.1274563768.0000000002895000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: Windows Defender.exe, 00000001.00000002.1274563768.0000000002962000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ip-api.comd |
Source: Windows Defender.exe | String found in binary or memory: http://ocsp.digicert.com0 |
Source: Windows Defender.exe | String found in binary or memory: http://ocsp.digicert.com0A |
Source: Windows Defender.exe, 00000001.00000002.1274563768.0000000002952000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Amcache.hve.5.dr | String found in binary or memory: http://upx.sf.net |
Source: Windows Defender.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.50f0000.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.3695570.1.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.28bbfd8.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.36b5590.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000001.00000002.1279764215.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000001.00000002.1279764215.00000000036B5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000001.00000002.1280549736.00000000050F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000001.00000002.1274563768.0000000002895000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, k9ZEaIQ7WE7abcI.cs | Base64 encoded string: 'rdcKgil9jw1X2zdhihPXMwx7NCEcpYuAy8GxwHjnbaqaCLbIs27TnYWaWe1xcOjZQGlC3JnA6kJmSSCg' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, DNAvWoxlxYdwRmJ.cs | Base64 encoded string: 'UEic17gcdPhei7NnSlP1I0Y58TvKNTbgrbxsIk5USybNlzFCkAlPuXlyHhTWVtuIOh2yjhKVZAfTP5zk' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, cwqxDxQiWlgCHGb.cs | Base64 encoded string: 'ZVH0I3tjoa1EqoTOQwyS3s1Pr9kdpODAaYH2Y5UxLB6MgijTZzCxyRsE2F9ORt54HNUvt9qBdMvEHPpQ', 'SpRLbf9VI6TjUykFmo9x1LpfSeva0PzcIz6eomkLPGMVXzc0Ys7qZ1xYjsMJ47OlUDbRMfpp0IQyW1op', 'V4p81Jz72fONymG0ufV4eOafKCddIidlLZKD6eLGhay9oToKxM1nGWxqdBthCGD9SIUaudEivy7m2J4c', 'GEAL1LI9RSVoLCL39R7H5RJxMKUVhXpSi99d1h28Vi8H9xeKkhts6HrLYmjPGLrbvMHSFvc5Fx3DCPLz', 'Lm0SPRS8nECsoK8zCJpxprvXwYnvtnTLTOZZ70Iu34zz9Zmq7Em9DmcSg8EAF2Odi4syFegf8Is0oJCm', 'S60u4i1SJ9h68Vmptzs1AIRSzItwQ7HIzAHWCERgOo87v8qDBPS3HAIK7ZbeNOPgb3HqUZZ9rD20GW54', 'W3O1L1iqrk8KhZ87RWoTqXVc4W2M2ObxSpXv7drMTpcKr8xwZ9PijAVxca3bYrp1HKtFzoxdfMzH5b25', 'ImqIeQfEfEMyLQcQIs3NOYe2TQLeusfAvxL7vfxIR0F5kavKW2smnIBHqOS4MchBmFKIgVBZcVcdPKTu', 'sPnkd3CF4h2wf0vADBLdSubVdskF9QK6YYDT7pAvmXhfvf3m4ZcKqKu5VrhTxjvcX9sYvAr6AE4I1MmI', 'Pwnz8L4g7Q1hkgJ1G6Y8tzeoRggKLIFcFm8I5Wb1IduXdvHK9QtF8xbpCI4JVuw7a4FkJGZ1kyja7INW', 'zTcoLtiDQUKEfbbQ9DMQA6t1vjQdNhiy2nhLIOymrl7HawDadJNdPVKyvmuuO9qUtf0MDMzx97Dfow7n', 'HssZBJNobvSzJLj2MqIbojCesksghFPp8FVlg2cMG3b1bECZar1xmRuNzJuazdBvqej1rtWFG6T65I7o', 'KMSLjKVtooNric6EzwGzjkjqc3f1ud45t8aBvjKmQ8lKIYTjir3D58mY5HBoiXzwzDx746dzREdaMrWl' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, hkW0iHAt1n34uyi.cs | Base64 encoded string: 'ViJekX5myKyv49Z0rre4JgYbfabIkBmeQsIX0Lgd7HE2xxZQzMKkuFIVWP7D4qRmvir9dxSWtJ8IIX4p', 'zwD8WMc2WdKuVghVOFcg7UFSnswD7Nb6XXBVIff0WZuHnwmBYVmREHZXo5SGWC8nHVlwKx25WsDMTJIP', 'XF17ykcQAwVhqNmkqgqloozK6dJVhA90CNaNs8R49dbRb3NO4juUdeYTuDRBTWfQ3ozUVm3AbXwfDdcy', 'KEY4Vx29ifLGrOd4mzqFUgQFQWGAhK4tJZ9qfes3PNXMWLL68pOcGjPP4JpNgBjkACfl3KRqrxXT14T2' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, I3Th8Mh3i2t6BO8.cs | Base64 encoded string: 'ooPbg3qvntthc1Q2MOaYfqnYeCorl1rGWJAqDjvVK7DZlR1HF8qVL2TtZT2FehNaORfpdfWI4xIKVGOW', 'h9zhxh8trJDojSxz4ITn1YDS9EBVcSKfoSMLUNeofbxf7OXBUGFWirolxmtB1QmR3yLjIYz1Jbf70ld4' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, sjmftLizVeKZw8R.cs | Base64 encoded string: 'WEghI6uy2hFG1KHMgJsxoeGDRWzqEtXs8BJ5FHd0UUsFI9xL92oq63FtNLGtTw2sloDAYe86xqB7xWXt', 'goU85lIv4pENuscgMlWnuHS2oToHNclhUeiw1bQyy3BRHZkddyFpORvr5PP0EKuQsTlLKXC1p4cENgGr', 'u157DBp3iqR0B6XEZqjM42CgiUFW8T92NU4BAOhwquDkhRdMBsSRYe3q0ySCXVY41HLaPayoYhYbajoK', 'tqQq3wWS7UeKjGfGpnRdlcBpI3wfpTJh73RVES4EmHVEHFQqzNTy1f0bMk0mVTx3pbPLNFw9u1ReOW6w', 'wd7w6tcGfInQeyX9f5URfqDdOrpwKnz6mRWILeMPyLBeJlKht2NlbHY6bA2j3aQjHclStR97zJuKSzyW', 'WnJk9xds6ydUfk9kYx3UmjnpPwVHYl0N9PXCifxGEbl0JaGMHSZSp3USKAX4jTQmffZNsCf0CrWmb6Ky', 'TmqrLHLStmuvVyBREn23NU36bUw6coOO3DKqyX6KEdnaLxzj6jKamhdm7B70VDI9NjKBrsaWPPmgLZvj', 'r9l0Gd958lkcLlCpgsAQlzFEmniYPhTO9bAv8mPCy3aD0FXmzLOzgVPhxOxNlDMaZZm6PYGEiZu477I4', 'rKRJC6Ohqhl8eju1hY25TerPmTIDZYfFw6VVcVUxBoOiru5yZrQMI81x3KvuCWSi2DDDhoPT8arLkRev', 'peqHxWF4qkAxGfZzCiLc9DOMMepLszbIlaZAZK7bPIgpg9Pfq1I5ZkjGHNcjNkeRrGlnSK15S8MtEmpm', 'oz2CHMvGGyPS5AfvXkUNKRWY70JRmDKBsB3OodHfbmgG6aj0wJlG0vaIV3O2joyTwzaUbAoxX83agaMp' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, k9ZEaIQ7WE7abcI.cs | Base64 encoded string: 'rdcKgil9jw1X2zdhihPXMwx7NCEcpYuAy8GxwHjnbaqaCLbIs27TnYWaWe1xcOjZQGlC3JnA6kJmSSCg' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, DNAvWoxlxYdwRmJ.cs | Base64 encoded string: 'UEic17gcdPhei7NnSlP1I0Y58TvKNTbgrbxsIk5USybNlzFCkAlPuXlyHhTWVtuIOh2yjhKVZAfTP5zk' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, cwqxDxQiWlgCHGb.cs | Base64 encoded string: 'ZVH0I3tjoa1EqoTOQwyS3s1Pr9kdpODAaYH2Y5UxLB6MgijTZzCxyRsE2F9ORt54HNUvt9qBdMvEHPpQ', 'SpRLbf9VI6TjUykFmo9x1LpfSeva0PzcIz6eomkLPGMVXzc0Ys7qZ1xYjsMJ47OlUDbRMfpp0IQyW1op', 'V4p81Jz72fONymG0ufV4eOafKCddIidlLZKD6eLGhay9oToKxM1nGWxqdBthCGD9SIUaudEivy7m2J4c', 'GEAL1LI9RSVoLCL39R7H5RJxMKUVhXpSi99d1h28Vi8H9xeKkhts6HrLYmjPGLrbvMHSFvc5Fx3DCPLz', 'Lm0SPRS8nECsoK8zCJpxprvXwYnvtnTLTOZZ70Iu34zz9Zmq7Em9DmcSg8EAF2Odi4syFegf8Is0oJCm', 'S60u4i1SJ9h68Vmptzs1AIRSzItwQ7HIzAHWCERgOo87v8qDBPS3HAIK7ZbeNOPgb3HqUZZ9rD20GW54', 'W3O1L1iqrk8KhZ87RWoTqXVc4W2M2ObxSpXv7drMTpcKr8xwZ9PijAVxca3bYrp1HKtFzoxdfMzH5b25', 'ImqIeQfEfEMyLQcQIs3NOYe2TQLeusfAvxL7vfxIR0F5kavKW2smnIBHqOS4MchBmFKIgVBZcVcdPKTu', 'sPnkd3CF4h2wf0vADBLdSubVdskF9QK6YYDT7pAvmXhfvf3m4ZcKqKu5VrhTxjvcX9sYvAr6AE4I1MmI', 'Pwnz8L4g7Q1hkgJ1G6Y8tzeoRggKLIFcFm8I5Wb1IduXdvHK9QtF8xbpCI4JVuw7a4FkJGZ1kyja7INW', 'zTcoLtiDQUKEfbbQ9DMQA6t1vjQdNhiy2nhLIOymrl7HawDadJNdPVKyvmuuO9qUtf0MDMzx97Dfow7n', 'HssZBJNobvSzJLj2MqIbojCesksghFPp8FVlg2cMG3b1bECZar1xmRuNzJuazdBvqej1rtWFG6T65I7o', 'KMSLjKVtooNric6EzwGzjkjqc3f1ud45t8aBvjKmQ8lKIYTjir3D58mY5HBoiXzwzDx746dzREdaMrWl' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, hkW0iHAt1n34uyi.cs | Base64 encoded string: 'ViJekX5myKyv49Z0rre4JgYbfabIkBmeQsIX0Lgd7HE2xxZQzMKkuFIVWP7D4qRmvir9dxSWtJ8IIX4p', 'zwD8WMc2WdKuVghVOFcg7UFSnswD7Nb6XXBVIff0WZuHnwmBYVmREHZXo5SGWC8nHVlwKx25WsDMTJIP', 'XF17ykcQAwVhqNmkqgqloozK6dJVhA90CNaNs8R49dbRb3NO4juUdeYTuDRBTWfQ3ozUVm3AbXwfDdcy', 'KEY4Vx29ifLGrOd4mzqFUgQFQWGAhK4tJZ9qfes3PNXMWLL68pOcGjPP4JpNgBjkACfl3KRqrxXT14T2' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, I3Th8Mh3i2t6BO8.cs | Base64 encoded string: 'ooPbg3qvntthc1Q2MOaYfqnYeCorl1rGWJAqDjvVK7DZlR1HF8qVL2TtZT2FehNaORfpdfWI4xIKVGOW', 'h9zhxh8trJDojSxz4ITn1YDS9EBVcSKfoSMLUNeofbxf7OXBUGFWirolxmtB1QmR3yLjIYz1Jbf70ld4' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, sjmftLizVeKZw8R.cs | Base64 encoded string: 'WEghI6uy2hFG1KHMgJsxoeGDRWzqEtXs8BJ5FHd0UUsFI9xL92oq63FtNLGtTw2sloDAYe86xqB7xWXt', 'goU85lIv4pENuscgMlWnuHS2oToHNclhUeiw1bQyy3BRHZkddyFpORvr5PP0EKuQsTlLKXC1p4cENgGr', 'u157DBp3iqR0B6XEZqjM42CgiUFW8T92NU4BAOhwquDkhRdMBsSRYe3q0ySCXVY41HLaPayoYhYbajoK', 'tqQq3wWS7UeKjGfGpnRdlcBpI3wfpTJh73RVES4EmHVEHFQqzNTy1f0bMk0mVTx3pbPLNFw9u1ReOW6w', 'wd7w6tcGfInQeyX9f5URfqDdOrpwKnz6mRWILeMPyLBeJlKht2NlbHY6bA2j3aQjHclStR97zJuKSzyW', 'WnJk9xds6ydUfk9kYx3UmjnpPwVHYl0N9PXCifxGEbl0JaGMHSZSp3USKAX4jTQmffZNsCf0CrWmb6Ky', 'TmqrLHLStmuvVyBREn23NU36bUw6coOO3DKqyX6KEdnaLxzj6jKamhdm7B70VDI9NjKBrsaWPPmgLZvj', 'r9l0Gd958lkcLlCpgsAQlzFEmniYPhTO9bAv8mPCy3aD0FXmzLOzgVPhxOxNlDMaZZm6PYGEiZu477I4', 'rKRJC6Ohqhl8eju1hY25TerPmTIDZYfFw6VVcVUxBoOiru5yZrQMI81x3KvuCWSi2DDDhoPT8arLkRev', 'peqHxWF4qkAxGfZzCiLc9DOMMepLszbIlaZAZK7bPIgpg9Pfq1I5ZkjGHNcjNkeRrGlnSK15S8MtEmpm', 'oz2CHMvGGyPS5AfvXkUNKRWY70JRmDKBsB3OodHfbmgG6aj0wJlG0vaIV3O2joyTwzaUbAoxX83agaMp' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, k9ZEaIQ7WE7abcI.cs | Base64 encoded string: 'rdcKgil9jw1X2zdhihPXMwx7NCEcpYuAy8GxwHjnbaqaCLbIs27TnYWaWe1xcOjZQGlC3JnA6kJmSSCg' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, DNAvWoxlxYdwRmJ.cs | Base64 encoded string: 'UEic17gcdPhei7NnSlP1I0Y58TvKNTbgrbxsIk5USybNlzFCkAlPuXlyHhTWVtuIOh2yjhKVZAfTP5zk' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, cwqxDxQiWlgCHGb.cs | Base64 encoded string: 'ZVH0I3tjoa1EqoTOQwyS3s1Pr9kdpODAaYH2Y5UxLB6MgijTZzCxyRsE2F9ORt54HNUvt9qBdMvEHPpQ', 'SpRLbf9VI6TjUykFmo9x1LpfSeva0PzcIz6eomkLPGMVXzc0Ys7qZ1xYjsMJ47OlUDbRMfpp0IQyW1op', 'V4p81Jz72fONymG0ufV4eOafKCddIidlLZKD6eLGhay9oToKxM1nGWxqdBthCGD9SIUaudEivy7m2J4c', 'GEAL1LI9RSVoLCL39R7H5RJxMKUVhXpSi99d1h28Vi8H9xeKkhts6HrLYmjPGLrbvMHSFvc5Fx3DCPLz', 'Lm0SPRS8nECsoK8zCJpxprvXwYnvtnTLTOZZ70Iu34zz9Zmq7Em9DmcSg8EAF2Odi4syFegf8Is0oJCm', 'S60u4i1SJ9h68Vmptzs1AIRSzItwQ7HIzAHWCERgOo87v8qDBPS3HAIK7ZbeNOPgb3HqUZZ9rD20GW54', 'W3O1L1iqrk8KhZ87RWoTqXVc4W2M2ObxSpXv7drMTpcKr8xwZ9PijAVxca3bYrp1HKtFzoxdfMzH5b25', 'ImqIeQfEfEMyLQcQIs3NOYe2TQLeusfAvxL7vfxIR0F5kavKW2smnIBHqOS4MchBmFKIgVBZcVcdPKTu', 'sPnkd3CF4h2wf0vADBLdSubVdskF9QK6YYDT7pAvmXhfvf3m4ZcKqKu5VrhTxjvcX9sYvAr6AE4I1MmI', 'Pwnz8L4g7Q1hkgJ1G6Y8tzeoRggKLIFcFm8I5Wb1IduXdvHK9QtF8xbpCI4JVuw7a4FkJGZ1kyja7INW', 'zTcoLtiDQUKEfbbQ9DMQA6t1vjQdNhiy2nhLIOymrl7HawDadJNdPVKyvmuuO9qUtf0MDMzx97Dfow7n', 'HssZBJNobvSzJLj2MqIbojCesksghFPp8FVlg2cMG3b1bECZar1xmRuNzJuazdBvqej1rtWFG6T65I7o', 'KMSLjKVtooNric6EzwGzjkjqc3f1ud45t8aBvjKmQ8lKIYTjir3D58mY5HBoiXzwzDx746dzREdaMrWl' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, hkW0iHAt1n34uyi.cs | Base64 encoded string: 'ViJekX5myKyv49Z0rre4JgYbfabIkBmeQsIX0Lgd7HE2xxZQzMKkuFIVWP7D4qRmvir9dxSWtJ8IIX4p', 'zwD8WMc2WdKuVghVOFcg7UFSnswD7Nb6XXBVIff0WZuHnwmBYVmREHZXo5SGWC8nHVlwKx25WsDMTJIP', 'XF17ykcQAwVhqNmkqgqloozK6dJVhA90CNaNs8R49dbRb3NO4juUdeYTuDRBTWfQ3ozUVm3AbXwfDdcy', 'KEY4Vx29ifLGrOd4mzqFUgQFQWGAhK4tJZ9qfes3PNXMWLL68pOcGjPP4JpNgBjkACfl3KRqrxXT14T2' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, I3Th8Mh3i2t6BO8.cs | Base64 encoded string: 'ooPbg3qvntthc1Q2MOaYfqnYeCorl1rGWJAqDjvVK7DZlR1HF8qVL2TtZT2FehNaORfpdfWI4xIKVGOW', 'h9zhxh8trJDojSxz4ITn1YDS9EBVcSKfoSMLUNeofbxf7OXBUGFWirolxmtB1QmR3yLjIYz1Jbf70ld4' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, sjmftLizVeKZw8R.cs | Base64 encoded string: 'WEghI6uy2hFG1KHMgJsxoeGDRWzqEtXs8BJ5FHd0UUsFI9xL92oq63FtNLGtTw2sloDAYe86xqB7xWXt', 'goU85lIv4pENuscgMlWnuHS2oToHNclhUeiw1bQyy3BRHZkddyFpORvr5PP0EKuQsTlLKXC1p4cENgGr', 'u157DBp3iqR0B6XEZqjM42CgiUFW8T92NU4BAOhwquDkhRdMBsSRYe3q0ySCXVY41HLaPayoYhYbajoK', 'tqQq3wWS7UeKjGfGpnRdlcBpI3wfpTJh73RVES4EmHVEHFQqzNTy1f0bMk0mVTx3pbPLNFw9u1ReOW6w', 'wd7w6tcGfInQeyX9f5URfqDdOrpwKnz6mRWILeMPyLBeJlKht2NlbHY6bA2j3aQjHclStR97zJuKSzyW', 'WnJk9xds6ydUfk9kYx3UmjnpPwVHYl0N9PXCifxGEbl0JaGMHSZSp3USKAX4jTQmffZNsCf0CrWmb6Ky', 'TmqrLHLStmuvVyBREn23NU36bUw6coOO3DKqyX6KEdnaLxzj6jKamhdm7B70VDI9NjKBrsaWPPmgLZvj', 'r9l0Gd958lkcLlCpgsAQlzFEmniYPhTO9bAv8mPCy3aD0FXmzLOzgVPhxOxNlDMaZZm6PYGEiZu477I4', 'rKRJC6Ohqhl8eju1hY25TerPmTIDZYfFw6VVcVUxBoOiru5yZrQMI81x3KvuCWSi2DDDhoPT8arLkRev', 'peqHxWF4qkAxGfZzCiLc9DOMMepLszbIlaZAZK7bPIgpg9Pfq1I5ZkjGHNcjNkeRrGlnSK15S8MtEmpm', 'oz2CHMvGGyPS5AfvXkUNKRWY70JRmDKBsB3OodHfbmgG6aj0wJlG0vaIV3O2joyTwzaUbAoxX83agaMp' |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: edgegdi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, hkW0iHAt1n34uyi.cs | .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{IiG77VCIYIyAinp.SAF5KmKklxldXEs,IiG77VCIYIyAinp.LotdAze8Ef6WJIY,IiG77VCIYIyAinp.Kx9554HmAGalplp,IiG77VCIYIyAinp.wqwaheO8RVJ9q8D,sjmftLizVeKZw8R.oZBtFDCxkh7P706()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, hkW0iHAt1n34uyi.cs | .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{UyHzfp1JBRCQZN0[2],sjmftLizVeKZw8R.LmgXrb8KxfqOZHi(Convert.FromBase64String(UyHzfp1JBRCQZN0[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, hkW0iHAt1n34uyi.cs | .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{IiG77VCIYIyAinp.SAF5KmKklxldXEs,IiG77VCIYIyAinp.LotdAze8Ef6WJIY,IiG77VCIYIyAinp.Kx9554HmAGalplp,IiG77VCIYIyAinp.wqwaheO8RVJ9q8D,sjmftLizVeKZw8R.oZBtFDCxkh7P706()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, hkW0iHAt1n34uyi.cs | .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{UyHzfp1JBRCQZN0[2],sjmftLizVeKZw8R.LmgXrb8KxfqOZHi(Convert.FromBase64String(UyHzfp1JBRCQZN0[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, hkW0iHAt1n34uyi.cs | .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{IiG77VCIYIyAinp.SAF5KmKklxldXEs,IiG77VCIYIyAinp.LotdAze8Ef6WJIY,IiG77VCIYIyAinp.Kx9554HmAGalplp,IiG77VCIYIyAinp.wqwaheO8RVJ9q8D,sjmftLizVeKZw8R.oZBtFDCxkh7P706()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, hkW0iHAt1n34uyi.cs | .Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{UyHzfp1JBRCQZN0[2],sjmftLizVeKZw8R.LmgXrb8KxfqOZHi(Convert.FromBase64String(UyHzfp1JBRCQZN0[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: Windows Defender.exe, iCFfQamPVVoNDXlKXXpdY.cs | High entropy of concatenated method names: 'gkCXyxKQccFToBoFiwf', 'UlzHzWuZwAyaNEVVcsbpEF', 'LHjjkVRosykJukuYbCkUbee', 'jgTcqVpiPtnz', 'mKDeMFccvbkhTA', 'UkQhccADCoyXICuBxvIorg', 'PYCenFjuWUBOecFXmmGBpN', 'TaBZmmLLvnuAJayNyTtc', 'HoPZrXWCkf', 'CqjDmfwILJ' |
Source: Windows Defender.exe, ktoGgUIzzSITxyhxcImKG.cs | High entropy of concatenated method names: 'rVzWvgJydyi', 'CFjLAjEpfPeUaiLaheoAf', 'BSHJYbqAoKlNvbNRIDG', 'YcrfvNUiRyJiEW', 'QDqKcyeaUi', 'mkMPWluPHZbbO', 'GIjqADJZYwNSt', 'RuBWwiakVBbYnpPdpcc', 'VqujTfDNLQCErQxMYFfflWmhO', 'PUJvHkqvHazSCRfNZF' |
Source: Windows Defender.exe, AqnGDJXdpImuVfGaIOnp.cs | High entropy of concatenated method names: 'bDVenVjFAfDfzh', 'EGYmIcRagEyFkFClq', 'QYmRcPnoXodiOWx', 'VCqBgnJcpZoQyzxtMNiI', 'mdIyUFdxxpcHDkAvpldPK', 'CbXpXrjWBnovjYhCMh', 'frkLIvPxyWbEtcJahaeh', 'NbopTIAbNnZvielSPPuHu', 'zZiuSZyAbhAvRPvWpnPVl', 'CILxXISKkZrccPGYpadM' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, IiG77VCIYIyAinp.cs | High entropy of concatenated method names: 'On7tk7CL4ICqwtJ17iyjvmroiyw8WZlr4MB4LP0nA8dx3ySI', 'V7eUuu0Dc75KTOrci9ReUfHmMHpjn3wFJJRKZH6QBZt45qfA', '_7V3NAsTVvEpV1KghbpMBUBfXxJ0gqd14EW7QgC5jRRCOicxa', 'H3wsgnzQp18ON9bs9wjvVyXbX9kSmtp8LrrlKFAIKltFLuZt' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, 4HsJjuIP2UkRI9R.cs | High entropy of concatenated method names: 'jfw6pgiyRlXjLvW', '_73kiPYRZTt9iH8K', 'LuMB2o4Uhl3slYm', '_5iGvflySuJ2XB7mOoMsErBneGDDGoTVQxB7zXHDoI1b0LC9IeT7lXims44Ai1VS7R', 'qsUJnoNFDmuJGsQgdplxKlxv63v6KavmbVtF0JwKJQAA07HzBLj1iDe8rhkxBPZOs', 'YeW5xHeQumgoAkjFU2J9qnRqbGllYzYTu1JWTlFx65nbNgN6kfL4Tj3g8N066pGVH', 'C9g9BCZonES8wz7DXkLz8oNb9f926DDafJELUyu01BVE34DuE34v1X1ttiQoMK0Fl', '_6GrR4BNPHoCS3xvSYAnwhYYm8IFBAqwW3S7L67cWPC8A5B5CuHuaIboPDwjsyuUX7', 'rjcbd1yYzzaaY8lGu3cfV6xgZbMypogrooTZ5z7t3LIHv5eZFM7fWXHCLBBb8vEkG', 'AwF5JHjCl5FhRMAkYMRBiy5ekbqTyLdWmHkLQp1gM6RrCm8sIApYyfqhmokialfEU' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, k9ZEaIQ7WE7abcI.cs | High entropy of concatenated method names: 'SYKN04mGwOtKVri', 'RXvOTn7ZPneJ4ZmOWPMXI2mHhemT0Op6a4Wr1k71y4plI4drhye04rKq9kMGh3xstgorqutmVwu8tcdV', '_9wlF4qXH0wGWgIlS9v9hUETRfiDCq4jhZJgaODbm9EYAkznyRHytEMnJ4sCOFGcXoQJWorb0sK3GUFG9', 'kSb5yxplkRlmGSPlEOM22U9HEoVFXc5txExM3cE5l909fwyxWVquMoNW09PCg57MSbhzrIynoB6jPMdf', '_82BSeVPHTKcOIrF2B5Rgi85jyt297gdkbsm9gtzjOjptS0tyVVEGOljUszwSogP0eu0zgr2L7yYMZezB' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, yfcXnm8Ph88Q7SS.cs | High entropy of concatenated method names: 'YxIUiUb1239uDz3', 'gMqKkY39oBJdPEc', 'wDmblHZzi5ufWIx', 'fIi1pkQemOV1VOg', 'LP2QKJGgCnpmSZ9', 'LIjuTg9mGO9GE6i', 'HzUFxULiarW50EW', '_80kl1VPnKSNLHn1', 'Dm2owszwUpyoSfa', 'hfZTr2VHFCTKyZz' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, 85IhxSGtOfNN64Z.cs | High entropy of concatenated method names: 'yWre6hYlj3lAFIe', 'w53lih6zzuxhdoo', 'ztKj3tzVIquKCWN', 'iAZZ3meOOCoWCuv', 'AG6EflH4htfZrjb', 'di3uQfxFg5FUgGd', 'SUaVC5nJy749fR2', 'Ml9Lz9F6G4XkEEc', 'gxrqTZHTbl6sS38', 'EoQBMeo9SVrfYpN' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, DNAvWoxlxYdwRmJ.cs | High entropy of concatenated method names: 'YIMRtj1s9oNdU0N', '_5520HD1l8I2XRvvtXor9rfriehZm8XltHQUn20fvMgMr2pscG6OXUObl62pMLvYKdozsLDDyfkrTUzmW', 'kiAxGyXDIwuNBtK5wSL03PDYcLGzFoSqgROWN7GzW8uxRe1zCAcaKSVXJCHkWSmyAx9dKZPxZnbkoans', 'UBEhOpEhEJVw0VvqFMFmXP0eFyLMjTEZiaEqtdOUt1LVVYwizDfaeR1OegbFNjEvIFl2IUDB5TiCzhtw', 'Q3EP9OA0Z2GirNFLWCgus087plBS9P1WIaB5fpMmWaE5VJSj6kbZXEy1T1A2SkZr06zNXvZHj8S5hGZy' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, cwqxDxQiWlgCHGb.cs | High entropy of concatenated method names: 'NKOK6UgjJmOa6Im', 'igBJYGsMPitE6DG', 'jVpPD8sTfj9Nd10', 'G3EE5RtitA8krxl', 'Iz350rgzj3tqXNt', '_2LohON0bxHVhFNj', 'ufnMJe4vzMbpR6d', 'ifAbAoEYZVj5dHE', 'cIT6pad9Nfm5BIM', 'tkvQFISXvFMdFiN' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, hkW0iHAt1n34uyi.cs | High entropy of concatenated method names: 'ZA1wSX8Y9rkyTOK', '_6l4VVkKWlLft6pE', 'mPqymSheHPUODwD', 'L2l2tsx1mGtScNH', 'GgWLdnBgKUFVsKe', 'mAzEPTGccxcwXrt', 'Ngd0V2uENuoJV7Y', '_1avyPG6avJrhMmb', 'YwYLCnL16L0IAiE', 'DfKhJS0b7F4dMa0' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, I3Th8Mh3i2t6BO8.cs | High entropy of concatenated method names: 'ycTB3QchYaPi6ld', 'deWxASI79woyq9X', '_0n7KpTltKIHYr4T', 'cnoumh2fnWdtSFr', 'pPbZfiyGiLZG83y0NXDujtd2OM9WsXrz7NxMSTjqhuuqXe5XIiwVCIBWN2VwcjY0oBNfeFPxal0iaAv6', 'lUNdOxJmo5suVRX8JZ85chk8dM8838T0TptE9RG0agy0GZKB25UGwHyyGXQzzotyY8KLjqrlJW1NAgA4', '_4vaG21eQNCBulv8UEgvZCAGl3LLf0chsyWtLb0RTqD5A7FuuJ1qSC6ANZnjGgbj59DVznlAqMwOu0LBo', 'Oy6IC0Gx3rsmgu9XRxA3eALAbWTpa6qGsJVPVVuv2so4quJbzZpYJpfbZZgBRr0MRDQQcTswHO6B3PEB', 'GmuG9UvlyARiNeQmXPqoYPMWFFeN1J2qPCDGaWZFGxmfPxArgsFTyoZrkl68opIm9IqICHdpruCNVwyD', 'EY72UclcflxCpseqbhJFb2aRgAGvqfAxZFhVmgMBW6u46L1oNPeisTXrv4zGXLoMmlDtzGeHk2ylsHpd' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, sjmftLizVeKZw8R.cs | High entropy of concatenated method names: 'fC2Hv3iN2A8bbkN', 'LDG4MG013gN6bXu', 'e5Y4CqvEcAEoHx6', 'WxHBkeBtQLLel5W', 'LclPVtD49F1s3Ze', 'HQae3xAr1kaUxi8', '_4JhsqusRTKSKtTK', 'KBnf1CAHIhlDR6u', 'TQKV9rsqz5qXI2U', 'eztSPsRMjtnDHAH' |
Source: 1.2.Windows Defender.exe.50f0000.3.raw.unpack, GzYlpNyzaslb0P5ovfphEnusQWYGKo.cs | High entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'EJzGa7Ric7poYCgb41mvt5ldgjt51zq0BhFA1Xjj4wvS8InZ', 'GQ7tE9xs7bgguiu4ayikFAYQW0uh1MtAiHNsSkYdUqkdsLPI', 'omqgjj5ThJ8sFg3yxDaEwabnJhSmuqwI4e38fCjJrhdNKM5V', 'fsP5Xf2jdvqOWEV11Et9IH91ihdTx8o2dGfo9jMlkXZcQBQX' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, IiG77VCIYIyAinp.cs | High entropy of concatenated method names: 'On7tk7CL4ICqwtJ17iyjvmroiyw8WZlr4MB4LP0nA8dx3ySI', 'V7eUuu0Dc75KTOrci9ReUfHmMHpjn3wFJJRKZH6QBZt45qfA', '_7V3NAsTVvEpV1KghbpMBUBfXxJ0gqd14EW7QgC5jRRCOicxa', 'H3wsgnzQp18ON9bs9wjvVyXbX9kSmtp8LrrlKFAIKltFLuZt' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, 4HsJjuIP2UkRI9R.cs | High entropy of concatenated method names: 'jfw6pgiyRlXjLvW', '_73kiPYRZTt9iH8K', 'LuMB2o4Uhl3slYm', '_5iGvflySuJ2XB7mOoMsErBneGDDGoTVQxB7zXHDoI1b0LC9IeT7lXims44Ai1VS7R', 'qsUJnoNFDmuJGsQgdplxKlxv63v6KavmbVtF0JwKJQAA07HzBLj1iDe8rhkxBPZOs', 'YeW5xHeQumgoAkjFU2J9qnRqbGllYzYTu1JWTlFx65nbNgN6kfL4Tj3g8N066pGVH', 'C9g9BCZonES8wz7DXkLz8oNb9f926DDafJELUyu01BVE34DuE34v1X1ttiQoMK0Fl', '_6GrR4BNPHoCS3xvSYAnwhYYm8IFBAqwW3S7L67cWPC8A5B5CuHuaIboPDwjsyuUX7', 'rjcbd1yYzzaaY8lGu3cfV6xgZbMypogrooTZ5z7t3LIHv5eZFM7fWXHCLBBb8vEkG', 'AwF5JHjCl5FhRMAkYMRBiy5ekbqTyLdWmHkLQp1gM6RrCm8sIApYyfqhmokialfEU' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, k9ZEaIQ7WE7abcI.cs | High entropy of concatenated method names: 'SYKN04mGwOtKVri', 'RXvOTn7ZPneJ4ZmOWPMXI2mHhemT0Op6a4Wr1k71y4plI4drhye04rKq9kMGh3xstgorqutmVwu8tcdV', '_9wlF4qXH0wGWgIlS9v9hUETRfiDCq4jhZJgaODbm9EYAkznyRHytEMnJ4sCOFGcXoQJWorb0sK3GUFG9', 'kSb5yxplkRlmGSPlEOM22U9HEoVFXc5txExM3cE5l909fwyxWVquMoNW09PCg57MSbhzrIynoB6jPMdf', '_82BSeVPHTKcOIrF2B5Rgi85jyt297gdkbsm9gtzjOjptS0tyVVEGOljUszwSogP0eu0zgr2L7yYMZezB' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, yfcXnm8Ph88Q7SS.cs | High entropy of concatenated method names: 'YxIUiUb1239uDz3', 'gMqKkY39oBJdPEc', 'wDmblHZzi5ufWIx', 'fIi1pkQemOV1VOg', 'LP2QKJGgCnpmSZ9', 'LIjuTg9mGO9GE6i', 'HzUFxULiarW50EW', '_80kl1VPnKSNLHn1', 'Dm2owszwUpyoSfa', 'hfZTr2VHFCTKyZz' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, 85IhxSGtOfNN64Z.cs | High entropy of concatenated method names: 'yWre6hYlj3lAFIe', 'w53lih6zzuxhdoo', 'ztKj3tzVIquKCWN', 'iAZZ3meOOCoWCuv', 'AG6EflH4htfZrjb', 'di3uQfxFg5FUgGd', 'SUaVC5nJy749fR2', 'Ml9Lz9F6G4XkEEc', 'gxrqTZHTbl6sS38', 'EoQBMeo9SVrfYpN' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, DNAvWoxlxYdwRmJ.cs | High entropy of concatenated method names: 'YIMRtj1s9oNdU0N', '_5520HD1l8I2XRvvtXor9rfriehZm8XltHQUn20fvMgMr2pscG6OXUObl62pMLvYKdozsLDDyfkrTUzmW', 'kiAxGyXDIwuNBtK5wSL03PDYcLGzFoSqgROWN7GzW8uxRe1zCAcaKSVXJCHkWSmyAx9dKZPxZnbkoans', 'UBEhOpEhEJVw0VvqFMFmXP0eFyLMjTEZiaEqtdOUt1LVVYwizDfaeR1OegbFNjEvIFl2IUDB5TiCzhtw', 'Q3EP9OA0Z2GirNFLWCgus087plBS9P1WIaB5fpMmWaE5VJSj6kbZXEy1T1A2SkZr06zNXvZHj8S5hGZy' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, cwqxDxQiWlgCHGb.cs | High entropy of concatenated method names: 'NKOK6UgjJmOa6Im', 'igBJYGsMPitE6DG', 'jVpPD8sTfj9Nd10', 'G3EE5RtitA8krxl', 'Iz350rgzj3tqXNt', '_2LohON0bxHVhFNj', 'ufnMJe4vzMbpR6d', 'ifAbAoEYZVj5dHE', 'cIT6pad9Nfm5BIM', 'tkvQFISXvFMdFiN' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, hkW0iHAt1n34uyi.cs | High entropy of concatenated method names: 'ZA1wSX8Y9rkyTOK', '_6l4VVkKWlLft6pE', 'mPqymSheHPUODwD', 'L2l2tsx1mGtScNH', 'GgWLdnBgKUFVsKe', 'mAzEPTGccxcwXrt', 'Ngd0V2uENuoJV7Y', '_1avyPG6avJrhMmb', 'YwYLCnL16L0IAiE', 'DfKhJS0b7F4dMa0' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, I3Th8Mh3i2t6BO8.cs | High entropy of concatenated method names: 'ycTB3QchYaPi6ld', 'deWxASI79woyq9X', '_0n7KpTltKIHYr4T', 'cnoumh2fnWdtSFr', 'pPbZfiyGiLZG83y0NXDujtd2OM9WsXrz7NxMSTjqhuuqXe5XIiwVCIBWN2VwcjY0oBNfeFPxal0iaAv6', 'lUNdOxJmo5suVRX8JZ85chk8dM8838T0TptE9RG0agy0GZKB25UGwHyyGXQzzotyY8KLjqrlJW1NAgA4', '_4vaG21eQNCBulv8UEgvZCAGl3LLf0chsyWtLb0RTqD5A7FuuJ1qSC6ANZnjGgbj59DVznlAqMwOu0LBo', 'Oy6IC0Gx3rsmgu9XRxA3eALAbWTpa6qGsJVPVVuv2so4quJbzZpYJpfbZZgBRr0MRDQQcTswHO6B3PEB', 'GmuG9UvlyARiNeQmXPqoYPMWFFeN1J2qPCDGaWZFGxmfPxArgsFTyoZrkl68opIm9IqICHdpruCNVwyD', 'EY72UclcflxCpseqbhJFb2aRgAGvqfAxZFhVmgMBW6u46L1oNPeisTXrv4zGXLoMmlDtzGeHk2ylsHpd' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, sjmftLizVeKZw8R.cs | High entropy of concatenated method names: 'fC2Hv3iN2A8bbkN', 'LDG4MG013gN6bXu', 'e5Y4CqvEcAEoHx6', 'WxHBkeBtQLLel5W', 'LclPVtD49F1s3Ze', 'HQae3xAr1kaUxi8', '_4JhsqusRTKSKtTK', 'KBnf1CAHIhlDR6u', 'TQKV9rsqz5qXI2U', 'eztSPsRMjtnDHAH' |
Source: 1.2.Windows Defender.exe.3695570.1.raw.unpack, GzYlpNyzaslb0P5ovfphEnusQWYGKo.cs | High entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'EJzGa7Ric7poYCgb41mvt5ldgjt51zq0BhFA1Xjj4wvS8InZ', 'GQ7tE9xs7bgguiu4ayikFAYQW0uh1MtAiHNsSkYdUqkdsLPI', 'omqgjj5ThJ8sFg3yxDaEwabnJhSmuqwI4e38fCjJrhdNKM5V', 'fsP5Xf2jdvqOWEV11Et9IH91ihdTx8o2dGfo9jMlkXZcQBQX' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, IiG77VCIYIyAinp.cs | High entropy of concatenated method names: 'On7tk7CL4ICqwtJ17iyjvmroiyw8WZlr4MB4LP0nA8dx3ySI', 'V7eUuu0Dc75KTOrci9ReUfHmMHpjn3wFJJRKZH6QBZt45qfA', '_7V3NAsTVvEpV1KghbpMBUBfXxJ0gqd14EW7QgC5jRRCOicxa', 'H3wsgnzQp18ON9bs9wjvVyXbX9kSmtp8LrrlKFAIKltFLuZt' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, 4HsJjuIP2UkRI9R.cs | High entropy of concatenated method names: 'jfw6pgiyRlXjLvW', '_73kiPYRZTt9iH8K', 'LuMB2o4Uhl3slYm', '_5iGvflySuJ2XB7mOoMsErBneGDDGoTVQxB7zXHDoI1b0LC9IeT7lXims44Ai1VS7R', 'qsUJnoNFDmuJGsQgdplxKlxv63v6KavmbVtF0JwKJQAA07HzBLj1iDe8rhkxBPZOs', 'YeW5xHeQumgoAkjFU2J9qnRqbGllYzYTu1JWTlFx65nbNgN6kfL4Tj3g8N066pGVH', 'C9g9BCZonES8wz7DXkLz8oNb9f926DDafJELUyu01BVE34DuE34v1X1ttiQoMK0Fl', '_6GrR4BNPHoCS3xvSYAnwhYYm8IFBAqwW3S7L67cWPC8A5B5CuHuaIboPDwjsyuUX7', 'rjcbd1yYzzaaY8lGu3cfV6xgZbMypogrooTZ5z7t3LIHv5eZFM7fWXHCLBBb8vEkG', 'AwF5JHjCl5FhRMAkYMRBiy5ekbqTyLdWmHkLQp1gM6RrCm8sIApYyfqhmokialfEU' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, k9ZEaIQ7WE7abcI.cs | High entropy of concatenated method names: 'SYKN04mGwOtKVri', 'RXvOTn7ZPneJ4ZmOWPMXI2mHhemT0Op6a4Wr1k71y4plI4drhye04rKq9kMGh3xstgorqutmVwu8tcdV', '_9wlF4qXH0wGWgIlS9v9hUETRfiDCq4jhZJgaODbm9EYAkznyRHytEMnJ4sCOFGcXoQJWorb0sK3GUFG9', 'kSb5yxplkRlmGSPlEOM22U9HEoVFXc5txExM3cE5l909fwyxWVquMoNW09PCg57MSbhzrIynoB6jPMdf', '_82BSeVPHTKcOIrF2B5Rgi85jyt297gdkbsm9gtzjOjptS0tyVVEGOljUszwSogP0eu0zgr2L7yYMZezB' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, yfcXnm8Ph88Q7SS.cs | High entropy of concatenated method names: 'YxIUiUb1239uDz3', 'gMqKkY39oBJdPEc', 'wDmblHZzi5ufWIx', 'fIi1pkQemOV1VOg', 'LP2QKJGgCnpmSZ9', 'LIjuTg9mGO9GE6i', 'HzUFxULiarW50EW', '_80kl1VPnKSNLHn1', 'Dm2owszwUpyoSfa', 'hfZTr2VHFCTKyZz' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, 85IhxSGtOfNN64Z.cs | High entropy of concatenated method names: 'yWre6hYlj3lAFIe', 'w53lih6zzuxhdoo', 'ztKj3tzVIquKCWN', 'iAZZ3meOOCoWCuv', 'AG6EflH4htfZrjb', 'di3uQfxFg5FUgGd', 'SUaVC5nJy749fR2', 'Ml9Lz9F6G4XkEEc', 'gxrqTZHTbl6sS38', 'EoQBMeo9SVrfYpN' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, DNAvWoxlxYdwRmJ.cs | High entropy of concatenated method names: 'YIMRtj1s9oNdU0N', '_5520HD1l8I2XRvvtXor9rfriehZm8XltHQUn20fvMgMr2pscG6OXUObl62pMLvYKdozsLDDyfkrTUzmW', 'kiAxGyXDIwuNBtK5wSL03PDYcLGzFoSqgROWN7GzW8uxRe1zCAcaKSVXJCHkWSmyAx9dKZPxZnbkoans', 'UBEhOpEhEJVw0VvqFMFmXP0eFyLMjTEZiaEqtdOUt1LVVYwizDfaeR1OegbFNjEvIFl2IUDB5TiCzhtw', 'Q3EP9OA0Z2GirNFLWCgus087plBS9P1WIaB5fpMmWaE5VJSj6kbZXEy1T1A2SkZr06zNXvZHj8S5hGZy' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, cwqxDxQiWlgCHGb.cs | High entropy of concatenated method names: 'NKOK6UgjJmOa6Im', 'igBJYGsMPitE6DG', 'jVpPD8sTfj9Nd10', 'G3EE5RtitA8krxl', 'Iz350rgzj3tqXNt', '_2LohON0bxHVhFNj', 'ufnMJe4vzMbpR6d', 'ifAbAoEYZVj5dHE', 'cIT6pad9Nfm5BIM', 'tkvQFISXvFMdFiN' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, hkW0iHAt1n34uyi.cs | High entropy of concatenated method names: 'ZA1wSX8Y9rkyTOK', '_6l4VVkKWlLft6pE', 'mPqymSheHPUODwD', 'L2l2tsx1mGtScNH', 'GgWLdnBgKUFVsKe', 'mAzEPTGccxcwXrt', 'Ngd0V2uENuoJV7Y', '_1avyPG6avJrhMmb', 'YwYLCnL16L0IAiE', 'DfKhJS0b7F4dMa0' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, I3Th8Mh3i2t6BO8.cs | High entropy of concatenated method names: 'ycTB3QchYaPi6ld', 'deWxASI79woyq9X', '_0n7KpTltKIHYr4T', 'cnoumh2fnWdtSFr', 'pPbZfiyGiLZG83y0NXDujtd2OM9WsXrz7NxMSTjqhuuqXe5XIiwVCIBWN2VwcjY0oBNfeFPxal0iaAv6', 'lUNdOxJmo5suVRX8JZ85chk8dM8838T0TptE9RG0agy0GZKB25UGwHyyGXQzzotyY8KLjqrlJW1NAgA4', '_4vaG21eQNCBulv8UEgvZCAGl3LLf0chsyWtLb0RTqD5A7FuuJ1qSC6ANZnjGgbj59DVznlAqMwOu0LBo', 'Oy6IC0Gx3rsmgu9XRxA3eALAbWTpa6qGsJVPVVuv2so4quJbzZpYJpfbZZgBRr0MRDQQcTswHO6B3PEB', 'GmuG9UvlyARiNeQmXPqoYPMWFFeN1J2qPCDGaWZFGxmfPxArgsFTyoZrkl68opIm9IqICHdpruCNVwyD', 'EY72UclcflxCpseqbhJFb2aRgAGvqfAxZFhVmgMBW6u46L1oNPeisTXrv4zGXLoMmlDtzGeHk2ylsHpd' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, sjmftLizVeKZw8R.cs | High entropy of concatenated method names: 'fC2Hv3iN2A8bbkN', 'LDG4MG013gN6bXu', 'e5Y4CqvEcAEoHx6', 'WxHBkeBtQLLel5W', 'LclPVtD49F1s3Ze', 'HQae3xAr1kaUxi8', '_4JhsqusRTKSKtTK', 'KBnf1CAHIhlDR6u', 'TQKV9rsqz5qXI2U', 'eztSPsRMjtnDHAH' |
Source: 1.2.Windows Defender.exe.36b5590.2.raw.unpack, GzYlpNyzaslb0P5ovfphEnusQWYGKo.cs | High entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'EJzGa7Ric7poYCgb41mvt5ldgjt51zq0BhFA1Xjj4wvS8InZ', 'GQ7tE9xs7bgguiu4ayikFAYQW0uh1MtAiHNsSkYdUqkdsLPI', 'omqgjj5ThJ8sFg3yxDaEwabnJhSmuqwI4e38fCjJrhdNKM5V', 'fsP5Xf2jdvqOWEV11Et9IH91ihdTx8o2dGfo9jMlkXZcQBQX' |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Windows Defender.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |