| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, UzQWEAhf9B.exe, 00000004.00000002.2168487722.000000000307F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://185.222.58.236:55615 |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://185.222.58.236:55615/ |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.datacontract.org/2004/07/ |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.000000000307F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.000000000307F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/ |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/0 |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/CheckConnect |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.000000000307F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetUpdates |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, UzQWEAhf9B.exe, 00000004.00000002.2168487722.000000000307F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate |
| Source: UzQWEAhf9B.exe, 00000004.00000002.2168487722.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: UzQWEAhf9B.exe, UzQWEAhf9B.exe, 00000004.00000002.2165587760.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE% |
| Source: UzQWEAhf9B.exe |
String found in binary or memory: https://api.ipify. |
| Source: UzQWEAhf9B.exe |
String found in binary or memory: https://api.ipify.orgcoo |
| Source: UzQWEAhf9B.exe, UzQWEAhf9B.exe, 00000004.00000002.2165587760.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: UzQWEAhf9B.exe, UzQWEAhf9B.exe, 00000004.00000002.2165587760.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ip%appdata% |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: tmpE548.tmp.4.dr, tmp1EDA.tmp.4.dr, tmp1ECA.tmp.4.dr, tmpAB16.tmp.4.dr, tmpAB27.tmp.4.dr, tmpAB37.tmp.4.dr, tmpE568.tmp.4.dr, tmp1EA9.tmp.4.dr, tmpE506.tmp.4.dr, tmpE517.tmp.4.dr, tmpE537.tmp.4.dr, tmpE4F6.tmp.4.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: 4.2.UzQWEAhf9B.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: 4.2.UzQWEAhf9B.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
| Source: 0.2.UzQWEAhf9B.exe.3f46dc0.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: 0.2.UzQWEAhf9B.exe.3f5ebe0.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: 0.2.UzQWEAhf9B.exe.3f46dc0.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
| Source: 0.2.UzQWEAhf9B.exe.3f5ebe0.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
| Source: 0.2.UzQWEAhf9B.exe.3f5ebe0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: 0.2.UzQWEAhf9B.exe.3f5ebe0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
| Source: 0.2.UzQWEAhf9B.exe.3f46dc0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: 0.2.UzQWEAhf9B.exe.3f46dc0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073 |
| Source: 00000000.00000002.2058036481.0000000003F46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: 00000004.00000002.2165587760.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: Process Memory Space: UzQWEAhf9B.exe PID: 5908, type: MEMORYSTR |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: Process Memory Space: UzQWEAhf9B.exe PID: 6720, type: MEMORYSTR |
Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23 |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: rasman.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: rtutils.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: secur32.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: schannel.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, Ld7pC39ZWEXQsmVLLW.cs |
High entropy of concatenated method names: 'sSqGHndFpi', 'hNdG4MWUtm', 'Y4qGdifHjQ', 'U0YGoxGU2t', 'uBqGfVxBLp', 'CBIGeidtHE', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, rexMMaH8oMZaoDqW0Z.cs |
High entropy of concatenated method names: 'z2P5tR7pak', 'k1W5Q8HTHI', 'vYh535Phpu', 'jEg5j8H9JI', 'og35pmdwAE', 'jij3KSEvP2', 'rim3X3elYW', 'k053BBby6m', 'FZh3inrXF0', 'IuS39luS2R' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, rL4c9LWPjCcqw0f5mcB.cs |
High entropy of concatenated method names: 'okgOToXaqk', 'MGvOAvPsfw', 'WToOJnVbqH', 'udfO8q5Rq5', 'PpQOmsbesE', 'jCiOqnfGJ7', 'w34OugmoLp', 'l0HOkK9ndb', 'AOTOFJOrSx', 'a7LOZyAvsS' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, Wmo0jxgVx7tFLfs3Ed.cs |
High entropy of concatenated method names: 'ToString', 'l6uLEVCtS6', 'CulL4Y4MaB', 'x68LdmpvEd', 'es0LohMXck', 'sKFLeVfiUU', 'yQYLlUZAWL', 'j4TLvDYovw', 'Jf7LMCP8Rm', 'oUKLw8pq0d' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, i70btBh2UIyncg4CiH.cs |
High entropy of concatenated method names: 'mKGUIbQUey', 'cQUUyRYF3Y', 'ToString', 'UtJU1bpcaM', 'O9tUQrqvnd', 'KhfU0XS1hh', 'zYSU3NSFOr', 'yyaU5KBorK', 'kZNUjhRq1c', 'kLwUp52QLX' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, GE73y2XGp7byPFmlHH.cs |
High entropy of concatenated method names: 'xGdUiQV417', 'MFTUcK5TLM', 'z96GPsh1ZS', 'sokGWLDmfJ', 'xcYUERMQfa', 'z9sU6xpHMb', 'hJRUCt8Mlf', 'IKTUflj7fx', 'phZUNgPrgo', 'lHRUgN2Oyy' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, NqsHWGwKer8YKRIdg1.cs |
High entropy of concatenated method names: 'aN2jT6oMQc', 'nSljA636nq', 'PoXjJS5ybo', 'aU1j8gCD88', 'NahjmLMYWZ', 'YA4jq5ThR5', 'U96ju1we4S', 'h54jkDZDq3', 'bnGjFo8tOb', 'nuMjZDBURt' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, Xi8qoc0f0QE8UNRt1Z.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'R0PD9ZvxM4', 'ImfDcpVx6P', 'j5JDz87Us2', 'H6L7PsjQgm', 'ClF7WVDSF6', 'yNA7DOUUB8', 'pX777BvG2Q', 'nDpU0WtOTZXajh9QhoG' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, lm3ZMJfulnrjqrFC5J.cs |
High entropy of concatenated method names: 'NpXRn1MObc', 'fPRR6lRTZS', 'C2SRfnnhIS', 'CMnRN7lkBL', 'sQKR4ZxFl5', 'o3wRd39fZ1', 'V4NRovRdrF', 'z5hReaKM1y', 'MH4Rlwkyi9', 'ptrRvuANqW' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, iwkqQhFPucOfadISxZ.cs |
High entropy of concatenated method names: 'Oav08IerRf', 'C0h0qAeZhN', 'hb40k78tc3', 'V5o0FoA6D6', 'K5M0RdhW7t', 'kbB0LyMtX6', 'Cch0UHDK0P', 'Dv30GpT61r', 'naT0OIWAvr', 'G2A0xCbNna' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, RsNVEppXx0SfYIPCZ4.cs |
High entropy of concatenated method names: 'F4f7t0todq', 'FBe71T0tnb', 'dpx7QsAg2Z', 'EcW70RoR1w', 'zn973F7RMG', 'Gqi75t1dK9', 'YI27j9mlr5', 'CuY7pQhVG4', 'EH17bieEju', 'BFX7Iid9wU' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, rxf6okDjtPSbXWEnLF.cs |
High entropy of concatenated method names: 'EbXJUsYSE', 'wFf8ZS7LT', 'xQ1qrambr', 'hIMuuJplZ', 'vaeFenOaV', 'GhmZdnJmP', 'l3owdoTdxRHSk7I0Yo', 'Wor7Ma68vLA1d32Hrb', 'AgGGhG36J', 'jy4xoIZQp' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, ybHctFcRfhCLnWNocd.cs |
High entropy of concatenated method names: 'AixOWPRuOE', 'rP8O7ZZWRP', 'cf1OsNqEX2', 'gcSO1ZZE0A', 'eXBOQ5XKaN', 'IdhO3TT1Lp', 'MacO5PWUZZ', 'IfZGBYJ5WH', 'JiOGiTdtyW', 'VEWG9oE4ZV' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, QRC0Eokay1sBk15lnl.cs |
High entropy of concatenated method names: 'YbeQfW0kVo', 'Yu7QNiYCE6', 'JxAQgsV8oG', 'YRbQhFu0Ov', 'xWlQKL0E24', 'PIeQXgsWV1', 'CcGQBecN99', 'njEQiKLbJJ', 'pxoQ9EPbMx', 'h4LQc9yT3d' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, pC0eC8W7VpoFwcdtjNV.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Wh4xfHW4iX', 'NvpxNK3OZx', 'Om9xgGcNPJ', 'tuBxhVV69T', 'SR8xKovHP3', 'GquxXvIkwb', 'Cc0xBILrPp' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, icddYlCgBCTaRZdds7.cs |
High entropy of concatenated method names: 'DuCSk75LVd', 'r0ZSFtsZJe', 'QV2SHQP1ws', 'F0vS4d3j9T', 'Un9Soi3lgT', 'LGkSegmaSN', 's2pSvsCk8I', 'PRpSM74FFL', 'b3tSnhHO73', 'et7SElQoyF' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, Pmj5QPs4hPDHULbXm1.cs |
High entropy of concatenated method names: 'G9fWjRC0Eo', 'uy1WpsBk15', 'TPuWIcOfad', 'lSxWyZY7VQ', 'F2bWR6KOex', 'MMaWL8oMZa', 'Haf8RTcOIZ2rqNwN2d', 'JsqCUFIa8qmbm1kVBV', 'brUWWZNsmQ', 'jYhW76Tof0' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, kfJYwZixqRGJ0mnhc1.cs |
High entropy of concatenated method names: 'u3EG1ovsga', 'syvGQFJmjN', 'P1RG0JOZ58', 'HdfG3lHjWD', 'HV1G5B5qlC', 'YUEGjhHTcC', 's8eGp30xw4', 'htBGbnqF5w', 'QLgGIonAm7', 'UXQGyD9pmL' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, v7VQnYZ1ZbVkAZ2b6K.cs |
High entropy of concatenated method names: 'WHw3mIAdZs', 'dWU3uAJBNY', 'UCi0dXoo71', 'GyQ0oV2sNp', 'nHb0eF3LPA', 'bYy0l7ppDR', 'mdI0vai11k', 'WHP0MUBYMf', 'p8L0whWbbk', 'ECg0nelgMr' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, Tdd4ecvu2YPG0uOu1f.cs |
High entropy of concatenated method names: 'OrPj13M5Vs', 'Ifrj0qOayU', 'kMGj5xUxxK', 'Hap5cpMCvK', 'F6y5ztU7qA', 'RXHjP08R7n', 'OwijWKG0vi', 'IlRjDn6FR5', 't1sj7eVC2b', 'c1qjsOgmAo' |
| Source: 0.2.UzQWEAhf9B.exe.41202f8.4.raw.unpack, ako8slQanmdon2FZ0T.cs |
High entropy of concatenated method names: 'Dispose', 'hRLW9AowQb', 'aRjD4lHKGA', 'B9DcclF0nl', 'dpfWcJYwZx', 'BRGWzJ0mnh', 'ProcessDialogKey', 'Y1MDPd7pC3', 'FWEDWXQsmV', 'pLWDDAbHct' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, Ld7pC39ZWEXQsmVLLW.cs |
High entropy of concatenated method names: 'sSqGHndFpi', 'hNdG4MWUtm', 'Y4qGdifHjQ', 'U0YGoxGU2t', 'uBqGfVxBLp', 'CBIGeidtHE', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, rexMMaH8oMZaoDqW0Z.cs |
High entropy of concatenated method names: 'z2P5tR7pak', 'k1W5Q8HTHI', 'vYh535Phpu', 'jEg5j8H9JI', 'og35pmdwAE', 'jij3KSEvP2', 'rim3X3elYW', 'k053BBby6m', 'FZh3inrXF0', 'IuS39luS2R' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, rL4c9LWPjCcqw0f5mcB.cs |
High entropy of concatenated method names: 'okgOToXaqk', 'MGvOAvPsfw', 'WToOJnVbqH', 'udfO8q5Rq5', 'PpQOmsbesE', 'jCiOqnfGJ7', 'w34OugmoLp', 'l0HOkK9ndb', 'AOTOFJOrSx', 'a7LOZyAvsS' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, Wmo0jxgVx7tFLfs3Ed.cs |
High entropy of concatenated method names: 'ToString', 'l6uLEVCtS6', 'CulL4Y4MaB', 'x68LdmpvEd', 'es0LohMXck', 'sKFLeVfiUU', 'yQYLlUZAWL', 'j4TLvDYovw', 'Jf7LMCP8Rm', 'oUKLw8pq0d' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, i70btBh2UIyncg4CiH.cs |
High entropy of concatenated method names: 'mKGUIbQUey', 'cQUUyRYF3Y', 'ToString', 'UtJU1bpcaM', 'O9tUQrqvnd', 'KhfU0XS1hh', 'zYSU3NSFOr', 'yyaU5KBorK', 'kZNUjhRq1c', 'kLwUp52QLX' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, GE73y2XGp7byPFmlHH.cs |
High entropy of concatenated method names: 'xGdUiQV417', 'MFTUcK5TLM', 'z96GPsh1ZS', 'sokGWLDmfJ', 'xcYUERMQfa', 'z9sU6xpHMb', 'hJRUCt8Mlf', 'IKTUflj7fx', 'phZUNgPrgo', 'lHRUgN2Oyy' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, NqsHWGwKer8YKRIdg1.cs |
High entropy of concatenated method names: 'aN2jT6oMQc', 'nSljA636nq', 'PoXjJS5ybo', 'aU1j8gCD88', 'NahjmLMYWZ', 'YA4jq5ThR5', 'U96ju1we4S', 'h54jkDZDq3', 'bnGjFo8tOb', 'nuMjZDBURt' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, Xi8qoc0f0QE8UNRt1Z.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'R0PD9ZvxM4', 'ImfDcpVx6P', 'j5JDz87Us2', 'H6L7PsjQgm', 'ClF7WVDSF6', 'yNA7DOUUB8', 'pX777BvG2Q', 'nDpU0WtOTZXajh9QhoG' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, lm3ZMJfulnrjqrFC5J.cs |
High entropy of concatenated method names: 'NpXRn1MObc', 'fPRR6lRTZS', 'C2SRfnnhIS', 'CMnRN7lkBL', 'sQKR4ZxFl5', 'o3wRd39fZ1', 'V4NRovRdrF', 'z5hReaKM1y', 'MH4Rlwkyi9', 'ptrRvuANqW' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, iwkqQhFPucOfadISxZ.cs |
High entropy of concatenated method names: 'Oav08IerRf', 'C0h0qAeZhN', 'hb40k78tc3', 'V5o0FoA6D6', 'K5M0RdhW7t', 'kbB0LyMtX6', 'Cch0UHDK0P', 'Dv30GpT61r', 'naT0OIWAvr', 'G2A0xCbNna' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, RsNVEppXx0SfYIPCZ4.cs |
High entropy of concatenated method names: 'F4f7t0todq', 'FBe71T0tnb', 'dpx7QsAg2Z', 'EcW70RoR1w', 'zn973F7RMG', 'Gqi75t1dK9', 'YI27j9mlr5', 'CuY7pQhVG4', 'EH17bieEju', 'BFX7Iid9wU' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, rxf6okDjtPSbXWEnLF.cs |
High entropy of concatenated method names: 'EbXJUsYSE', 'wFf8ZS7LT', 'xQ1qrambr', 'hIMuuJplZ', 'vaeFenOaV', 'GhmZdnJmP', 'l3owdoTdxRHSk7I0Yo', 'Wor7Ma68vLA1d32Hrb', 'AgGGhG36J', 'jy4xoIZQp' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, ybHctFcRfhCLnWNocd.cs |
High entropy of concatenated method names: 'AixOWPRuOE', 'rP8O7ZZWRP', 'cf1OsNqEX2', 'gcSO1ZZE0A', 'eXBOQ5XKaN', 'IdhO3TT1Lp', 'MacO5PWUZZ', 'IfZGBYJ5WH', 'JiOGiTdtyW', 'VEWG9oE4ZV' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, QRC0Eokay1sBk15lnl.cs |
High entropy of concatenated method names: 'YbeQfW0kVo', 'Yu7QNiYCE6', 'JxAQgsV8oG', 'YRbQhFu0Ov', 'xWlQKL0E24', 'PIeQXgsWV1', 'CcGQBecN99', 'njEQiKLbJJ', 'pxoQ9EPbMx', 'h4LQc9yT3d' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, pC0eC8W7VpoFwcdtjNV.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Wh4xfHW4iX', 'NvpxNK3OZx', 'Om9xgGcNPJ', 'tuBxhVV69T', 'SR8xKovHP3', 'GquxXvIkwb', 'Cc0xBILrPp' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, icddYlCgBCTaRZdds7.cs |
High entropy of concatenated method names: 'DuCSk75LVd', 'r0ZSFtsZJe', 'QV2SHQP1ws', 'F0vS4d3j9T', 'Un9Soi3lgT', 'LGkSegmaSN', 's2pSvsCk8I', 'PRpSM74FFL', 'b3tSnhHO73', 'et7SElQoyF' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, Pmj5QPs4hPDHULbXm1.cs |
High entropy of concatenated method names: 'G9fWjRC0Eo', 'uy1WpsBk15', 'TPuWIcOfad', 'lSxWyZY7VQ', 'F2bWR6KOex', 'MMaWL8oMZa', 'Haf8RTcOIZ2rqNwN2d', 'JsqCUFIa8qmbm1kVBV', 'brUWWZNsmQ', 'jYhW76Tof0' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, kfJYwZixqRGJ0mnhc1.cs |
High entropy of concatenated method names: 'u3EG1ovsga', 'syvGQFJmjN', 'P1RG0JOZ58', 'HdfG3lHjWD', 'HV1G5B5qlC', 'YUEGjhHTcC', 's8eGp30xw4', 'htBGbnqF5w', 'QLgGIonAm7', 'UXQGyD9pmL' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, v7VQnYZ1ZbVkAZ2b6K.cs |
High entropy of concatenated method names: 'WHw3mIAdZs', 'dWU3uAJBNY', 'UCi0dXoo71', 'GyQ0oV2sNp', 'nHb0eF3LPA', 'bYy0l7ppDR', 'mdI0vai11k', 'WHP0MUBYMf', 'p8L0whWbbk', 'ECg0nelgMr' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, Tdd4ecvu2YPG0uOu1f.cs |
High entropy of concatenated method names: 'OrPj13M5Vs', 'Ifrj0qOayU', 'kMGj5xUxxK', 'Hap5cpMCvK', 'F6y5ztU7qA', 'RXHjP08R7n', 'OwijWKG0vi', 'IlRjDn6FR5', 't1sj7eVC2b', 'c1qjsOgmAo' |
| Source: 0.2.UzQWEAhf9B.exe.58d0000.8.raw.unpack, ako8slQanmdon2FZ0T.cs |
High entropy of concatenated method names: 'Dispose', 'hRLW9AowQb', 'aRjD4lHKGA', 'B9DcclF0nl', 'dpfWcJYwZx', 'BRGWzJ0mnh', 'ProcessDialogKey', 'Y1MDPd7pC3', 'FWEDWXQsmV', 'pLWDDAbHct' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, Ld7pC39ZWEXQsmVLLW.cs |
High entropy of concatenated method names: 'sSqGHndFpi', 'hNdG4MWUtm', 'Y4qGdifHjQ', 'U0YGoxGU2t', 'uBqGfVxBLp', 'CBIGeidtHE', 'Next', 'Next', 'Next', 'NextBytes' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, rexMMaH8oMZaoDqW0Z.cs |
High entropy of concatenated method names: 'z2P5tR7pak', 'k1W5Q8HTHI', 'vYh535Phpu', 'jEg5j8H9JI', 'og35pmdwAE', 'jij3KSEvP2', 'rim3X3elYW', 'k053BBby6m', 'FZh3inrXF0', 'IuS39luS2R' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, rL4c9LWPjCcqw0f5mcB.cs |
High entropy of concatenated method names: 'okgOToXaqk', 'MGvOAvPsfw', 'WToOJnVbqH', 'udfO8q5Rq5', 'PpQOmsbesE', 'jCiOqnfGJ7', 'w34OugmoLp', 'l0HOkK9ndb', 'AOTOFJOrSx', 'a7LOZyAvsS' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, Wmo0jxgVx7tFLfs3Ed.cs |
High entropy of concatenated method names: 'ToString', 'l6uLEVCtS6', 'CulL4Y4MaB', 'x68LdmpvEd', 'es0LohMXck', 'sKFLeVfiUU', 'yQYLlUZAWL', 'j4TLvDYovw', 'Jf7LMCP8Rm', 'oUKLw8pq0d' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, i70btBh2UIyncg4CiH.cs |
High entropy of concatenated method names: 'mKGUIbQUey', 'cQUUyRYF3Y', 'ToString', 'UtJU1bpcaM', 'O9tUQrqvnd', 'KhfU0XS1hh', 'zYSU3NSFOr', 'yyaU5KBorK', 'kZNUjhRq1c', 'kLwUp52QLX' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, GE73y2XGp7byPFmlHH.cs |
High entropy of concatenated method names: 'xGdUiQV417', 'MFTUcK5TLM', 'z96GPsh1ZS', 'sokGWLDmfJ', 'xcYUERMQfa', 'z9sU6xpHMb', 'hJRUCt8Mlf', 'IKTUflj7fx', 'phZUNgPrgo', 'lHRUgN2Oyy' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, NqsHWGwKer8YKRIdg1.cs |
High entropy of concatenated method names: 'aN2jT6oMQc', 'nSljA636nq', 'PoXjJS5ybo', 'aU1j8gCD88', 'NahjmLMYWZ', 'YA4jq5ThR5', 'U96ju1we4S', 'h54jkDZDq3', 'bnGjFo8tOb', 'nuMjZDBURt' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, Xi8qoc0f0QE8UNRt1Z.cs |
High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'R0PD9ZvxM4', 'ImfDcpVx6P', 'j5JDz87Us2', 'H6L7PsjQgm', 'ClF7WVDSF6', 'yNA7DOUUB8', 'pX777BvG2Q', 'nDpU0WtOTZXajh9QhoG' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, lm3ZMJfulnrjqrFC5J.cs |
High entropy of concatenated method names: 'NpXRn1MObc', 'fPRR6lRTZS', 'C2SRfnnhIS', 'CMnRN7lkBL', 'sQKR4ZxFl5', 'o3wRd39fZ1', 'V4NRovRdrF', 'z5hReaKM1y', 'MH4Rlwkyi9', 'ptrRvuANqW' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, iwkqQhFPucOfadISxZ.cs |
High entropy of concatenated method names: 'Oav08IerRf', 'C0h0qAeZhN', 'hb40k78tc3', 'V5o0FoA6D6', 'K5M0RdhW7t', 'kbB0LyMtX6', 'Cch0UHDK0P', 'Dv30GpT61r', 'naT0OIWAvr', 'G2A0xCbNna' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, RsNVEppXx0SfYIPCZ4.cs |
High entropy of concatenated method names: 'F4f7t0todq', 'FBe71T0tnb', 'dpx7QsAg2Z', 'EcW70RoR1w', 'zn973F7RMG', 'Gqi75t1dK9', 'YI27j9mlr5', 'CuY7pQhVG4', 'EH17bieEju', 'BFX7Iid9wU' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, rxf6okDjtPSbXWEnLF.cs |
High entropy of concatenated method names: 'EbXJUsYSE', 'wFf8ZS7LT', 'xQ1qrambr', 'hIMuuJplZ', 'vaeFenOaV', 'GhmZdnJmP', 'l3owdoTdxRHSk7I0Yo', 'Wor7Ma68vLA1d32Hrb', 'AgGGhG36J', 'jy4xoIZQp' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, ybHctFcRfhCLnWNocd.cs |
High entropy of concatenated method names: 'AixOWPRuOE', 'rP8O7ZZWRP', 'cf1OsNqEX2', 'gcSO1ZZE0A', 'eXBOQ5XKaN', 'IdhO3TT1Lp', 'MacO5PWUZZ', 'IfZGBYJ5WH', 'JiOGiTdtyW', 'VEWG9oE4ZV' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, QRC0Eokay1sBk15lnl.cs |
High entropy of concatenated method names: 'YbeQfW0kVo', 'Yu7QNiYCE6', 'JxAQgsV8oG', 'YRbQhFu0Ov', 'xWlQKL0E24', 'PIeQXgsWV1', 'CcGQBecN99', 'njEQiKLbJJ', 'pxoQ9EPbMx', 'h4LQc9yT3d' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, pC0eC8W7VpoFwcdtjNV.cs |
High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Wh4xfHW4iX', 'NvpxNK3OZx', 'Om9xgGcNPJ', 'tuBxhVV69T', 'SR8xKovHP3', 'GquxXvIkwb', 'Cc0xBILrPp' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, icddYlCgBCTaRZdds7.cs |
High entropy of concatenated method names: 'DuCSk75LVd', 'r0ZSFtsZJe', 'QV2SHQP1ws', 'F0vS4d3j9T', 'Un9Soi3lgT', 'LGkSegmaSN', 's2pSvsCk8I', 'PRpSM74FFL', 'b3tSnhHO73', 'et7SElQoyF' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, Pmj5QPs4hPDHULbXm1.cs |
High entropy of concatenated method names: 'G9fWjRC0Eo', 'uy1WpsBk15', 'TPuWIcOfad', 'lSxWyZY7VQ', 'F2bWR6KOex', 'MMaWL8oMZa', 'Haf8RTcOIZ2rqNwN2d', 'JsqCUFIa8qmbm1kVBV', 'brUWWZNsmQ', 'jYhW76Tof0' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, kfJYwZixqRGJ0mnhc1.cs |
High entropy of concatenated method names: 'u3EG1ovsga', 'syvGQFJmjN', 'P1RG0JOZ58', 'HdfG3lHjWD', 'HV1G5B5qlC', 'YUEGjhHTcC', 's8eGp30xw4', 'htBGbnqF5w', 'QLgGIonAm7', 'UXQGyD9pmL' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, v7VQnYZ1ZbVkAZ2b6K.cs |
High entropy of concatenated method names: 'WHw3mIAdZs', 'dWU3uAJBNY', 'UCi0dXoo71', 'GyQ0oV2sNp', 'nHb0eF3LPA', 'bYy0l7ppDR', 'mdI0vai11k', 'WHP0MUBYMf', 'p8L0whWbbk', 'ECg0nelgMr' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, Tdd4ecvu2YPG0uOu1f.cs |
High entropy of concatenated method names: 'OrPj13M5Vs', 'Ifrj0qOayU', 'kMGj5xUxxK', 'Hap5cpMCvK', 'F6y5ztU7qA', 'RXHjP08R7n', 'OwijWKG0vi', 'IlRjDn6FR5', 't1sj7eVC2b', 'c1qjsOgmAo' |
| Source: 0.2.UzQWEAhf9B.exe.4179b18.1.raw.unpack, ako8slQanmdon2FZ0T.cs |
High entropy of concatenated method names: 'Dispose', 'hRLW9AowQb', 'aRjD4lHKGA', 'B9DcclF0nl', 'dpfWcJYwZx', 'BRGWzJ0mnh', 'ProcessDialogKey', 'Y1MDPd7pC3', 'FWEDWXQsmV', 'pLWDDAbHct' |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\UzQWEAhf9B.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet