Adware.Multiplug/Variant

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank:	621
Threat Level:	20 % (Normal)
Infected Computers:	456,248

First Seen:	May 23, 2014
Last Seen:	February 2, 2026
OS(es) Affected:	Windows

Adware.Multiplug/Variant is adware which may be promoted via numerous free software downloads that might have packaged into their installation Adware.Multiplug/Variant. After installation on the PC, Adware.Multiplug/Variant may embed its own toolbar and change the default homepage, search provider or a new tab window with an affiliated suspicious website. Adware.Multiplug/Variant may display unwanted pop-up advertisements, messages, banners and sponsored links in search results of any popular search engine and may collect search phrases or keywords from the PC user's search queries. Adware.Multiplug/Variant may be used to boost traffic of the associated questionable website by using tricky methods and generate advertising income from clicks on pop-up advertisements. Adware.Multiplug/Variant may also be packaged within the custom installer on many unprotected download websites, so if the computer user has downloaded a free application from these download websites, Adware.Multiplug/Variant might have also been installed during the software setup process.

Aliases

14 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Generic6.AXCM
Fortinet	Riskware/MultiPlug
Ikarus	PUA.Multiplug
Panda	Generic Suspicious
AhnLab-V3	PUP/Win32.MultiPlug
McAfee-GW-Edition	MultiPlug-FYT
TrendMicro	TROJ_GEN.R021C0FF915
F-Secure	Gen:Variant.Adware.Kazy
Kaspersky	Trojan-Dropper.Win32.Agent.biqise
ClamAV	Win.Trojan.Agent-880756
Avast	Win32:PUP-gen [PUP]
Symantec	PUA.Gen.2
K7AntiVirus	Trojan ( 0040fa761 )
CAT-QuickHeal	TrojanDropper.Agent.g6

SpyHunter Detects & Remove Adware.Multiplug/Variant

File System Details

Adware.Multiplug/Variant may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	gamestechstore_helper_service.exe	eafb798e13c296281878e70bcfe41a69	368
Name: gamestechstore_helper_service.exe MD5: eafb798e13c296281878e70bcfe41a69 Size: 191.69 KB (191696 bytes) Detections: 368 Type: Executable File Path: C:\Program Files\GamesTechStore\gamestechstore_helper_service.exe Group: Malware file Last Updated: November 9, 2023
2.	A0034853.exe	17f601c301cfcf559f496bf268533fc1	263
Name: A0034853.exe MD5: 17f601c301cfcf559f496bf268533fc1 Size: 191.69 KB (191692 bytes) Detections: 263 Type: Executable File Path: C:\System Volume Information\_restore{58C0BA44-24A2-45DB-A05F-C02D75369099}\RP78\A0034853.exe Group: Malware file Last Updated: December 12, 2023
3.	SectionDouble.dll	ff5ca4e5d5425589a14064a34e20b4b1	51
Name: SectionDouble.dll MD5: ff5ca4e5d5425589a14064a34e20b4b1 Size: 2.75 MB (2758656 bytes) Detections: 51 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\SectionDouble Group: Malware file Last Updated: April 9, 2020
4.	SystemAssister.dll	419b9a3aa15b866aafd5ec08847d4a61	34
Name: SystemAssister.dll MD5: 419b9a3aa15b866aafd5ec08847d4a61 Size: 2.55 MB (2551296 bytes) Detections: 34 Type: Dynamic link library Path: %ALLUSERSPROFILE%\SystemAssister Group: Malware file Last Updated: April 9, 2016
5.	TextEnhance_26.0.1773.401.dll	43eea0c9b47d493fa5cbb7f823f6b14f	21
Name: TextEnhance_26.0.1773.401.dll MD5: 43eea0c9b47d493fa5cbb7f823f6b14f Size: 2.72 MB (2726912 bytes) Detections: 21 Type: Dynamic link library Path: %ALLUSERSPROFILE%\TextEnhance_26.0.1773.401 Group: Malware file Last Updated: October 24, 2025
6.	TextEnhance.dll	30d21c9739fcf4fb21c26ce396e54b10	12
Name: TextEnhance.dll MD5: 30d21c9739fcf4fb21c26ce396e54b10 Size: 2.85 MB (2852352 bytes) Detections: 12 Type: Dynamic link library Path: C:\Program Files\TextEnhance\TextEnhance.dll Group: Malware file Last Updated: October 11, 2022
7.	5b99d07a4b94bec2a61b0e99bcb027c13e411c35785bab14599fa1bc2f59ab10.exe	6c0aa4a07293103f8efb00ae5d7968ae	1
Name: 5b99d07a4b94bec2a61b0e99bcb027c13e411c35785bab14599fa1bc2f59ab10.exe MD5: 6c0aa4a07293103f8efb00ae5d7968ae Size: 374.27 KB (374272 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\{8dd07178-4657-5f46-8dd0-07178465c5e1} Group: Malware file Last Updated: April 16, 2015
8.	PragmaMaker.dll	a1965fdddaac1b4c845984dc636d1066	1
Name: PragmaMaker.dll MD5: a1965fdddaac1b4c845984dc636d1066 Size: 1.58 MB (1581568 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\PragmaMaker Group: Malware file Last Updated: April 22, 2015
9.	PragmaGeneration.dll	73d090cde17b05df9e4d8f28c2e248f7	1
Name: PragmaGeneration.dll MD5: 73d090cde17b05df9e4d8f28c2e248f7 Size: 1.65 MB (1659392 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\PragmaGeneration Group: Malware file Last Updated: April 22, 2015
10.	PragmaFunc.dll	d32457048b71db2b49e8718db7f57795	1
Name: PragmaFunc.dll MD5: d32457048b71db2b49e8718db7f57795 Size: 1.66 MB (1661440 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\PragmaFunc Group: Malware file Last Updated: April 22, 2015
11.	PragmaEdit.dll	9e18b5177db0318259d5a1e0c03f8adf	1
Name: PragmaEdit.dll MD5: 9e18b5177db0318259d5a1e0c03f8adf Size: 1.7 MB (1705984 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\PragmaEdit Group: Malware file Last Updated: April 22, 2015
12.	PragmaInstance.dll	aff69b29881975ef4af17e1e7760f6cd	1
Name: PragmaInstance.dll MD5: aff69b29881975ef4af17e1e7760f6cd Size: 1.61 MB (1619968 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES(x86)%\PragmaInstance Group: Malware file Last Updated: April 22, 2015
13.	2163ea13116fdd9a1add4d7966c7b2a3f5da4e8eaa5ac340cdbb290510ad21b1.exe	74f7a01054b981708f7335510834124c	1
Name: 2163ea13116fdd9a1add4d7966c7b2a3f5da4e8eaa5ac340cdbb290510ad21b1.exe MD5: 74f7a01054b981708f7335510834124c Size: 1.04 MB (1047040 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\{9ef77b15-a5d2-d12b-9ef7-77b15a5dec56} Group: Malware file Last Updated: April 21, 2015
14.	PragmaMonitor.dll	e845a02ade4d0e6ce26303989c0c366c	1
Name: PragmaMonitor.dll MD5: e845a02ade4d0e6ce26303989c0c366c Size: 1.64 MB (1646592 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES%\PragmaMonitor Group: Malware file Last Updated: April 22, 2015
15.	spyhunter 4.17.6.4336 full version with patch.exe	af8685a1052b3013679584c6246284b7	1
Name: spyhunter 4.17.6.4336 full version with patch.exe MD5: af8685a1052b3013679584c6246284b7 Size: 2.04 MB (2047488 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\{4b22572e-5d6b-90ae-4b22-2572e5d65cb9} Group: Malware file Last Updated: May 28, 2015
16.	Troj31.exe	6b940263fda0d67f604a7784c9db2390	1
Name: Troj31.exe MD5: 6b940263fda0d67f604a7784c9db2390 Size: 384.51 KB (384512 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\{83665d8d-949c-051f-8366-65d8d9497636} Group: Malware file Last Updated: May 22, 2015
17.	TextEnhance.exe	c05c9608289ac4bdaea46e31308d3531	1
Name: TextEnhance.exe MD5: c05c9608289ac4bdaea46e31308d3531 Size: 8.39 MB (8399568 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\My Documents Group: Malware file Last Updated: September 21, 2016
18.	Perplexed Examination.exe	d7411b426fbed97813cff3775e932df4	1
Name: Perplexed Examination.exe MD5: d7411b426fbed97813cff3775e932df4 Size: 8.01 MB (8016472 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\Perplexed Examination Group: Malware file Last Updated: February 26, 2016
19.	Sk-Enhancer.exe	08fd9792eb734a2de1c9766251172062	1
Name: Sk-Enhancer.exe MD5: 08fd9792eb734a2de1c9766251172062 Size: 799.23 KB (799232 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\quickset\sk-enhancer Group: Malware file Last Updated: March 25, 2016
20.	RelaySys.dll	d83d29c41d81dae61e6acd07110fada4	1
Name: RelaySys.dll MD5: d83d29c41d81dae61e6acd07110fada4 Size: 2.61 MB (2614784 bytes) Detections: 1 Type: Dynamic link library Path: %PROGRAMFILES%\RelaySys Group: Malware file Last Updated: April 9, 2016
21.	WebLight_x64.dll	5ce8eb47df6a284281572ff9ef95012e	1
Name: WebLight_x64.dll MD5: 5ce8eb47df6a284281572ff9ef95012e Size: 4.33 MB (4332544 bytes) Detections: 1 Type: Dynamic link library Path: %ALLUSERSPROFILE%\Web Light Group: Malware file Last Updated: February 26, 2016
22.	weblight.dll	b5c305c3b2ff2e35d4a270fad0675649	1
Name: weblight.dll MD5: b5c305c3b2ff2e35d4a270fad0675649 Size: 4.39 MB (4391424 bytes) Detections: 1 Path: %ALLUSERSPROFILE%\Web Light Group: Malware file Last Updated: February 26, 2016
23.	WebLightSvc.dll	85cb067676c2b654a510566905956f43	1
Name: WebLightSvc.dll MD5: 85cb067676c2b654a510566905956f43 Size: 178.51 KB (178512 bytes) Detections: 1 Type: Dynamic link library Path: %ALLUSERSPROFILE%\Dati applicazioni\Web Light Group: Malware file Last Updated: February 26, 2016
24.	TextEnhance_6.2.2999.522.dll	3b2697d63c404ce3eec49de4c4741c0f	1
Name: TextEnhance_6.2.2999.522.dll MD5: 3b2697d63c404ce3eec49de4c4741c0f Size: 2.93 MB (2930688 bytes) Detections: 1 Type: Dynamic link library Path: %ALLUSERSPROFILE%\TextEnhance_6.2.2999.522 Group: Malware file Last Updated: September 21, 2016
25.	Flava Clipper.exe	1ce9fe173a0c0d14a670488daee98fcf	0
Name: Flava Clipper.exe MD5: 1ce9fe173a0c0d14a670488daee98fcf Size: 522.75 KB (522752 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: June 1, 2015
26.	file.exe	e20d9121513d22e39a64034dcf41d1cd	0
Name: file.exe MD5: e20d9121513d22e39a64034dcf41d1cd Size: 497.66 KB (497664 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: July 9, 2015

More files

Registry Details

Adware.Multiplug/Variant may create the following registry entry or registry entries:

CLSID

{0F19EF48-CB8C-416A-B84C-C33B02970632}

{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}

{157B1AA6-3E5C-404A-9118-C1D91F537040}

{382F6195-1B46-40D5-B9FD-0493263E6132}

{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

{3C94CD82-91C5-4DA7-AC36-BC96B16DEB26}

{41F978F3-431A-4464-A789-5C0692D562FB}

{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

{5F189DF5-2D05-472B-9091-84D9848AE48B}

{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}

{9129BF03-EE04-4C16-B8AA-5DA6ADE6AB2B}

{9B41579A-1996-42F9-8F84-7B7786818CEF}

{9D4DC1C6-EFD1-44B1-91F9-6C7D4FC13CBD}

{ADA38E4E-F20A-4399-BE91-E260AC341C69}

{BB1C0445-8E37-4D66-B4E4-947E53F654A8}

{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}

{C3510196-382C-41D1-8E63-6E84DB3709C9}

{DFF50D27-9859-4F50-9BE1-A4CBFA102B9D}

{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}

{E2343056-CC08-46AC-B898-BFC7ACF4E755}

{E481A870-86C7-44E1-97DF-E759FC147CBE}

{E55496A1-3090-44B0-96BF-518EA4B6828B}

{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

{EB559340-3A8F-4456-B24D-160098054EF0}

{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}

{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}

Regexp file mask

%APPDATA%\appdataFr[NUMBERS].bin

%PROGRAMFILES%\AppendGeneration\AppendGeneration.dll

%PROGRAMFILES%\AppendInit\AppendInit.dll

%PROGRAMFILES%\AppendMonitor\AppendMonitor.dll

%PROGRAMFILES%\BorderlineMaker\BorderlineMaker.dll

%PROGRAMFILES%\brainwash\brainwash.dll

%PROGRAMFILES%\CutterFoobar\CutterFoobar.dll

%PROGRAMFILES%\decodit\decodit.dll

%PROGRAMFILES%\goopad\goopad.dll

%PROGRAMFILES%\IncludeInstance\IncludeInstance.dll

%PROGRAMFILES%\IncludeMonitor\IncludeMonitor.dll

%PROGRAMFILES%\IncrementEdit\IncrementEdit.dll

%PROGRAMFILES%\IncrementModule\IncrementModule.dll

%PROGRAMFILES%\IncrementMonitor\IncrementMonitor.dll

%PROGRAMFILES%\IndepthFunc\IndepthFunc.dll

%PROGRAMFILES%\LinkFunc\LinkFunc.dll

%PROGRAMFILES%\PathFoobar\PathFoobar.dll

%PROGRAMFILES%\PragmaEdit\PragmaEdit.dll

%PROGRAMFILES%\ProcessFoobar\ProcessFoobar.dll

%PROGRAMFILES%\ProcessMaker\ProcessMaker.dll

%PROGRAMFILES%\ReactorKeeper\ReactorKeeper.dll

%PROGRAMFILES%\ReactorSubs\ReactorSubs.dll

%PROGRAMFILES%\RelayDouble\RelayDouble.dll

%PROGRAMFILES%\RelaySoft\RelaySoft.dll

%PROGRAMFILES%\RelaySys\RelaySys.dll

%PROGRAMFILES%\sayescoupon\sayescoupon.dll

%PROGRAMFILES%\SegmentProlonger\SegmentProlonger.dll

%PROGRAMFILES%\SegmentSystem\SegmentSystem.dll

%PROGRAMFILES%\SoftwarePlus\SoftwarePlus.dll

%PROGRAMFILES%\StatFoobar\StatFoobar.dll

%PROGRAMFILES%\SystemConserve\SystemConserve.dll

%PROGRAMFILES%\SystemEnterprise\SystemEnterprise.dll

%PROGRAMFILES%\SystemHelp\SystemHelp.dll

%PROGRAMFILES%\SystemRaise\SystemRaise.dll

%PROGRAMFILES%\SystemUphold\SystemUphold.dll

%PROGRAMFILES%\TerminusDefender\TerminusDefender.dll

%PROGRAMFILES%\TerminusExtender\TerminusExtender.dll

%PROGRAMFILES%\TerminusMaker\TerminusMaker.dll

%PROGRAMFILES%\ToolMaker\ToolMaker.dll

%PROGRAMFILES%\TrimAppend\TrimAppend.dll

%PROGRAMFILES%\TrimEdit\TrimEdit.dll

%PROGRAMFILES%\turbostrength\turbostrength.dll

%PROGRAMFILES(x86)%\AppendEngine\AppendEngine.dll

%PROGRAMFILES(x86)%\AppendFoobar\AppendFoobar.dll

%PROGRAMFILES(x86)%\AppendInit\AppendInit.dll

%PROGRAMFILES(x86)%\AppendModule\AppendModule.dll

%PROGRAMFILES(x86)%\AppendRunner\AppendRunner.dll

%PROGRAMFILES(x86)%\BorderlineEngine\BorderlineEngine.dll

%PROGRAMFILES(x86)%\BorderlineInit\BorderlineInit.dll

%PROGRAMFILES(x86)%\BorderlineMonitor\BorderlineMonitor.dll

%PROGRAMFILES(x86)%\couponight\couponight.dll

%PROGRAMFILES(x86)%\CutterFoobar\CutterFoobar.dll

%PROGRAMFILES(x86)%\CutterProc\CutterProc.dll

%PROGRAMFILES(x86)%\decodit\decodit.dll

%PROGRAMFILES(x86)%\goopad\goopad.dll

%PROGRAMFILES(x86)%\IncludeInstance\IncludeInstance.dll

%PROGRAMFILES(x86)%\IncrementEdit\IncrementEdit.dll

%PROGRAMFILES(x86)%\IncrementFunc\IncrementFunc.dll

%PROGRAMFILES(x86)%\IncrementProc\IncrementProc.dll

%PROGRAMFILES(x86)%\IndepthEngine\IndepthEngine.dll

%PROGRAMFILES(x86)%\IndepthMonitor\IndepthMonitor.dll

%PROGRAMFILES(x86)%\IndepthProc\IndepthProc.dll

%PROGRAMFILES(x86)%\LinkFunc\LinkFunc.dll

%PROGRAMFILES(x86)%\LinkGeneration\LinkGeneration.dll

%PROGRAMFILES(x86)%\PathGeneration\PathGeneration.dll

%PROGRAMFILES(x86)%\PragmaEdit\PragmaEdit.dll

%PROGRAMFILES(x86)%\PragmaGeneration\PragmaGeneration.dll

%PROGRAMFILES(x86)%\PragmaMaker\PragmaMaker.dll

%PROGRAMFILES(x86)%\PragmaModulator\PragmaModulator.dll

%PROGRAMFILES(x86)%\PragmaSystem\PragmaSystem.dll

%PROGRAMFILES(x86)%\ProcessMaker\ProcessMaker.dll

%PROGRAMFILES(x86)%\ProcessRunner\ProcessRunner.dll

%PROGRAMFILES(x86)%\ReactorKeeper\ReactorKeeper.dll

%PROGRAMFILES(x86)%\RelayDefender\RelayDefender.dll

%PROGRAMFILES(x86)%\RelayDouble\RelayDouble.dll

%PROGRAMFILES(x86)%\RelaySoft\RelaySoft.dll

%PROGRAMFILES(x86)%\RelaySys\RelaySys.dll

%PROGRAMFILES(X86)%\sayescoupon\sayescoupon.dll

%PROGRAMFILES(x86)%\SegmentProlonger\SegmentProlonger.dll

%PROGRAMFILES(x86)%\SoftwarePlus\SoftwarePlus.dll

%PROGRAMFILES(x86)%\StatFoobar\StatFoobar.dll

%PROGRAMFILES(x86)%\StatInit\StatInit.dll

%PROGRAMFILES(x86)%\SystemChronicles\SystemChronicles.dll

%PROGRAMFILES(x86)%\SystemConserve\SystemConserve.dll

%PROGRAMFILES(x86)%\SystemContinue\SystemContinue.dll

%PROGRAMFILES(x86)%\SystemEnterprise\SystemEnterprise.dll

%PROGRAMFILES(x86)%\SystemHelp\SystemHelp.dll

%PROGRAMFILES(x86)%\SystemPlus\SystemPlus.dll

%PROGRAMFILES(x86)%\systempreserve\systempreserve.dll

%PROGRAMFILES(x86)%\SystemRaise\SystemRaise.dll

%PROGRAMFILES(x86)%\TampaFoobar\TampaFoobar.dll

%PROGRAMFILES(x86)%\TampaModule\TampaModule.dll

%PROGRAMFILES(x86)%\TampaMonitor\TampaMonitor.dll

%PROGRAMFILES(x86)%\TampaRunner\TampaRunner.dll

%PROGRAMFILES(x86)%\TerminusDefender\TerminusDefender.dll

%PROGRAMFILES(x86)%\TerminusKeeper\TerminusKeeper.dll

%PROGRAMFILES(x86)%\TerminusMaker\TerminusMaker.dll

%PROGRAMFILES(x86)%\TrimFunc\TrimFunc.dll

%PROGRAMFILES(x86)%\TrimInit\TrimInit.dll

%PROGRAMFILES(x86)%\TrimMaker\TrimMaker.dll

HKEY..\..\..\..{RegistryKeys}

Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

SOFTWARE\Classes\..9

Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\BestSleep.job

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\BestSleep.job.fp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task.job

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task.job.fp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[3c32].job

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[3c32].job.fp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[74c7].job

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[74c7].job.fp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[pr].job

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[pr].job.fp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[3c32]

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[pr]

SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}

SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

SOFTWARE\Wow6432Node\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

SYSTEM\ControlSet001\services\1998d97c

SYSTEM\ControlSet001\Services\24c54e38

SYSTEM\ControlSet001\services\6135ae48

SYSTEM\ControlSet001\services\813b67ce

SYSTEM\ControlSet001\Services\863788fa

SYSTEM\ControlSet001\services\a89d7674

SYSTEM\ControlSet001\services\a952796e

SYSTEM\ControlSet001\services\abc71024

SYSTEM\ControlSet001\services\cf05acd1

SYSTEM\ControlSet001\Services\d45d88d8

SYSTEM\ControlSet001\Services\d6b52028

SYSTEM\ControlSet001\services\e3f7f5ff

SYSTEM\ControlSet001\services\fc67e7a0

SYSTEM\ControlSet001\services\fd3b02ee

SYSTEM\ControlSet002\services\1998d97c

SYSTEM\ControlSet002\Services\24c54e38

SYSTEM\ControlSet002\services\6135ae48

SYSTEM\ControlSet002\services\a952796e

SYSTEM\ControlSet002\services\abc71024

SYSTEM\ControlSet002\services\cf05acd1

SYSTEM\ControlSet002\Services\d6b52028

SYSTEM\ControlSet002\services\e3f7f5ff

SYSTEM\ControlSet002\services\fc67e7a0

SYSTEM\ControlSet002\services\fd3b02ee

SYSTEM\CurrentControlSet\services\1998d97c

SYSTEM\CurrentControlSet\Services\24c54e38

SYSTEM\CurrentControlSet\services\6135ae48

SYSTEM\CurrentControlSet\services\813b67ce

SYSTEM\CurrentControlSet\Services\863788fa

SYSTEM\CurrentControlSet\services\a89d7674

SYSTEM\CurrentControlSet\Services\a952796e

SYSTEM\CurrentControlSet\services\abc71024

SYSTEM\CurrentControlSet\services\cf05acd1

SYSTEM\CurrentControlSet\Services\d45d88d8

SYSTEM\CurrentControlSet\Services\d6b52028

SYSTEM\CurrentControlSet\services\e3f7f5ff

SYSTEM\CurrentControlSet\services\fc67e7a0

SYSTEM\CurrentControlSet\services\fd3b02ee

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

S-46480778

{11F6D5AB-263F-388E-74DE-E3DECD390E3F}

{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{813b67ce}

{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}

{355FE5A0-F76C-0FCB-3575-FAD0CBA4A5F3}

{3F7D597C-7512-F73C-B0F3-5D711BC91948}

{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}

{4820778D-AB0D-6D18-C316-52A6A0E1D507}

{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}

{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}

{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}

{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1}

{5F189DF5-2D05-472B-9091-84D9848AE48B}{f7dc94c1}

{65886F9B-214B-530F-E4EA-7565AFF6DE8D}

{681002C6-5019-81A2-7871-A43754F71E56}

{6C998B44-82D8-CC7E-D847-4CD73036412A}

{6F10CA8F-97E3-48FB-9003-3EE8E9050577}

{75F9BF4A-AF67-A478-A37B-31D73186D3F3}

{7F90CB46-EB38-83F9-7DB4-CB89897D5836}

{842C4394-47F7-60DE-480B-C09116B63559}

{88E96402-3BBD-02D9-0A36-6FB806AEE04E}

{924C3DC2-8E4E-432E-F973-9A2174A39774}

{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}

{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

{B0EC0808-6922-8705-C255-F9C79C315BD5}

{B945F928-45A2-231E-495F-38C40CA198E9}

{C1C6816E-CBB3-A748-85F9-A8B47B68985B}

{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD}

{E32743D3-5789-6E4F-3998-06FB87C9214B}

{E96338DC-1468-4918-8EC2-8454BFFC5025}

{F04D4328-4631-1CBE-1907-201B33FAF2E8}

{F364255F-18D3-2E0A-6D4D-A0C3FF4A43B1}

{F679D2F0-CE91-93C8-BD2D-062DF04DA0C1}

{F6EF44E0-CA47-4F41-8C06-431C005AAEFE}

{F7FFE175-E3D6-2E86-0226-1D3AE4905E40}

Directories

Adware.Multiplug/Variant may create the following directory or directories:

%ALLUSERSPROFILE%\5e6fb5de08469020

%ALLUSERSPROFILE%\Accelewin

%ALLUSERSPROFILE%\Application Data\Accelewin

%ALLUSERSPROFILE%\Application Data\Browser Enhancer

%ALLUSERSPROFILE%\Application Data\Browser Stabilizer

%ALLUSERSPROFILE%\Application Data\Content Accelerator

%ALLUSERSPROFILE%\Application Data\FastSys

%ALLUSERSPROFILE%\Application Data\Intelewin filter

%ALLUSERSPROFILE%\Application Data\InteliWeb

%ALLUSERSPROFILE%\Application Data\Interenet Optimizer

%ALLUSERSPROFILE%\Application Data\Performance Optimizer

%ALLUSERSPROFILE%\Application Data\Speed Streamer

%ALLUSERSPROFILE%\Application Data\System Booster

%ALLUSERSPROFILE%\Application Data\TurboNet

%ALLUSERSPROFILE%\Application Data\WebGeniuos

%ALLUSERSPROFILE%\Application Data\WebPlat

%ALLUSERSPROFILE%\Application Data\Win sys filter

%ALLUSERSPROFILE%\Application Data\WinSpeed

%ALLUSERSPROFILE%\Application Data\WorldWideWebCoupon

%ALLUSERSPROFILE%\Browser Enhancer

%ALLUSERSPROFILE%\Browser Stabilizer

%ALLUSERSPROFILE%\Codec-C

%ALLUSERSPROFILE%\CodecC

%ALLUSERSPROFILE%\Content Accelerator

%ALLUSERSPROFILE%\Coolyou

%ALLUSERSPROFILE%\FastSys

%ALLUSERSPROFILE%\Intelewin filter

%ALLUSERSPROFILE%\InteliWeb

%ALLUSERSPROFILE%\Interenet Optimizer

%ALLUSERSPROFILE%\Network Acceleration

%ALLUSERSPROFILE%\Performance Optimizer

%ALLUSERSPROFILE%\Speed Streamer

%ALLUSERSPROFILE%\Surf Protect

%ALLUSERSPROFILE%\System Booster

%ALLUSERSPROFILE%\TurboNet

%ALLUSERSPROFILE%\Web Light

%ALLUSERSPROFILE%\WebGeniuos

%ALLUSERSPROFILE%\WebPlat

%ALLUSERSPROFILE%\WebTouch

%ALLUSERSPROFILE%\Win sys filter

%ALLUSERSPROFILE%\WinSpeed

%ALLUSERSPROFILE%\WorldWideWebCoupon

%PROGRAMFILES%\ Mail Checker

%PROGRAMFILES%\ Similar Pages

%PROGRAMFILES%\ Translate

%PROGRAMFILES%\BocaEdit

%PROGRAMFILES%\BocaFunc

%PROGRAMFILES%\ChromeReload

%PROGRAMFILES%\Clip to OneNote

%PROGRAMFILES%\CutterMaker

%PROGRAMFILES%\DiscountCouponPro

%PROGRAMFILES%\Godzilla Shopper

%PROGRAMFILES%\IncludeMaker

%PROGRAMFILES%\IncludeRunner

%PROGRAMFILES%\IndepthEdit

%PROGRAMFILES%\IndepthRunner

%PROGRAMFILES%\PragmaEngine

%PROGRAMFILES%\SoftwareHelp

%PROGRAMFILES%\TerminusSys

%PROGRAMFILES%\TotalComicBooks

%PROGRAMFILES%\TrimModule

%PROGRAMFILES%\UpgradeLeader

%PROGRAMFILES%\Weather Aware

%PROGRAMFILES%\coPuunk

%PROGRAMFILES%\myselfcoupon

%PROGRAMFILES%\reactorrise

%PROGRAMFILES%\toolextender

%PROGRAMFILES(X86)%\ Mail Checker

%PROGRAMFILES(X86)%\ Translate

%PROGRAMFILES(X86)%\TotalComicBooks

%PROGRAMFILES(x86)%\ Similar Pages

%PROGRAMFILES(x86)%\BocaEdit

%PROGRAMFILES(x86)%\BocaFunc

%PROGRAMFILES(x86)%\ChromeReload

%PROGRAMFILES(x86)%\Clip to OneNote

%PROGRAMFILES(x86)%\CutterMaker

%PROGRAMFILES(x86)%\DiscountCouponPro

%PROGRAMFILES(x86)%\Godzilla Shopper

%PROGRAMFILES(x86)%\IncludeMaker

%PROGRAMFILES(x86)%\IncludeRunner

%PROGRAMFILES(x86)%\IndepthEdit

%PROGRAMFILES(x86)%\IndepthRunner

%PROGRAMFILES(x86)%\PragmaEngine

%PROGRAMFILES(x86)%\SoftwareHelp

%PROGRAMFILES(x86)%\TerminusSys

%PROGRAMFILES(x86)%\TrimModule

%PROGRAMFILES(x86)%\UpgradeLeader

%PROGRAMFILES(x86)%\Weather Aware

%PROGRAMFILES(x86)%\coPuunk

%PROGRAMFILES(x86)%\myselfcoupon

%PROGRAMFILES(x86)%\reactorrise

%PROGRAMFILES(x86)%\toolextender

%ProgramFiles%\DeltaFix

%ProgramFiles(x86)%\DeltaFix

URLs

Adware.Multiplug/Variant may call the following URLs:

"Azm9CdOLv

epicunitscan.info

mynamedomain.koko

Analysis Report

General information

Family Name:	Adware.Multiplug
Signature status:	Modified signature

Known Samples

MD5: cb20682af407cca0beb17e9b1814ddd4

SHA1: 033200d6edfd9f591dc0043f2b21fc42bebde5e9

File Size: 6.51 MB, 6510592 bytes

MD5: 3107f21223a48dd519728861e850d6cf

SHA1: c58306db5cd4a768a79c0854a0ef831bdcf3c2ac

File Size: 290.98 KB, 290984 bytes

MD5: 17250ea45ddbee1c344540d16ecb5919

SHA1: 53a639fa6191fda333bfa37022b58ca7305133db

SHA256: DCA81FF0B6B0D092776627A99DE23F554E5C8429573EB5E4079E5960EFE3CC0A

File Size: 293.43 KB, 293432 bytes

MD5: 6fed0103b2821f38d8d473f1014aaa5b

SHA1: 922ff1d8e3a82b1248c5db6e889d180474e2d736

SHA256: 16FEA4F2D490D1FBF062664E4CF74F1057DB0D7EE88562CB72BE43B243A1691B

File Size: 322.72 KB, 322720 bytes

MD5: 2b81cb9fab1fd664b9919081787ec063

SHA1: 9d58563335ecc08ef7db812f04865617272bea25

SHA256: DCBC501780F409FCEADBBA688875B219E9FF46E5FEB757F9B5C7456AB775076A

File Size: 226.36 KB, 226360 bytes

MD5: 351b222482d6b4792bfd18cb064e04df

SHA1: 2e24a27b4a4cbb8a4750e5600aedd26a1d2774a7

SHA256: CED20F24915CC161C287A872697FF7C55BA91C9923BFAC0B3A2CFBA6DEECD4C4

File Size: 322.93 KB, 322928 bytes

MD5: ac492445538892229f4af5b721b76f6f

SHA1: 60210c452b7de2c41ba403047bb30df7d3bce51e

SHA256: 5972586BD676554A642F276ECEA6F0B4E64CAA86985A3B66E84FAF8EA3774A6D

File Size: 331.28 KB, 331280 bytes

MD5: efe1ffcbd34e4c3db4c6382d8dc940d2

SHA1: 2281cb1e8cc93ae1c9e254884dcd07c313c447fe

SHA256: 9509741510AB8DEC7477C155C20AA656263D9409E0FE76FF008D8498A5753141

File Size: 247.35 KB, 247352 bytes

MD5: df717e1d1014ffe06066788b2b3ba1e4

SHA1: 2fd5ff1e9ae7c47b483b0ea0a3bfae1cbee08042

SHA256: 10B038967CD270CAD42EB48735E53BC7CB82BC2457E483A1EA076226AEAC0F55

File Size: 321.22 KB, 321224 bytes

MD5: 2e34a0a253da74147838e8193ed5632c

SHA1: 449e719a5cd36333cd2c82d741c6ac5c004d1848

SHA256: D0B873B94B5555855BDADB544C2AEC1E60A51B35FCD194E613AFDB9C6E388E00

File Size: 1.16 MB, 1161928 bytes

MD5: 71571ec106df90a7eab73a5ebb2a3c2e

SHA1: 21b5e3c6534f3cc2d14fa97726fdf5353e3b5732

SHA256: AD9F04250C2A9F825D505478DACFA81AC4AD3F4E36300AF0E026051C00890491

File Size: 276.27 KB, 276272 bytes

MD5: bb5a65e2343462c648ca50a42b1edbe0

SHA1: 040489136a795e4b20360b49ad47642ba0fb44a1

SHA256: 8EEC8ED24F24418A4D467CA4D417B3CE605F819A3F5C71ADD8F14FC07051C799

File Size: 266.22 KB, 266224 bytes

MD5: 04ef4007ac5173c6805b56444887e09e

SHA1: b4af78354fbd4e40496ae11ffd293890c6bc0595

SHA256: 5C7DE4BBDC1810FBD891AB4A9DC17789557B290DE92DB02B72977A2B999E5963

File Size: 304.14 KB, 304144 bytes

MD5: 4a98bca78a764e016c628339e1fc0554

SHA1: 0f1145c5bc5053d1650b73557157d86f82ed51bc

SHA256: F1C9EE66D79B09A94B24BBECD5080776254C38FA4930FE44C6B3F862B245B0E7

File Size: 655.36 KB, 655360 bytes

MD5: ed20819285a6b237ab3d94ea8c4551bd

SHA1: c49727cf0b784ad67e2bfa1e3665ddf0c2f12326

SHA256: 33AAD8AB18A31AED4F5704368094C18032D992A97DDB5D25F7DAFA1737FDB806

File Size: 203.32 KB, 203320 bytes

MD5: f4ff6f86014e0aa5934c14d012b71e3c

SHA1: e7dcd44d21f0a83fa5f836780de7bccf1909fd32

SHA256: 5FB3BDF8BE40D81A6B8246998E3B7E26B2C94B56EADA3716EA5FBD9DFBDD09B9

File Size: 1.23 MB, 1230424 bytes

MD5: ca20281eec64834f8ecac8b5827442cc

SHA1: 2d2876a678952f449aade97a6aad276b21a1d41f

SHA256: 1354C37B70ADBA649C90E098D14010978E983AAB9D42F547F237A8B17481BE33

File Size: 323.86 KB, 323856 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Arguments	/x
Comments	This installation was built with Inno Setup. WinNT (x86) Unicode WinNT (x86) Unicode Lib Rel
Company Name	Excellent4App GreatSoft PlutoApp Premium Socosokuno Space Physics Data Facility, Goddard Space Flight Center, NASA StarApp Wideblue installer WinterSoft
Email	gsfc-cdf-support@lists.nasa.gov
File Description	Installer Installer for Appit Installer for CDF_Distribution Installer for Excellent4App Installer for PlutoApp Installer for StarApp Installer for Wideblue installer Installer for WinterSoft Kikohe Setup
File Version	2017.4.20.1317 2014.8.11.1240 2014.6.29.1256 2014.5.18.1727 2014.2.12.1452 2013.10.31.1157 2013.6.19.1256 2012.9.16.1145 2012.7.25.1928 2012.5.30.2115 Show More 2012.4.1.2030 2012.1.3.1545 2011.10.16.44 2011.8.24.1616
Internal Name	TSULoader
Legal Copyright	CDF©2017 SPDF/GSFC/NASA Copyright © 2010 Premium Copyright © 2012 StarApp Copyright © 2013 WinterSoft Copyright © 2014 Excellent4App Copyright © 2014 GreatSoft Copyright © 2014 PlutoApp Copyright © 2014 Wideblue installer
Original Filename	TSULoader.exe
Package Code	{2B55C80D-A3B4-4FA0-AD4B-EB96F0B6EAFB} {11E8EC71-88F4-EF43-0DA8-C0D6CA0BCE87} {16D2FFBD-01C7-97B2-7559-49E5CD31DD4B} {19E74EE3-D73F-4B7D-A996-9F1DC2046C15} {78D722E0-B615-8BE8-BD11-B2287CFBD39D} {562FD82B-432F-3DED-DF06-0B0D8DCCFADD} {8587E0EE-9F43-4031-5C48-636B4BD901C6} {32039087-5C03-4EB4-AC5F-1421E9E0B271} {B19B23E0-2A48-41E1-A30A-626A6A780116} {C69D27F6-9547-402A-A2C1-DD651D7E0500} Show More {C80CDD88-8C55-BFD5-5D3E-C47713EFFF7E} {DFA08389-89C2-63FA-8111-C1E00443A17F} {E706B53A-F0E9-4AA4-A84F-B8CB3CE597CC} {FCE9D83F-680B-5140-67B9-6C36F8C52942}
Product Code	{3C7BB346-60EE-4A4F-BD08-119A67490010} {9F4F7131-B49B-4521-91DA-ECE2C1E54741} {226A7CDE-832A-41ED-B31F-5478E8FDA384} {1298F6E9-9E4C-4B3B-9549-0E50C623D394} {16782E9C-E344-47BD-A045-B9BA79870632} {C1E28B35-42CA-43F0-8B8B-85F6E7255916} {D42AE7DD-299F-4F45-AF04-EDD907DDD671} {DBB02F63-2284-42AA-B1BC-F2912BC5B32B} {DC4124DE-16EF-482C-83B2-19E16FF65068} {DD327F91-365D-453F-94A9-06FD674D7EA0}
Product Name	Appit CDF_Distribution Excellent4App Kikohe PlutoApp Setup StarApp Wideblue installer WinterSoft
Product Version	3.6.4.0 1.7 1.0.0.3 1.0.0.2 1.0.0.1 1.0
Web Site	https://cdf.gsfc.nasa.gov

Digital Signatures

Signer	Root	Status
Artua Vladislav	Artua Vladislav	Self Signed
Stanislav Kabin	Certum Trusted Network CA	Root Not Trusted
Stepan Rybin	Stepan Rybin	Self Signed

File Traits

HighEntropy
Inno
InnoSetup Installer
Installer Manifest
Installer Version
x86

Block Information

Total Blocks:	27
Potentially Malicious Blocks:	8
Whitelisted Blocks:	19
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x x x 0 0 x 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Autorun.X
Delf.EA
Multiplug.J
Parite.F
Parite.P

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\033200d6edfd9f591dc0043f2b21fc42bebde5e9_0006510592.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\040489136a795e4b20360b49ad47642ba0fb44a1_0000266224.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\08966b1d.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\08966b1d.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\21b5e3c6534f3cc2d14fa97726fdf5353e3b5732_0000276272.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2281cb1e8cc93ae1c9e254884dcd07c313c447fe_0000247352.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\27bcb425.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\27bcb425.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2d2876a678952f449aade97a6aad276b21a1d41f_0000323856.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2daf2823.dat	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\2daf2823.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2e24a27b4a4cbb8a4750e5600aedd26a1d2774a7_0000322928.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2fd5ff1e9ae7c47b483b0ea0a3bfae1cbee08042_0000321224.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3d8518e9.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3d8518e9.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\420e9d67.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\420e9d67.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\53a639fa6191fda333bfa37022b58ca7305133db_0000293432.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\60210c452b7de2c41ba403047bb30df7d3bce51e_0000331280.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8031c8fa.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8031c8fa.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8c5c9013.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8c5c9013.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\922ff1d8e3a82b1248c5db6e889d180474e2d736_0000322720.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\956ce1c1.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\956ce1c1.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\9d58563335ecc08ef7db812f04865617272bea25_0000226360.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_tin7cba.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_tinbc94.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4af78354fbd4e40496ae11ffd293890c6bc0595_0000304144.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\c49727cf0b784ad67e2bfa1e3665ddf0c2f12326_0000203320.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c58306db5cd4a768a79c0854a0ef831bdcf3c2ac_0000290984.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\e65a7844.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e65a7844.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\fc369657.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fc369657.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-0fc8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-0fc8.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-1134.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-1134.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-14dc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-14dc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-1704.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-1704.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-17e4.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-17e4.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-1aa4.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-1aa4.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu4c13f529.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu4c13f529.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu561a3731.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu561a3731.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu5cf91ea2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu5cf91ea2.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu6a3c0825.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu6a3c0825.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu83c3bc4e.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu83c3bc4e.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu9bfb70d6.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu9bfb70d6.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsua350e718.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsua350e718.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsub2310cdf.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsub2310cdf.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\custom.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\custom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\custom.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\custom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\custom.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\custom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\custom.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\custom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\custom.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\custom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\custom.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\custom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\readme.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\readme.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setupx.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setupx.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.ico	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings::receivetimeout	⟀	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쉓኷᠌ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	弼⥌絳ǜ	RegNtPreCreateKey

Windows API Usage

Category	API
Service Control	OpenSCManager
User Data Access	GetUserName GetUserObjectInformation
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen
Network Info Queried	GetAdaptersInfo
Process Shell Execute	CreateProcess WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal win32u.dll!NtGdiSetLayout 62 additional items are not displayed above.
Anti Debug	IsDebuggerPresent
Process Terminate	TerminateProcess
Network Winhttp	WinHttpOpen
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							C:\WINDOWS\system32\cmd.exe "C:\WINDOWS\system32\cmd.exe" /c "C:\Users\Nrpocdbq\AppData\Local\Temp\_tin7CBA.bat"


							WriteConsole:


							WriteConsole: C:\WINDOWS\syste


							WriteConsole: md


							WriteConsole:  "C:\ProgramData


									C:\WINDOWS\system32\cmd.exe "C:\WINDOWS\system32\cmd.exe" /c "C:\Users\Wlpteims\AppData\Local\Temp\_tinBC94.bat"

Adware.Multiplug/Variant

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Adware.Multiplug/Variant

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed