Trojan.PWS.Stealer.36707

Technical Information

Malicious functions

Patches code

in dll

22.exe process, Wldp.dll module

in AMSI dll

22.exe process, Amsi.dll module

Reads files which store third party applications passwords

%LOCALAPPDATA%\google\chrome\user data\default\web data
%LOCALAPPDATA%\google\chrome\user data\default\login data
%LOCALAPPDATA%\microsoft\edge\user data\default\login data
%LOCALAPPDATA%\microsoft\edge\user data\default\web data
%APPDATA%\opera software\opera stable\login data

Modifies file system

Creates the following files

%WINDIR%\temp\11.exe
%WINDIR%\temp\22.exe
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpadmetrics-active.pma
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpadmetrics.pma
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\functional data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\functional san data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\last version
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\local state
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\edge profile.ico
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\favicons
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\history
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\login data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\media history
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\network persistent state
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\preferences
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\readme
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\secure preferences
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\top sites
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\visited links
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\web data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\local storage\leveldb\current
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\local storage\leveldb\log
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\local storage\leveldb\manifest-000001
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpad\settings.dat
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpad\throttle_store.dat
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\devtoolsactiveport
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\chrome_debug.log
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\wasm\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\js\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_0
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_1
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_2
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_3
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\js\index-dir\temp-index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\wasm\index-dir\temp-index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cookies-journal
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cookies
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_0
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_1
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_2
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_3

Deletes following files that it created itself

%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpadmetrics-active.pma
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpadmetrics.pma
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\devtoolsactiveport
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\functional data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\functional san data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\last version
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\local state
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpad\settings.dat
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\crashpad\throttle_store.dat
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\edge profile.ico
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\favicons
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\history
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\login data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\media history
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\network persistent state
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\preferences
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\readme
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\secure preferences
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\top sites
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\visited links
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\web data
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_0
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_1
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_2
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_3
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\js\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\js\index-dir\the-real-index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\wasm\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\wasm\index-dir\the-real-index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_0
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_1
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_2
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\data_3
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\gpucache\index
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\local storage\leveldb\current
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\local storage\leveldb\log
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\local storage\leveldb\manifest-000001

Moves the following files

from %LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\js\index-dir\temp-index to %LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\js\index-dir\the-real-index
from %LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\wasm\index-dir\temp-index to %LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\code cache\wasm\index-dir\the-real-index

Substitutes the following files

%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_0
%LOCALAPPDATA%\microsoft\edge\user datao5qqb\default\cache\data_1

Network activity

Connects to

'localhost':32273
'18#.#9.133.246':80

TCP

HTTP GET requests

Other

'localhost':49693
'localhost':49694
'localhost':49695
'localhost':49696

UDP

DNS ASK fi#####.###tings.services.mozilla.com
DNS ASK google.com

Miscellaneous

Searches for the following windows

ClassName: 'EDIT' WindowName: ''
ClassName: 'sjv115Df865B2088i8j' WindowName: ''
ClassName: '' WindowName: '1spjDW5DVposefx8a7t'
ClassName: '' WindowName: '5GFkcb5l1Ci3CC86IwI'
ClassName: '' WindowName: 'YyiC3k2nUY6As0vK30o'
ClassName: '' WindowName: 'VHX16366jFVU0YFwgxu'
ClassName: '0cv01vqd4r754WY2yd5' WindowName: ''
ClassName: 'K7c4VudP8Cs2AOsG3iM' WindowName: ''
ClassName: 'QDSR4p24QK356t23it1' WindowName: ''
ClassName: '846f45ki72ppIbmjlYo' WindowName: ''
ClassName: '' WindowName: 'WjO68n36F5k77Q5i4Or'
ClassName: '' WindowName: 'Y7X1C11vEf747n4LV41'
ClassName: '' WindowName: 'LcifHcx7FXuDDY44WD0'
ClassName: '' WindowName: 'bpG1sv4DBc6302H5NU2'
ClassName: '' WindowName: '3rN5a22i3ARoggjFDgp'
ClassName: '' WindowName: '2yU52V5abC35ajAIcO3'
ClassName: '6UXfRO0U4c87Ha7247S' WindowName: ''
ClassName: '' WindowName: '7l142yWLekUtyHdtm28'
ClassName: '8sT2T67v0rCA3BC6gBN' WindowName: ''
ClassName: '' WindowName: 'xB5FkV0wMV0YxQH1Gb4'
ClassName: '6p27xuc648yQ0s0yimT' WindowName: ''
ClassName: '' WindowName: 'ML6HOlp8T6IO7vkT7aN'
ClassName: '' WindowName: '6OG1xPHhL15UKL01Y4J'
ClassName: '' WindowName: 'EUW07ep1poLkvJ5V6pO'
ClassName: 'f4aKFih84V0GxX4ewJ5' WindowName: ''
ClassName: '' WindowName: 'a7yfN15MN0EcrUqpGkh'
ClassName: '' WindowName: 'W5jXY4315At5K66RBMo'
ClassName: '' WindowName: 'kV3EY3215a1R6n806fr'
ClassName: 'tFHoUSuM40iMDhYXutA' WindowName: ''
ClassName: '' WindowName: 'ik02XAi40MukmLo4J43'
ClassName: 'G6Tt1n0V0TsIdVE64I3' WindowName: ''
ClassName: '' WindowName: 'SNr0I3111c7hKbx3CoJ'
ClassName: 'y0eNBg5K00Y40N44S88' WindowName: ''
ClassName: 'bC37EV2x5SqHwi3Ux4i' WindowName: ''
ClassName: 'y33dTb47g2gv82i8Mcw' WindowName: ''
ClassName: '' WindowName: 'iT6vvTGWVgUFLv0f4O5'
ClassName: 'WJTt20niHh20Qcb8YX7' WindowName: ''
ClassName: 'w0mvhh4161O04Oy6nQ7' WindowName: ''
ClassName: '' WindowName: '1sCA0THMI4lEX46H0J7'
ClassName: '78rrumvw078k5jl1t36' WindowName: ''
ClassName: '6q13USeayR8oC3f1qQ7' WindowName: ''
ClassName: '' WindowName: '7s6w0IM452RRtpCkN84'
ClassName: '3yDi38tTAT43A5sv2Y5' WindowName: ''
ClassName: '' WindowName: '8R3437W0257BNH6M7Y8'
ClassName: '' WindowName: '4t6gsfTkalXCsl6Ch6b'
ClassName: 'DJYEbJAh4FmCNaX133p' WindowName: ''
ClassName: '' WindowName: 'wrj0BExS7K4K5Ijb5ti'
ClassName: 'NaMx5oXhLSyH5Smqe2s' WindowName: ''
ClassName: '' WindowName: 'RxN56F72FE7DgveN3LF'
ClassName: '' WindowName: '3SUPTeu2DFf67vgqkeO'
ClassName: '' WindowName: '1Pcf0g5qN1Da5qv3OID'
ClassName: 'oQu7jMdBvjW7o0gEwKN' WindowName: ''
ClassName: 'RBLGPk8cHqK65bvFjy2' WindowName: ''
ClassName: '' WindowName: '5a730v8ILK6q2S5823w'
ClassName: 'DMKv4DO3d5L34Xh3l4j' WindowName: ''
ClassName: 'fB3YCqlFxojvat1qG27' WindowName: ''
ClassName: '' WindowName: 'th45ijt7IPby5Mi7Riy'
ClassName: 'lnHuCNMcO4ysWx015Qs' WindowName: ''
ClassName: '' WindowName: '567AsqQDAfpd4pf8qwe'
ClassName: 'yC56t4aX87568ObKd3d' WindowName: ''
ClassName: 'mvm1ocv4C6OX31GP1YQ' WindowName: ''
ClassName: 'Bhj855210JWdeG5jkiO' WindowName: ''
ClassName: '' WindowName: 'KoiX8O1E6I4573c1Y6L'
ClassName: 'kFAx47saKTbe75Xhty3' WindowName: ''
ClassName: 'ws2Inp65cK2hxljlD7A' WindowName: ''
ClassName: '' WindowName: '2nB4TkXUESJ1E5vsje3'
ClassName: 'E50b2vWG1D31VyTHB85' WindowName: ''
ClassName: '6V4bEHCiW0ELaYL16MB' WindowName: ''
ClassName: '' WindowName: '430lJ4EdPh51TisSjW1'
ClassName: '' WindowName: 'X54YW2ApvwtE2m27Phg'
ClassName: 'dMJk462l31IX7R4fGku' WindowName: ''
ClassName: '6uf38N8I5KRe74X6pGN' WindowName: ''
ClassName: '013mmb4VPgp8Jo0e1Dp' WindowName: ''
ClassName: '' WindowName: '3w1e5uQm1gd4tqVdXqI'
ClassName: 'ul7P5661Eb8oYoGYXG3' WindowName: ''
ClassName: '' WindowName: 'Gm3NVLl7Q2Y0HiRSsd7'
ClassName: '' WindowName: 'Be3cl04ki5bxctGK8uA'
ClassName: '' WindowName: 'lFN4U8m4Y7onvO7UxoM'
ClassName: '' WindowName: 'UXA1I7q30qNK6f1Ct0b'
ClassName: '' WindowName: 'D4wHHkkqo1qUp3YsU03'
ClassName: '2lHh7iqIEm2egS334yj' WindowName: ''
ClassName: '' WindowName: 'PXB456diph5nT81XXQ7'
ClassName: 'JWJo5h8OUQQ2s2I72nE' WindowName: ''
ClassName: '' WindowName: 'h352i401TDg1bVN3Ls6'
ClassName: 'nkRDD5oix82mJDRlg21' WindowName: ''
ClassName: '' WindowName: 'eSlT837nJ203h8UA3g5'
ClassName: '' WindowName: '0w6lmwh4F32b5B343QC'
ClassName: 'K832SkXl43Mkhp7Yae7' WindowName: ''
ClassName: 'KBL1O1inT05itAtEW3B' WindowName: ''
ClassName: '' WindowName: '3E68mHrDLbp61y5A5Ps'
ClassName: '' WindowName: 'L70k80QpftUdYXm700E'
ClassName: '618Ebd61GM3w8TNq763' WindowName: ''
ClassName: '' WindowName: 'pcf8R62r74eX7uopFp8'
ClassName: '' WindowName: 'd3N0vKI0f4fcd6hmkTv'
ClassName: '' WindowName: 'G4hu4mK4DjxsXsLKx3V'
ClassName: '' WindowName: 'iD5kk7o2PQyY883064a'
ClassName: '0d1pfw3E30VnlMI7sNN' WindowName: ''
ClassName: '' WindowName: 'qkLdnB4u740GOeXn7jg'
ClassName: '' WindowName: '4cul2fLq1iwgbVCB2lx'
ClassName: 'o6IX0H8O7nCr808S303' WindowName: ''
ClassName: '' WindowName: '2m4Enct3nMBu47Qe67K'
ClassName: '' WindowName: '50658NfN07624Qg31lP'
ClassName: 'j2sLyfJUM6Xl4nGCQ5e' WindowName: ''
ClassName: '' WindowName: 'G555HJY3c8gtvBG2vkX'
ClassName: '05YIao6j8VOUo52I34H' WindowName: ''
ClassName: 'w8AvuVq357JS3tT7NvH' WindowName: ''
ClassName: '' WindowName: '4gfbcC31IGTDJ0Y2Y5Q'
