| Source: Ru66o6HYE6.exe | String decryptor: david@product-secured.com |
| Source: Ru66o6HYE6.exe | String decryptor: H?G7iEWK_W0R##2# |
| Source: Ru66o6HYE6.exe | String decryptor: premium251.web-hosting.com |
| Source: Ru66o6HYE6.exe | String decryptor: 587 |
| Source: Ru66o6HYE6.exe | String decryptor: WinForms_RecursiveFormCreate |
| Source: Ru66o6HYE6.exe | String decryptor: WinForms_SeeInnerException |
| Source: Ru66o6HYE6.exe | String decryptor: KrakenStub.Resources |
| Source: Ru66o6HYE6.exe | String decryptor: 1 |
| Source: Ru66o6HYE6.exe | String decryptor: %True% |
| Source: Ru66o6HYE6.exe | String decryptor: swCpiTiAhkkEpyDZTnAGhOBZpr |
| Source: Ru66o6HYE6.exe | String decryptor: True |
| Source: Ru66o6HYE6.exe | String decryptor: |System Info|System Name: |
| Source: Ru66o6HYE6.exe | String decryptor: Time: |
| Source: Ru66o6HYE6.exe | String decryptor: Date: |
| Source: Ru66o6HYE6.exe | String decryptor: ========|*Recovered Data*|======== |
| Source: Ru66o6HYE6.exe | String decryptor: XmyFntc+2Mr9D8a8cIRGva7Yqa591pNDLqAR8rdY1k4= |
| Source: Ru66o6HYE6.exe | String decryptor: zGXhVxursUWx/Mqn01W8YxHaxPhhjF+P |
| Source: Ru66o6HYE6.exe | String decryptor: g6iqdQx6uSAFv0MppdYExCCYh6Ky5jTt0T2NBhI/KWg= |
| Source: Ru66o6HYE6.exe | String decryptor: VqONpyzLqFY= |
| Source: Ru66o6HYE6.exe | String decryptor: EdrE+GGMX48= |
| Source: Ru66o6HYE6.exe | String decryptor: KRK |
| Source: Ru66o6HYE6.exe | String decryptor: ------------------------ |
| Source: Ru66o6HYE6.exe | String decryptor: x |
| Source: Ru66o6HYE6.exe | String decryptor: Content-Type |
| Source: Ru66o6HYE6.exe | String decryptor: multipart/form-data; boundary= |
| Source: Ru66o6HYE6.exe | String decryptor: --{0}Content-Disposition: form-data; name="document"; filename="{1}"Content-Type: {2}{3}--{0}-- |
| Source: Ru66o6HYE6.exe | String decryptor: POST |
| Source: Ru66o6HYE6.exe | String decryptor: https://api.telegram.org/bot |
| Source: Ru66o6HYE6.exe | String decryptor: /sendMessage?chat_id= |
| Source: Ru66o6HYE6.exe | String decryptor: &text= |
| Source: Ru66o6HYE6.exe | String decryptor: utf-8 |
| Source: Ru66o6HYE6.exe | String decryptor: / |
| Source: Ru66o6HYE6.exe | String decryptor: user-agent |
| Source: Ru66o6HYE6.exe | String decryptor: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) |
| Source: Ru66o6HYE6.exe | String decryptor: http://checkip.dyndns.org/ |
| Source: Ru66o6HYE6.exe | String decryptor: <html><head><title>Current IP Check</title></head><body> |
| Source: Ru66o6HYE6.exe | String decryptor: </body></html> |
| Source: Ru66o6HYE6.exe | String decryptor: Current IP Address: |
| Source: Ru66o6HYE6.exe | String decryptor: |
| Source: Ru66o6HYE6.exe | String decryptor: |
| Source: Ru66o6HYE6.exe | String decryptor: . |
| Source: Ru66o6HYE6.exe | String decryptor: {.} |
| Source: Ru66o6HYE6.exe | String decryptor: http |
| Source: Ru66o6HYE6.exe | String decryptor: {http} |
| Source: Ru66o6HYE6.exe | String decryptor: 0 |
| Source: Ru66o6HYE6.exe | String decryptor: Create |
| Source: Ru66o6HYE6.exe | String decryptor: Kraken_Clipboard_ |
| Source: Ru66o6HYE6.exe | String decryptor: .txt |
| Source: Ru66o6HYE6.exe | String decryptor: STOR |
| Source: Ru66o6HYE6.exe | String decryptor: Recovered From: |
| Source: Ru66o6HYE6.exe | String decryptor: |
| Source: Ru66o6HYE6.exe | String decryptor: Clipboard.txt |
| Source: Ru66o6HYE6.exe | String decryptor: text/plain |
| Source: Ru66o6HYE6.exe | String decryptor: 2 |
| Source: Ru66o6HYE6.exe | String decryptor: /sendDocument?chat_id= |
| Source: Ru66o6HYE6.exe | String decryptor: &caption= |
| Source: Ru66o6HYE6.exe | String decryptor: System IP: |
| Source: Ru66o6HYE6.exe | String decryptor: KrakenClipboardLog.txt |
| Source: Ru66o6HYE6.exe | String decryptor: application/x-ms-dos-executable |
| Source: Ru66o6HYE6.exe | String decryptor: RecoveredDisplayShot |
| Source: Ru66o6HYE6.exe | String decryptor: .png |
| Source: Ru66o6HYE6.exe | String decryptor: \Kraken |
| Source: Ru66o6HYE6.exe | String decryptor: \Kraken\ |
| Source: Ru66o6HYE6.exe | String decryptor: Kraken_Screenshot_ |
| Source: Ru66o6HYE6.exe | String decryptor: Recovered Screenshot From: |
| Source: Ru66o6HYE6.exe | String decryptor: Recovered Keylogs From: |
| Source: Ru66o6HYE6.exe | String decryptor: Kraken_Keylogs_ |
| Source: Ru66o6HYE6.exe | String decryptor: RecoveredKeylogs.txt |
| Source: Ru66o6HYE6.exe | String decryptor: Keylogs Recovered From: |
| Source: Ru66o6HYE6.exe | String decryptor: KrakenKeylogs.txt |
| Source: Ru66o6HYE6.exe | String decryptor: [ -- {0} -- ] |
| Source: Ru66o6HYE6.exe | String decryptor: {0} |
| Source: Ru66o6HYE6.exe | String decryptor: |
| Source: Ru66o6HYE6.exe | String decryptor: Kraken_Password_ |
| Source: Ru66o6HYE6.exe | String decryptor: RecoveredPassword.txt |
| Source: Ru66o6HYE6.exe | String decryptor: RecoveredLogins.txt |
| Source: Ru66o6HYE6.exe | String decryptor: 300000 |
| Source: Ru66o6HYE6.exe | String decryptor: [ |
| Source: Ru66o6HYE6.exe | String decryptor: ] |
| Source: Ru66o6HYE6.exe | String decryptor: |
| Source: Ru66o6HYE6.exe | String decryptor: [ENTR] |
| Source: Ru66o6HYE6.exe | String decryptor: [TAP] |
| Source: Ru66o6HYE6.exe | String decryptor: ObjectLength |
| Source: Ru66o6HYE6.exe | String decryptor: ChainingModeGCM |
| Source: Ru66o6HYE6.exe | String decryptor: AuthTagLength |
| Source: Ru66o6HYE6.exe | String decryptor: ChainingMode |
| Source: Ru66o6HYE6.exe | String decryptor: KeyDataBlob |
| Source: Ru66o6HYE6.exe | String decryptor: AES |
| Source: Ru66o6HYE6.exe | String decryptor: Microsoft Primitive Provider |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptDecrypt() (get size) failed with status code: {0} |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptDecrypt(): authentication tag mismatch |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptDecrypt() failed with status code:{0} |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptOpenAlgorithmProvider() failed with status code:{0} |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0} |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptImportKey() failed with status code:{0} |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} |
| Source: Ru66o6HYE6.exe | String decryptor: BCrypt.BCryptGetProperty() failed with status code:{0} |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Outlook | =====URL: |
| Source: Ru66o6HYE6.exe | String decryptor: E-Mail: |
| Source: Ru66o6HYE6.exe | String decryptor: K-Password: |
| Source: Ru66o6HYE6.exe | String decryptor: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa |
| Source: Ru66o6HYE6.exe | String decryptor: IMAP Password |
| Source: Ru66o6HYE6.exe | String decryptor: POP3 Password |
| Source: Ru66o6HYE6.exe | String decryptor: HTTP Password |
| Source: Ru66o6HYE6.exe | String decryptor: SMTP Password |
| Source: Ru66o6HYE6.exe | String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
| Source: Ru66o6HYE6.exe | String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
| Source: Ru66o6HYE6.exe | String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676 |
| Source: Ru66o6HYE6.exe | String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
| Source: Ru66o6HYE6.exe | String decryptor: Email |
| Source: Ru66o6HYE6.exe | String decryptor: GetBytes |
| Source: Ru66o6HYE6.exe | String decryptor: SMTP Server |
| Source: Ru66o6HYE6.exe | String decryptor: Nothing |
| Source: Ru66o6HYE6.exe | String decryptor: |
| Source: Ru66o6HYE6.exe | String decryptor: Outlook |
| Source: Ru66o6HYE6.exe | String decryptor: Foxmail |
| Source: Ru66o6HYE6.exe | String decryptor: SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command |
| Source: Ru66o6HYE6.exe | String decryptor: Foxmail.exe |
| Source: Ru66o6HYE6.exe | String decryptor: " |
| Source: Ru66o6HYE6.exe | String decryptor: Storage\ |
| Source: Ru66o6HYE6.exe | String decryptor: \ |
| Source: Ru66o6HYE6.exe | String decryptor: \Accounts\Account.rec0 |
| Source: Ru66o6HYE6.exe | String decryptor: Account |
| Source: Ru66o6HYE6.exe | String decryptor: POP3Account |
| Source: Ru66o6HYE6.exe | String decryptor: Password |
| Source: Ru66o6HYE6.exe | String decryptor: POP3Password |
| Source: Ru66o6HYE6.exe | String decryptor: ! |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Foxmail | ===== |
| Source: Ru66o6HYE6.exe | String decryptor: E-Mail: {0} |
| Source: Ru66o6HYE6.exe | String decryptor: K-Password: {0} |
| Source: Ru66o6HYE6.exe | String decryptor: 5A |
| Source: Ru66o6HYE6.exe | String decryptor: 71 |
| Source: Ru66o6HYE6.exe | String decryptor: v10 |
| Source: Ru66o6HYE6.exe | String decryptor: \Local State |
| Source: Ru66o6HYE6.exe | String decryptor: "encrypted_key":"(.*?)" |
| Source: Ru66o6HYE6.exe | String decryptor: \MapleStudio\ChromePlus\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: logins |
| Source: Ru66o6HYE6.exe | String decryptor: origin_url |
| Source: Ru66o6HYE6.exe | String decryptor: username_value |
| Source: Ru66o6HYE6.exe | String decryptor: password_value |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Coolnovo Browser | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: K-Username: |
| Source: Ru66o6HYE6.exe | String decryptor: \CatalinaGroup\Citrio\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - CitrioBrowser | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Google\Chrome SxS\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Chrome Canary | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Google\Chrome\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Chrome | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \CocCoc\Browser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Coccoc Browser | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Tencent\QQBrowser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: \Vivaldi\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: \Chromium\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Chromium | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \CentBrowser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Cent | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Chedot\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Chedot | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \360Browser\Browser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - 360 English | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \360Chrome\Chrome\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - 360 China | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \BraveSoftware\Brave-Browser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Brave | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Torch\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Torch | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \UCBrowser\User Data_i18n\Default\UC Login Data.18 |
| Source: Ru66o6HYE6.exe | String decryptor: wow_logins |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - UC | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Blisk\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Blisk | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Epic Privacy Browser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - EpicBrowser | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: \Microsoft\Edge\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Microsoft Edge | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: ataD nigoL\elbatS arepO\erawtfoS arepO\ |
| Source: Ru66o6HYE6.exe | String decryptor: tad.dnaw\eliforp\arepO\arepO\ |
| Source: Ru66o6HYE6.exe | String decryptor: ReadTable |
| Source: Ru66o6HYE6.exe | String decryptor: snigol |
| Source: Ru66o6HYE6.exe | String decryptor: GetRowCount |
| Source: Ru66o6HYE6.exe | String decryptor: GetValue |
| Source: Ru66o6HYE6.exe | String decryptor: lru_nigiro |
| Source: Ru66o6HYE6.exe | String decryptor: eulav_emanresu |
| Source: Ru66o6HYE6.exe | String decryptor: eulav_drowssap |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Opera | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: abcdefghijklmnopqrstuvwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+= |
| Source: Ru66o6HYE6.exe | String decryptor: APPDATA |
| Source: Ru66o6HYE6.exe | String decryptor: \FileZilla\recentservers.xml |
| Source: Ru66o6HYE6.exe | String decryptor: Host |
| Source: Ru66o6HYE6.exe | String decryptor: User |
| Source: Ru66o6HYE6.exe | String decryptor: Pass |
| Source: Ru66o6HYE6.exe | String decryptor: Port |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - FileZilla | ===== |
| Source: Ru66o6HYE6.exe | String decryptor: Host: |
| Source: Ru66o6HYE6.exe | String decryptor: Username: |
| Source: Ru66o6HYE6.exe | String decryptor: Password: |
| Source: Ru66o6HYE6.exe | String decryptor: Port: |
| Source: Ru66o6HYE6.exe | String decryptor: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa |
| Source: Ru66o6HYE6.exe | String decryptor: \AVAST Software\Browser\User Data\Default\Login Data |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Avast | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: ( |
| Source: Ru66o6HYE6.exe | String decryptor: UNIQUE |
| Source: Ru66o6HYE6.exe | String decryptor: table |
| Source: Ru66o6HYE6.exe | String decryptor: Mozilla\Firefox\Profiles |
| Source: Ru66o6HYE6.exe | String decryptor: logins.json |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - FireFox | =====Host: |
| Source: Ru66o6HYE6.exe | String decryptor: Thunderbird\Profiles\ |
| Source: Ru66o6HYE6.exe | String decryptor: ===== | Recovered - Chrome | =====Found From: ThunderbirdHost: |
| Source: Ru66o6HYE6.exe | String decryptor: NSS_Shutdown |
| Source: Ru66o6HYE6.exe | String decryptor: PROGRAMFILES |
| Source: Ru66o6HYE6.exe | String decryptor: \Mozilla Thunderbird\ |
| Source: Ru66o6HYE6.exe | String decryptor: \Mozilla Firefox\ |
| Source: Ru66o6HYE6.exe | String decryptor: \mozglue.dll |
| Source: Ru66o6HYE6.exe | String decryptor: \nss3.dll |
| Source: Ru66o6HYE6.exe | String decryptor: NSS_Init |
| Source: Ru66o6HYE6.exe | String decryptor: PK11SDR_Decrypt |
| Source: Ru66o6HYE6.exe, type: SAMPLE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
| Source: Ru66o6HYE6.exe, type: SAMPLE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
| Source: 0.0.Ru66o6HYE6.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
| Source: 0.0.Ru66o6HYE6.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
| Source: 00000000.00000000.393140910.0000000000402000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
| Source: Process Memory Space: Ru66o6HYE6.exe PID: 6708, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Ru66o6HYE6.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Edit tour
Ru66o6HYE6.exe (PID: 6708 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node