Windows Analysis Report
h4QtFUlwIz.exe

Overview

General Information

Sample name:	h4QtFUlwIz.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	feef88d2312370e6b654f759d6853247ffc81337dc2e18ffb2f0f8b9335cd079
Analysis ID:	1432122
MD5:	c1e6995e3a405d018ad7a69d2a0f075b
SHA1:	14a2add2815925174eabb86b510f5c2743930ba1
SHA256:	feef88d2312370e6b654f759d6853247ffc81337dc2e18ffb2f0f8b9335cd079
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected potential crypto function

PE file contains executable resources (Code or Archives)

Sample file is different than original file name gathered from version info

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: h4QtFUlwIz.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: h4QtFUlwIz.exe

Static PE information: certificate valid

Source:	Binary string: wextract.pdb source: h4QtFUlwIz.exe
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\scaexec.pdb source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr
Source:	Binary string: C:\build\work\eca3d12b\wix3\build\ship\x86\SfxCA.pdb source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C51000.00000004.00000020.00020000.00000000.sdmp, h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C15000.00000004.00000020.00020000.00000000.sdmp, h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003D9A000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\scasched.pdb source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr

Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: h4QtFUlwIz.exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: h4QtFUlwIz.exe, VC234PATCH01.msp.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: h4QtFUlwIz.exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: h4QtFUlwIz.exe	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: h4QtFUlwIz.exe	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: h4QtFUlwIz.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: h4QtFUlwIz.exe	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: h4QtFUlwIz.exe	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: h4QtFUlwIz.exe	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: h4QtFUlwIz.exe	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: http://wixtoolset.org
Source: VC234PATCH01.msp.0.dr	String found in binary or memory: http://www.opentext.com/2/global/services-home/services-support-contact.htmMoreInfoURLOptimizedInsta
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: h4QtFUlwIz.exe	String found in binary or memory: https://www.globalsign.com/repository/0
Source: h4QtFUlwIz.exe	String found in binary or memory: https://www.opentext.com0

Detected potential crypto function

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Code function: 0_2_0100871A	0_2_0100871A
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Code function: 0_2_01009A1F	0_2_01009A1F
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Code function: 0_2_01008DBD	0_2_01008DBD
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Code function: 0_2_01008A3E	0_2_01008A3E
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Code function: 0_2_010095E5	0_2_010095E5
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Code function: 0_2_01009175	0_2_01009175

PE file contains executable resources (Code or Archives)

Source: h4QtFUlwIz.exe

Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 16117495 bytes, 1 file, at 0x2c +A "VC234PATCH01.msp", ID 1153, number 1, 533 datablocks, 0x1503 compression

Sample file is different than original file name gathered from version info

Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003BE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCopySAPConnector.dlll% vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003BE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSfxCA.dll\ vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameGACnetCheck.dlll% vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSfxCA.dll\ vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamescasched.dll\ vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamescaexec.dll\ vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C1F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCopySAPConnector.dlll% vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C1F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSfxCA.dll\ vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003DA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetDefaultDatabaseConnection.dlll% vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003DA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSfxCA.dll\ vs h4QtFUlwIz.exe
Source: h4QtFUlwIz.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE h# vs h4QtFUlwIz.exe

Uses 32bit PE files

Source: h4QtFUlwIz.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean2.winEXE@4/1@0/0

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe

Code function: 0_2_01005190 GetDlgItem,GetDlgItem,ShowWindow,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

0_2_01005190

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: h4QtFUlwIz.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"

Source: unknown	Process created: C:\Users\user\Desktop\h4QtFUlwIz.exe "C:\Users\user\Desktop\h4QtFUlwIz.exe"
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /p VC234PATCH01.msp REINSTALL=ALL REINSTALLMODE=amus /qf
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /p VC234PATCH01.msp REINSTALL=ALL REINSTALLMODE=amus /qf	Jump to behavior

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Section loaded: advpack.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior

Source: h4QtFUlwIz.exe

Static PE information: certificate valid

Source: h4QtFUlwIz.exe

Static file information: File size 16199144 > 1048576

Source: h4QtFUlwIz.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0xf65800

Source: h4QtFUlwIz.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wextract.pdb source: h4QtFUlwIz.exe
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\scaexec.pdb source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr
Source:	Binary string: C:\build\work\eca3d12b\wix3\build\ship\x86\SfxCA.pdb source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C51000.00000004.00000020.00020000.00000000.sdmp, h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C15000.00000004.00000020.00020000.00000000.sdmp, h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003D9A000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\scasched.pdb source: h4QtFUlwIz.exe, 00000000.00000003.1999194712.0000000003C5B000.00000004.00000020.00020000.00000000.sdmp, VC234PATCH01.msp.0.dr

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior
Source: C:\Users\user\Desktop\h4QtFUlwIz.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\h4QtFUlwIz.exe

Code function: 0_2_0100646B GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_0100646B

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1432122
Product:	CloudBasic
Start time:	14:27:14
Start date:	26.04.2024
Sample:	h4QtFUlwIz
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c1e6995e3a405d018ad7a69d2a0f075b
SHA1:	14a2add2815925174eabb86b510f5c2743930ba1
SHA256:	feef88d2312370e6b654f759d6853247ffc81337dc2e18ffb2f0f8b9335cd079
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
h4QtFUlwIz.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report h4QtFUlwIz.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
h4QtFUlwIz.exe