Deletes itself

Loads dropped DLL

Windows security modification

Checks for installed software on the system

Modifies system certificate store

Reads 7star user data, possible credential harvesting

Reads Amigo user data, possible credential harvesting

Reads Bromium user data, possible credential harvesting

Reads Centbrowser user data, possible credential harvesting

Reads Chedot user data, possible credential harvesting

Reads Chrome SxS user data, possible credential harvesting

Reads Chrome user data, possible credential harvesting

Reads Chromium user data, possible credential harvesting

Reads Dragon user data, possible credential harvesting

Reads Elements browser user data, possible credential harvesting

Reads Epic privacy browser user data, possible credential harvesting

Reads Firefox user profile, possible credential harvesting

Reads Go! user data, possible credential harvesting

Reads Kometa user data, possible credential harvesting

Reads Mustang user data, possible credential harvesting

Reads Nichrome user data, possible credential harvesting

Reads Orbitum user data, possible credential harvesting

Reads Pale Moon browser user profile, possible credential harvesting

Reads Qip surf user data, possible credential harvesting

Reads Rockmelt user data, possible credential harvesting

Reads Secure browser user data, possible credential harvesting

Reads Sputnik user data, possible credential harvesting

Reads Suhba user data, possible credential harvesting

Reads Superbird user data, possible credential harvesting

Reads Tor Browser user profile, possible credential harvesting

Reads Torch user data, possible credential harvesting

Reads Uran user data, possible credential harvesting

Reads Vivaldi user data, possible credential harvesting

Reads Waterfox user profile, possible credential harvesting

Reads user profile for Thunderbird email client, possible credential harvesting

Checks system information in the registry

System information is often read in order to detect sandboxing environments.