ClassName: 'JQQh2afJH5SR7oN686T' WindowName: ''
ClassName: '' WindowName: '74p8F4rEubRbEMo5tHD'
ClassName: 'KKVCUI50XbWg3858133' WindowName: ''
ClassName: 'jLqkY1y0a5uvCTSQ7Id' WindowName: ''
ClassName: 'xubjnLnwM5qud14S2ni' WindowName: ''
ClassName: '12hFGbQ6FjrdARGIiNl' WindowName: ''
ClassName: '6y642wlt2fhvlbUICiH' WindowName: ''
ClassName: 'I1oP5QPln45wWs1yfry' WindowName: ''
ClassName: '5JhVaeJ7kD0kewhAT43' WindowName: ''
ClassName: 'aJAV6rPk4E2hNk0fa0H' WindowName: ''
ClassName: '4XLA7hR27ee81ee1K8A' WindowName: ''
ClassName: 'RDLay8oHi6l1o1kfkCV' WindowName: ''
ClassName: '' WindowName: 'q6qP8iUPMt7HvIdd4Nw'
ClassName: '' WindowName: 'mrLw4fxW3at3uf1eHKl'
ClassName: '3Va8F083eMAO35544rw' WindowName: ''
ClassName: '' WindowName: 'uMEq6WutfV5bmyKH154'
ClassName: '4kB7u4kJ0Baj1IbmsbQ' WindowName: ''
ClassName: '' WindowName: 'F01FkC447CBEArpjq47'
ClassName: '' WindowName: 'UQ6dX3R1V1FUB58u2G8'
ClassName: '' WindowName: '4gB8swpP558IE2mv28B'
ClassName: 'Q62IR88UmLXvQ57to5U' WindowName: ''
ClassName: 'hMPgfMaF1odP6NPGYV8' WindowName: ''
ClassName: 'OPJMEaKI0KSJXbCVRFg' WindowName: ''
ClassName: '' WindowName: 'euIbd67QwT5C3cDj2fB'
ClassName: '4neyFRA2IpxppJN8821' WindowName: ''
ClassName: 'YX3FSA5fBmL8g3TS0v7' WindowName: ''
ClassName: 'xQEQ875i776L3k3uyX0' WindowName: ''
ClassName: 'Ty4m60imAHauuq224BJ' WindowName: ''
ClassName: 'jxn246ERU15dKqfO451' WindowName: ''
ClassName: '' WindowName: 'KVfDGqmHl288SOnq0tV'
ClassName: 'bM0T1PR02u1hbns158M' WindowName: ''
ClassName: '' WindowName: 'mMlgka57Ite3V5P7277'
ClassName: 'kXD62oI5YN503u6PL5Y' WindowName: ''
ClassName: 'FUgIs1500QK1Aw2WTBp' WindowName: ''
ClassName: '' WindowName: '3C1O5ufwtY72eH7c10N'
ClassName: 'Iyd078vw4hsxETH4Lyo' WindowName: ''
ClassName: '' WindowName: '25p8fmG5rG5i1qyGTrS'
ClassName: 'wjMou2GwSLSWaWY6RYL' WindowName: ''
ClassName: '7muc8uy1YUNTaE0BGIR' WindowName: ''
ClassName: '' WindowName: '0O10M07ecO3epIAJIp4'
ClassName: '' WindowName: 'oIG6hhJQBVL2FD040hA'
ClassName: '' WindowName: 'AIqPt4xeorr46MlI8OI'
ClassName: '' WindowName: 'TRY61XXx2fPQJLM4o2R'
ClassName: 'U43tkyas6EDBrP7VE43' WindowName: ''
ClassName: '' WindowName: '80SL1Wi0m418Y73T5YB'
ClassName: '' WindowName: 'b2CCc3A21a4IxYo7R6D'
ClassName: 'XY1p4i7X08xqtBBQ136' WindowName: ''
ClassName: '' WindowName: 'V0ww5MfNoq5lhYlNUCg'
ClassName: '' WindowName: 'soy521AUafHyO16cAcA'
ClassName: '' WindowName: 'I0g47VKMcC5QO4qLVmF'
ClassName: 'bCh76EixC6uKaTBWu74' WindowName: ''
ClassName: '2gXcigv8Bu3jf1wa4KC' WindowName: ''
ClassName: 'U7m0m1k7yPra162snjh' WindowName: ''
ClassName: 'wao6kj3lit4mCu4XyKf' WindowName: ''
ClassName: '' WindowName: 'tiRpVR5vYr0M43x42qt'
ClassName: '8B7i4l20gx6EIC3VVLW' WindowName: ''
ClassName: '7rb8S7x8D0xJNBNAPgi' WindowName: ''
ClassName: '' WindowName: 'f3J0p0O6CBqut7G337E'
ClassName: '' WindowName: 'p336w42N6706727W4L5'
ClassName: '' WindowName: 'c767i7mFr008Xu48en4'
ClassName: 'a5bnRQ73HOMMi6T54Vb' WindowName: ''
ClassName: '3pv6w2W1a53a5Hxx7hU' WindowName: ''
ClassName: '' WindowName: 'vrQhN27vB2I3OB7Mg7U'
ClassName: '5WC6AMDY4214uQbfiC5' WindowName: ''
ClassName: '1DU7DJ87l70XbejtuAG' WindowName: ''
ClassName: 'kiylm5LLd40FdjQR17q' WindowName: ''
ClassName: 'NIMQvwDQ1k6JN7ucuDd' WindowName: ''
ClassName: 'JXQ0Edb418rcnt1105u' WindowName: ''
ClassName: '' WindowName: '1fH4X17O3ojmex1280j'
ClassName: '20t3KnawvrE8pwWl731' WindowName: ''
ClassName: 'MIFjtn16G18FRNoxNVB' WindowName: ''
ClassName: 'W1m05yX44SN27lSUQN8' WindowName: ''
ClassName: '0YDQL45lKD6ER03trs1' WindowName: ''
ClassName: '7WaVx8iV3E1i51n8Ip1' WindowName: ''
ClassName: '43i4UMFH506NmbDCu67' WindowName: ''
ClassName: '1XLI6Y0HMQ85uDbv7cl' WindowName: ''
ClassName: '3pnd1iXHx1m2aut7sDg' WindowName: ''
ClassName: '36fkGf257151hvUx7F8' WindowName: ''
ClassName: '' WindowName: 'F0jhn6y6Us4mn6cN4CX'
ClassName: '745q661l5252Nnhk8BH' WindowName: ''
ClassName: '4CEdh0qEv1Vd8No4858' WindowName: ''
ClassName: 'asLJ243DKeJqMoNUtfO' WindowName: ''
ClassName: 'K4K5QPqh5Lmv17Fo7gh' WindowName: ''
ClassName: '' WindowName: 'MTDlHRRPivSNc3XA1HV'
ClassName: '' WindowName: '6W8e07wOLdB3nXG20HC'
ClassName: '' WindowName: 'LgQ3qCjWY17bG5ys3tv'
ClassName: 'c1DB4sxxfL42h1fCx3F' WindowName: ''
ClassName: '8Kse0R5kKkkrIG68M0p' WindowName: ''
ClassName: 'PC72J2FLBnr1LguUFK4' WindowName: ''
ClassName: '' WindowName: '16ko33C1EkcXmbYy0Wr'
ClassName: '' WindowName: 'X6u5A53hR3k373D3HP3'
ClassName: '' WindowName: '1oyo6C6fS45B602v8mp'
ClassName: '5WKu4Oetb7tns33hnaC' WindowName: ''
ClassName: 'oqLL1jOYqEgiv83fghW' WindowName: ''
ClassName: '' WindowName: 'G6NK75H3Q7F6A85Vb0f'
ClassName: 'LvGAApKD12qp5rnwMfe' WindowName: ''
ClassName: '507a63da1Sma52b3nn2' WindowName: ''
ClassName: '' WindowName: 'An5X7fCtWcP8o5jsEMk'
ClassName: '75yeXELY1Gq18CUDyR0' WindowName: ''
ClassName: 'yAM14AtRKDa0KKhox0X' WindowName: ''
ClassName: '' WindowName: 'IAyM246VmHH6SiS2QL7'
ClassName: 'Lq5Wc28C7VsgNQ88p67' WindowName: ''
ClassName: '' WindowName: '71CVkf0IJCF8Ew7g502'
ClassName: 'mkvSamYUvbKKgQ68b63' WindowName: ''
ClassName: 'Jsf6Lr8jy3HB8LoYK63' WindowName: ''
ClassName: 'Y6f45EGwA7sELeJ22Fa' WindowName: ''
ClassName: '' WindowName: 'GX58cGmKkooh0WP2556'
ClassName: '3qPc0g15LQx15p845Vj' WindowName: ''
ClassName: 'k0kd2Fq5oG247Eg02hF' WindowName: ''
ClassName: '' WindowName: 'Sy72BkatlORY02x5c6U'
ClassName: '' WindowName: '7E1O44Lh0WvNt8LS3DA'
ClassName: '' WindowName: 'Dr3u12miTJ5gd3OBlD8'
ClassName: '' WindowName: '8FL2x5WgCl8LmV4cFaV'
ClassName: '664QcqKSGJm4QP05ktr' WindowName: ''
ClassName: '0nVYQfWoTy02oJ0DMR3' WindowName: ''
ClassName: 'KXClhsBbfB8SR604k5W' WindowName: ''
ClassName: 'Tu7jV1CrtsfqYs5oqwL' WindowName: ''
ClassName: '' WindowName: 'uJePA0DI31NnhRg6FA8'
ClassName: '' WindowName: '8D6X861nneMA8c8Dk5V'
ClassName: '' WindowName: 'Bc4F18qGQ7n1QuF13Vh'
ClassName: '' WindowName: 'IJL0n8WaJ3tB1I2736m'
ClassName: '' WindowName: 'A3oQEo73LesRt25ftGY'
ClassName: '3kY5yg5TK1lNSuJakpu' WindowName: ''
ClassName: 'mVIi1I13AAg0i5xeKGo' WindowName: ''
ClassName: '6YBuVnU0L36lBINgI26' WindowName: ''
ClassName: '' WindowName: 'g2ovdLRgKh1tNU41wMW'
ClassName: '340C4W5BJ5Ro2qBs15U' WindowName: ''
ClassName: '' WindowName: '10FN26sK6CY8j0hy66H'
ClassName: 's2gx1R8AIlK52R74NaI' WindowName: ''
ClassName: 'ecLLT7EdepL4W51DS32' WindowName: ''
ClassName: '' WindowName: 'TRt3dwX0QSM58PAKHMO'
ClassName: '67gM11o5Yqht36pDGyb' WindowName: ''
ClassName: 'TE0QMFYYblqkT31U0xo' WindowName: ''
ClassName: '4vKyVHsB3gXICGA74ny' WindowName: ''
ClassName: '' WindowName: 'wHb2RbTdCdi53rLIAa7'
ClassName: '11Vy33vWpX8ng1k03Vq' WindowName: ''
ClassName: '' WindowName: 'nMCQ170EhN76e1iB810'
ClassName: '' WindowName: 'bD041MqcfQwaL27vjLs'
ClassName: '' WindowName: 'SraUbLCnHOJv0lpnp8K'
ClassName: '' WindowName: '83iXarp52yV206X0in5'
ClassName: '' WindowName: 'C2Qw764j6X26J85d8cs'
ClassName: 'M1kpG6T27E6648lHe05' WindowName: ''
ClassName: '' WindowName: '3dv28e6T36P2NlBt7HM'
ClassName: '15x53CkOVE4U1yVNe3i' WindowName: ''
ClassName: '' WindowName: 'CFn8cWP6cM2R2ghVf5C'
ClassName: 'Bp8L5QtAlAsI24QL35k' WindowName: ''
ClassName: '' WindowName: '584QsYE1ffescPb33Oj'
ClassName: '' WindowName: '5BhCFvuc8h1534BCcf2'
ClassName: '5Gdpi70580LX38JdWHC' WindowName: ''
ClassName: '' WindowName: 'Ws45tW58aww6Q1L1020'
ClassName: '' WindowName: 'GdxfKBNQ722vklq70k2'
ClassName: '' WindowName: '54TJn120X0HNs67Jf74'
ClassName: '' WindowName: '21p3DRy5krKS07dnDU8'
ClassName: '' WindowName: '5MlKLBgC47ALRb5mImG'
ClassName: '' WindowName: 'KvC8Vqa43e40uA1h2Lu'
ClassName: '3aCot7YQkDtsEQxRUTM' WindowName: ''
ClassName: 'OT1wH51xu8G4RQj521c' WindowName: ''
ClassName: '' WindowName: 'Iwy1w6On8niBdf3XGiA'
ClassName: '' WindowName: '2VJyx1p3St6Dc0QF3F7'
ClassName: '' WindowName: '3K3I4q40UvvtY6K175A'
ClassName: '' WindowName: 'vqY5li6L34M6xW4A727'
ClassName: '2H5Vt6X4w5sdwwrM6pi' WindowName: ''
ClassName: '' WindowName: '2r8E3gQ50eB4aiOl63q'
ClassName: 'boIL033JWG7crhm0I6d' WindowName: ''
ClassName: 'EI3IwAB6O1844xMTf2p' WindowName: ''
ClassName: 'ogL4STGPXd7Ah5e7duA' WindowName: ''
ClassName: '56iDNn7n4034MpYaKb1' WindowName: ''
ClassName: 'T78f85x7G013cq2vnD6' WindowName: ''
ClassName: 'w85H8rw8xwy3UPfTX4P' WindowName: ''
ClassName: '' WindowName: 'tf51aRWk3fC2J547q04'
ClassName: '' WindowName: 'Ls8Hw81760miGb8OsdR'
ClassName: 'pj8BJFc8vSc10d14RFk' WindowName: ''
ClassName: '' WindowName: 'hI07lD7EHcH8E1erflN'
ClassName: '' WindowName: '1a1q2e67w6uG5FxcX6n'
ClassName: '' WindowName: 'aXNOyxwOk48UYs3FD5a'
ClassName: 'KM523L5i5dV2UMjOjIq' WindowName: ''
ClassName: '' WindowName: '6Pu6SmBJNiTMYca7y75'
ClassName: '862pw70jsW1WB3Yw51w' WindowName: ''
ClassName: '' WindowName: 'pSa0QmW65vmjTyUa2Wt'
ClassName: '2Ep1n32rwly27Ou8VCE' WindowName: ''
ClassName: '' WindowName: 'q08n16rj3Cx2T17l1L4'
ClassName: '4rV1HY04kSk21j5hm7L' WindowName: ''
ClassName: 'qiNp8xD0hvqy303lAdW' WindowName: ''
ClassName: '' WindowName: '0JoVC4NEJ2IUuJcod4Y'
ClassName: '' WindowName: '52d5nWQ5R2b3YtF7dcI'
ClassName: '' WindowName: '8Rmbewe3ek283dgOqq6'
ClassName: '474q7cMPc5F5pbN64gh' WindowName: ''
ClassName: '' WindowName: 'lN7cS6Ikj2deLpdgQW4'
ClassName: '' WindowName: 'fVeo64xM5Yl0BcpjX6X'
ClassName: '' WindowName: 'K6771TNR0upW0C800lw'
ClassName: '' WindowName: 'D7p5qa36d87raDT66n3'
ClassName: 'fWCM8ppv03FotLu5wxe' WindowName: ''
ClassName: '' WindowName: '5m8H7cC616UWR4efVB4'
ClassName: '' WindowName: 'rXN65A1788234RGC47v'
ClassName: '' WindowName: '8WP4Y08hT5m716spMvn'
ClassName: 'rDLkDq0A615ch65h2QE' WindowName: ''
ClassName: '' WindowName: '2Tflyg8i5HMBh1aGp3u'
ClassName: '' WindowName: '1H0ui7p7gO3UtmRsyBC'
ClassName: 'gtqgTMSun62y3qLFG8S' WindowName: ''
ClassName: 'quEtxIqKifhIBE72x8J' WindowName: ''
ClassName: '' WindowName: '0Nty66P5IAe25IM2d81'
ClassName: 'AlkQCr1mLW2cig3qTks' WindowName: ''
ClassName: 'keR6EMkFFCsQ4HP2Pdc' WindowName: ''
ClassName: '' WindowName: '1XKWvLv177UH23Scn5s'
ClassName: '34l54Ah64rQEkcegw2C' WindowName: ''
ClassName: '' WindowName: 'i7s5hA6prmn7TLXH16a'
ClassName: '' WindowName: 'iuHusrMrooQ5h4F615R'
ClassName: 'L7Ivjdmh8x8qS832fbU' WindowName: ''
ClassName: '' WindowName: 'cEn1xf81f8F1k3V8oWC'
ClassName: '' WindowName: 'GK6ue73YcP7s00tjwA6'
ClassName: '' WindowName: 'eQiEE4K3080203bCs62'
ClassName: '0236PDr8RjFPC5i7L2N' WindowName: ''
ClassName: 'S2v0vRx1aOpGf5kvC3f' WindowName: ''
ClassName: 'sEJj2SSuf4pxfaJhnry' WindowName: ''
ClassName: 'b6Xb8PRwDAwNvW13Cs7' WindowName: ''
ClassName: 'gwJmBaFo7trlaAMjVBR' WindowName: ''
ClassName: 'XdrbDoLP0cxNrIDJh61' WindowName: ''

Creates and executes the following

'%WINDIR%\temp\11.exe'
'%WINDIR%\temp\22.exe'

Executes the following

'%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --remote-debugging-port=32273 --headless --user-data-dir="%LOCALAPPDATA%\Microsoft\Edge\User DataO5QQB" --profile-directory="Default"

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней