Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Autoit.Generic

Trojan.Autoit.Generic

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 128
Threat Level: 80 % (High)
Infected Computers: 214,454
First Seen: June 26, 2015
Last Seen: February 8, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove Trojan.Autoit.Generic

File System Details

Trojan.Autoit.Generic may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. sstr_up.exe 67e42eb7863156b2dc3303bdd6c209fa 359
2. Reader.exe b99dc5f10b63b59d4554063b7dfab2f3 218
3. Word.exe 003ffcb275316486eb190874d69d4187 77
4. rundll32.exe a37b794a8f5af2c04a28612c1afe2956 70
5. file.exe 994960542c8ffd73532e889700b57e12 29
6. 822e58e23c948c4e88983c2fea4fb0f8c0531da9a1bce950c388de58819a21a1.exe 00108fd3abd4445aa017bec120479139 10
7. New Folder (2).exe.vir 35cb5a8861275f735bb7e04c9e2bcf43 8
8. RemoteAppLifetimeManager.exe 5eccfed3f4c7bf9591dac2f859c7c611 4
9. lsass.exe a357efc7b00b10631c41380e1b995a81 1
More files

Registry Details

Trojan.Autoit.Generic may create the following registry entry or registry entries:
Regexp file mask
%APPDATA%\Google\int\one.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\RmClient.url
%WINDIR%\killer.exe

Directories

Trojan.Autoit.Generic may create the following directory or directories:

%APPDATA%\bcryptprimitives
%USERPROFILE%\Gu73246B57189

Analysis Report

General information

Family Name: Trojan.Autoit.Generic
Signature status: No Signature

Known Samples

MD5: b50d9664989dc95bfc0d665f8ad4488c
SHA1: 5c5c44c036f1fada9ec018a2c3d37f2a1c11ae4b
File Size: 961.02 KB, 961024 bytes
MD5: 4fead9dea67c50b6378e2ae16c39011a
SHA1: 3df12035269aa4e71d54b410478a84ab04b4b59a
File Size: 961.02 KB, 961024 bytes
MD5: 9046de0e91565c02a0511a453e1222cc
SHA1: c5eca5b34765561d2dc2c6b4f58ab9fbc76c9cd8
File Size: 885.76 KB, 885760 bytes
MD5: a4a769492240a0c7081a727a0a42808a
SHA1: 287db7bc3cbbe21988f3eefea04ca68a48fb4511
File Size: 2.36 MB, 2363664 bytes
MD5: 0c901a21b15805acf3c6f02a341c928f
SHA1: 3ebdedab370dbc225258cfd55996d2749f1c4678
File Size: 9.60 MB, 9597341 bytes
Show More
MD5: c4ba4fa78053c2ab884dc439ab781804
SHA1: a50a80c298ef9933204c69346307620830764af2
File Size: 943.10 KB, 943104 bytes
MD5: 83c4aff9559e0ed816bdaa5207a12510
SHA1: a3ec76471ca704e27a8a1f11759ae31593e697e6
File Size: 961.02 KB, 961024 bytes
MD5: f087517487d2bffc0b3d594118a669b8
SHA1: c45e8a6e806f2f159a98ffb5236ca33353985d85
File Size: 1.75 MB, 1751320 bytes
MD5: 0163fdfbc0618d865ede93df8a36cd46
SHA1: ea3e916d44939a36ac341c8a5f86f9aee7231120
File Size: 1.04 MB, 1037824 bytes
MD5: 172817ab7cadcac248209e7cf3af2bec
SHA1: 7121890ca4a477e6d72c4982aa9abd4e7063995b
File Size: 9.43 MB, 9429362 bytes
MD5: a965051191c7be1dae45e49a07c78d80
SHA1: 532db086411450fcfd436d7f3dd28a564429d912
File Size: 556.55 KB, 556554 bytes
MD5: 7612c395a9ae899288907ce12d9f7ca8
SHA1: a8c279e460a057b69e8dab5a58c2d7a423c1df67
SHA256: 2257FC4DF47866B35472E3A5C5941D849A63ACE4C72DA2B61A06F3C3FC9ACA69
File Size: 1.34 MB, 1339736 bytes
MD5: a9d630f49083c9ff2bd47099fafee113
SHA1: 6718108def95766906f22ac2cf0fed2120c8917a
SHA256: 4ABD83C93C35C2C1B27C05F109878A4D96A554055BF25056E5ED29653829B7F0
File Size: 1.41 MB, 1408455 bytes
MD5: a4dba8c9ebddae425d14d5f3911bf583
SHA1: f5031c877ba6e3a4b67508d7d59cbf04ea6e6c06
SHA256: 22D7803ED1D8E430EDE1A360FDD1C1B2882A2503468E72F92D8B926C18CC2E25
File Size: 1.30 MB, 1303040 bytes
MD5: cf75b3848e2a68c094f94330f174b21b
SHA1: 6165b0a41bb25428f68a4fa7a9626cbf039472c3
SHA256: F4E4835C9C9DF1ED9BC8409C74BE2F886955058B626C3042DFFA1D1858175641
File Size: 1.13 MB, 1127112 bytes
MD5: f5e0dbd3de8c5c2d287a326cb72d06c2
SHA1: 17c4b9812282c39c7fe38b9fafc1c02ae84f0e90
SHA256: E6AB0B13516DD3B0F30DCC220D9F3748C34DE186ABDCB08F79116BEC6842C350
File Size: 415.57 KB, 415569 bytes
MD5: 16434227f3758e8801431fdd0d39d21c
SHA1: 0bce6937e2d9078ce032c9cf5a5e1df7bc76b570
SHA256: 00F752D33F3F8140747DE6CCD2E3D10D42AED7A2D3B31082B40C9B515A03D465
File Size: 1.19 MB, 1192448 bytes
MD5: 1be4213d807696e0b8588363604986ba
SHA1: d98eb66f6d54dfbfe617ff11f53d5890e3129e13
SHA256: 0B7EFE51AF53C0FB744DD4D275692BC1842FE55E4248A504EA08EBF9D6DF267F
File Size: 2.70 MB, 2702848 bytes
MD5: 765795b07f59cf45bb3d94f2b93efc11
SHA1: 558817d4059f669b5618bdbfb1e2fe8f69ec6065
SHA256: FB6323298F80FACE7C4DAF3E70CDAE29091BBB924FC3F117045360C3626C82DD
File Size: 904.70 KB, 904704 bytes
MD5: 8d0f3f7e9d4d2c1dfd8506f36e421ba5
SHA1: 63f40b8592db6707825b221105821ae0e78d8e97
SHA256: F5A76FFA6A4A8F9499BB8789EA5D8CD231A38165A0C2E625FE1E17B018E52C94
File Size: 2.17 MB, 2171392 bytes
MD5: 6261eeae5985b3701a7600199a9896cd
SHA1: 1f60a781c6f2d994608b79a3a501cc5dd1be83f0
SHA256: 10FE23A76875727B473CF13C70A08596BD5D1C9BF9E571B16775E27229802C22
File Size: 741.89 KB, 741888 bytes
MD5: 09d1e7806cd03392a2414b86f2edaf2f
SHA1: b7a4ecf47381f864b6d0fc9f8a8f1bf1db4a2c4d
SHA256: 0F841926B098E8FDA68A0EDA90A4BA6854E40B639005CF57557A4EB09ED2E10E
File Size: 1.68 MB, 1677312 bytes
MD5: ad48aaae0dbccfedb40b5563abb03e7f
SHA1: fbc0ba85e83379d8b76ddcc6f90af5c5b24825fc
SHA256: FABCD1AE79F25A4AD407E40E22DF8D285AE68829E4C40FB2ECFD0A2E7F281B75
File Size: 1.13 MB, 1134080 bytes
MD5: fbc0fe2bcf075785d80f79150a4eace1
SHA1: 6680e7732ca668df1741f21ee0547e62fbe99ac3
SHA256: ECD86CC9F0232289DF2F420E0C9A2CE705A666FE28BFCC70959F2021E50BDB47
File Size: 781.11 KB, 781113 bytes
MD5: fe2873e27f002c7f89ec31041eb51add
SHA1: 4f11f4dd95bb7a567ae4259026bf19d71abb67e7
SHA256: A451800B4DF646B8BF9CA894506FFA1A367C38476D36DE5E0E4B34A8145EA638
File Size: 347.65 KB, 347648 bytes
MD5: a1c7eec7aa1f07bc0c4cbcd4190c0f3e
SHA1: 092c0929db56d1318aa31a09d0a6520a26381489
SHA256: 4E2CA8E5BA3A4A0EB0F9559CC72EAA4E71022A706606617CA8382CAC7C50932B
File Size: 2.67 MB, 2671559 bytes
MD5: 005a434d81a926191ed45373e00c517a
SHA1: cc64a77dce7e5e41267625ac04b8dc8c3a1d2160
SHA256: F911F79F6CCAEB8891449B839A13D1775F210183778C25C77787DB52BF638CFB
File Size: 746.50 KB, 746496 bytes
MD5: 27294a880b23039fd65f7e697890fdd5
SHA1: aa9123e28c6cd2bb96c5bc5619e401930d2e173f
SHA256: C1CBD625AC016146BEA64CBAD43B9B04849AFB4D1D3D3A36FAB508E254EA1176
File Size: 868.30 KB, 868304 bytes
MD5: beae3bef5730c2b8f80775a37ec49e08
SHA1: 5ed5a47a10249e493e7f9819cf69ea6929436836
SHA256: A3701FB120B8BF03636784197B6584ED43B3A18215B27B4C8D85B0EE5F415BF7
File Size: 740.35 KB, 740352 bytes
MD5: 96ae4fd5e3c30ba268a504da5875e7ea
SHA1: 068ca1243e8eb5905a8438e30073cf7ae762bb50
SHA256: B58A443DF50E510B7CE1123984233DDA413BD65C1DD090F555677C51CB3A737C
File Size: 987.65 KB, 987648 bytes
MD5: 3f15c19db3bb449ca6634a317a1ecbcd
SHA1: 95dbda56d342964b405741c9ac9efecdc374f7cb
SHA256: 6072A391325F32735AD7BE54877010BE993172596EFA9D2F43AC6B69C8A26EEE
File Size: 1.10 MB, 1097728 bytes
MD5: 7d94c89bc97c68ca92582a63158120c3
SHA1: 406c3d06e7560052f438b6b6b73531b109ece412
SHA256: 4E34F774B67CDC663F5697C14D11B6F7FB143F3B30B5E5D8187AE4546438A723
File Size: 5.95 MB, 5946168 bytes
MD5: 2d1c9bc33b975786740b58bf50275823
SHA1: f37f7d3ff04fe95c473d76ff15a76422b78b776e
SHA256: 2CAFB6F4DDD63DF0B7B3DAADB615DA0FE9226E3D7F9288E038186F7AFCC26E56
File Size: 6.51 MB, 6513288 bytes
MD5: eb56f8eab89368c6d6071ec51b1b6ab4
SHA1: 430402c5316fdc332094f2f94c29d5894997bc9d
SHA256: F0A541145011FEFB02641F999CA3CF835E328591BAD8BF7B8E61DEB69ED45CBF
File Size: 725.12 KB, 725120 bytes
MD5: c4ade1bb137479aabdd736eb0f4fc71d
SHA1: 464597677e08b5d62cf74dd9acf1b65b287ff6e8
SHA256: 4C154CD99A8096FDBFF0D43A7BF63CDEE1B237B4CF5374949F98503749AA0816
File Size: 587.75 KB, 587754 bytes
MD5: f30e41ef39a6ae59ad6e3adb33d1124e
SHA1: 1218b2204f1023cdb66eb278593ef6b6f7eb1ae3
SHA256: A12691412020F9F63F52B649F2E873E033381C8E5470758D971F30DD64A36F20
File Size: 1.27 MB, 1272832 bytes
MD5: 3cb7d845c9fa9d5b10120dff49df70c7
SHA1: 2cd33c49281715ed3ed18b31bfcd85dd5d976816
SHA256: 74FACBEA33B7572D8D5EE21F4AAC00C4A1025AC97AEC242F447272930DB4C5CA
File Size: 296.54 KB, 296539 bytes
MD5: 966de6e9ea82e69c3911f1e992ec69d1
SHA1: 59ccf12e3bd4ca2746f9408af1227fc8d6de1dd6
SHA256: 12C5294351D87A55D7898F13F8155957F4BAF84CFD8BC314824B70DCA44EA8CF
File Size: 977.92 KB, 977920 bytes
MD5: 2035fb41af07c39d1d7e3e94850c0d31
SHA1: aed9712cad4b4122bcb4a09a4b33458e2a6e56ca
SHA256: 5C9CF20786C70C5928D088DD978E94C3EF4D2FBD429D659FA6F761527586B8F5
File Size: 8.60 MB, 8595968 bytes
MD5: 5a7c79a55e60c47a4987f8cfc9024416
SHA1: 2735f507b2b0ba7fc25134767ba2c942f3de660a
SHA256: 6E99D426B4A8335D1D9CC737EE278020288AF8CD2CD5E761C46A0292675CC453
File Size: 1.30 MB, 1295354 bytes
MD5: ec6afe294be7e5e46e571f45441b025f
SHA1: 446bc47ab3576b9a598b0d89ed37395a14f48339
SHA256: 09B03E09CA430B031DEB92221CB89477D3A4164AB93658C9BA3513CDCF40F1D3
File Size: 1.07 MB, 1065984 bytes
MD5: f86c99412cf7e6c5c1ec4f68dfc30c99
SHA1: f37dff16a09cb9c24ff183fa1b6f8c09b677a406
SHA256: 8051F2A732FB1B30D445B31DDAF1F1421988658F621C8729FB87B7E8700274D0
File Size: 791.90 KB, 791901 bytes
MD5: 1c22404c17acc4fd814996d268c5fa12
SHA1: bfcf6859b1ebc7e8e8535d64f6c39969de9748a4
SHA256: 721D6195C03E8EF99AD03E9C0F843B3158E989DD727232FE1AF099C8749542F6
File Size: 1.31 MB, 1313280 bytes
MD5: 4d213428ed7221d17c5f5819b8d9f281
SHA1: 56f3a8734c6f0cdd6fd08fc4b8ec0d6827d693a6
SHA256: 57E3EC2E1DA0CCB1C431AE8B8F557EEECBED1149878F0868D47326D371B68575
File Size: 1.17 MB, 1165824 bytes
MD5: aaffd5f5d6358676ac703645cfe6dad0
SHA1: ab934f3dd4be635a1e95fe27a7d03cdf4ff3b6fc
SHA256: 3E15EBB74054D6FB7A73970AC7B4F6D580971A11D358A508F6F7A520D37DA882
File Size: 1.76 MB, 1763840 bytes
MD5: 5bd8d19363b4fa57963b5bfdef19c4b9
SHA1: f3ad28673c64937448ecbd6d5338898db69970f7
SHA256: AE60792C0299C0CB36D6FC3DC119E54E7DFDBDBDC35EEFFF22627BDE4AE1D294
File Size: 641.78 KB, 641785 bytes
MD5: 87aa920ef26d486a52158f98b9dd0413
SHA1: 6f06eec018083fd37febde493234d43c90434b98
SHA256: BD34F6534B7162A41D3D00F2F6C790BFB9EE18D98F466CB67444D1E95D307D24
File Size: 306.48 KB, 306479 bytes
MD5: 483ee2f4bb42c500fd8d153af5451f6e
SHA1: 762ef35012ea74586382c2fa8286af54af17a5e8
SHA256: 844588C37D05796BC31F411DC889EF78B5B1AF042BAE28714FEEE2397848590E
File Size: 1.50 MB, 1501288 bytes
MD5: a0aa6472d661f9843e56d6f512ea8480
SHA1: 8d9c29420033da3a5854721b8f67336ffc2d5c94
SHA256: 572FE8BDA34281543D6CCDA98434FA55FFE5CD7D0E942043722FAE4E2D1E5057
File Size: 309.06 KB, 309063 bytes
MD5: ed6c6894baf03191044e2b976c545b36
SHA1: a7dcdebd1b3ac03a8e48083d256b35a61ed2f78b
SHA256: 59EECE9E5811E6A1932F06D560FE6145909198BAD24A4E9E9E81A2CA4B1ABD93
File Size: 988.06 KB, 988056 bytes
MD5: 2b5b3095e0f1dbbb0f54bb8441b9bb02
SHA1: 7b38532c13a8121eca953183b213dd8cc50a4ca6
SHA256: 31FF81A0770EE041DC6069A746247F31B4361EBF4061545ECB83BF45DFE235EE
File Size: 502.06 KB, 502056 bytes
MD5: 82bdec82a3c7bd767f1f22fe60f98bcc
SHA1: 2733670fe738068ebe1583f5a414fe04c1908de7
SHA256: B1558B7CF37E7EA3D850A5029DDD6EDCD1F257385FFDD2AEAED52038DEEF0C6D
File Size: 803.06 KB, 803064 bytes
MD5: cfdc43a70e8a71093c9045a08f8ba640
SHA1: a28aa4474ebcddc94acd26409b41cb05450be876
SHA256: 7061415D5F46EAB48BBD5679BEC36D61198A5E3D5E1CAD736F2DCB756EBB9233
File Size: 2.75 MB, 2753536 bytes
MD5: f8499b80cb780c456d723726908366f1
SHA1: 03b405c8ef12e2b4647c48a1a7a9164c813500ae
SHA256: 04477DEC7B79ECBADA810F57896F41C463450D86D04E2946F6DCA57D55E02DD9
File Size: 847.87 KB, 847872 bytes
MD5: 303aa5c1f651d7f0e7685cca947af7d9
SHA1: 60ce874b9fedf454df0a2771362ec917c2b972b9
SHA256: 3618BAD5A85AFF1ABBBE33036974A5CA5FDE8F1E42250B85D1CDE82545F296B5
File Size: 1.98 MB, 1976320 bytes
MD5: fe6a62df779a878581115439a028aead
SHA1: 943c66ed5e409107b897f9153aadee520f588311
SHA256: 6C98DD2EE49147C27D2150E2C8AC119DA7F9E65DFCE7E7CDD0B4BB0E23026FB0
File Size: 906.24 KB, 906240 bytes
MD5: e04908be6d7e8e9dcb53484da69c3fbd
SHA1: 4866c3c05d8d5d42239d3e86cd30900efd73721b
SHA256: 78B97B7A6863331C00DE07C7CA1839038316BB4DF9566CDB675643F906256F80
File Size: 1.31 MB, 1313280 bytes
MD5: 1c78c8ab4cc5ef3b9ddf667ec78b40f1
SHA1: b5fd98b82cc7ad11ebea7089250dff28f3f04b4a
SHA256: D41163F4BD9A21BE93FF60AF1DF8305FC1D521C7AB5D3E0A451AD1A0C64F6CAA
File Size: 1.43 MB, 1432576 bytes
MD5: 29b024294a534ed54d06c3858fce78fd
SHA1: 6e9bc894ba934f5ae2ee3acbc0052be24dcb2191
SHA256: F6A42A6579F69377CFCC0DFAEDEE6504DD8F476CD441EE17BD06D3A2A904AF2C
File Size: 522.75 KB, 522752 bytes
MD5: 1ffa58427b1f18765a3ed77b8dede704
SHA1: e05da8f001237e2b85cec20465265cf6590f2de3
SHA256: 799850456417110F80100CDF3B236AE515EC76F646B47AB103291EFF899F962E
File Size: 9.69 MB, 9691136 bytes
MD5: 15f5816ffb1acd8550c8625470a4c72f
SHA1: 8f9037b9df6a5eebcf0d946778a0ef989e99c55d
SHA256: 40988506FCC6A8DE335A7D6313D639EA027EEA3CF2DEA255BC2C323159812E60
File Size: 2.36 MB, 2363720 bytes
MD5: cc210aba1f7c07d8cb7ea45faac54b20
SHA1: acbf473c349a4cc3eca956df45485c1dde3e4c14
SHA256: 4366420EA109BCB0651C1BC57F21EDC0DC5A68EEA83820BABB6176AC57FFAD74
File Size: 9.48 MB, 9477640 bytes
MD5: 3624b81596b1d43c7483ed1cc39ae34f
SHA1: 5a776273fac4dfd84220f8e3df677757b6874dc6
SHA256: 276B63FAD8B10924FF9D383DA792B3E7115268F1F26478F6E340BB6DDC4708C2
File Size: 1.30 MB, 1299296 bytes
MD5: 84206e506653bf795de6a1a5ea0fb29c
SHA1: 8420a09a89a481b71cd385860ff775f29fb709fa
SHA256: B6404D381F34E865DFB26FD3186AA1171A04F820C6CBE2A369CC0E0F88090288
File Size: 1.17 MB, 1174016 bytes
MD5: 5b1349413b048afed03097f7f8de1785
SHA1: f3723788c18367e224931208f2bf4fdda2a5df73
SHA256: F4B913E8F829879BDEA30F14E0371A51BA844332CC374D87AFFE8D1ED791D295
File Size: 941.57 KB, 941568 bytes
MD5: 77b74b61277870971822bce97b4d7d39
SHA1: 637a25739faf29b22f55b9fe52e18a905cda1449
SHA256: AEDBC1364BDDD4764E0DBA6D8E7281459BB478E11A6FBE3BFD6DCA2A1042F46D
File Size: 7.82 MB, 7824871 bytes
MD5: 03eb6ca621af04300e70718e77720689
SHA1: ce5976d60fb3282746d754dee85b69ca15dc8cf4
SHA256: 861796BE4EBD91031EB6B9F6081F51B6591229B4E01FF9BA35CEF4D0C181DED2
File Size: 464.90 KB, 464896 bytes
MD5: c4ec9e3cd258713305bb95a5b250d84b
SHA1: 104fa789718e82e413d3a8a32f76b82998e62621
SHA256: 7E08E88D24B0E7250921D1DC3F58D89A5865187957E8FD2ED73C5EB22DB91712
File Size: 1.94 MB, 1937920 bytes
MD5: 9081ddab7aa9173b3efbfd90584433d7
SHA1: 46a6335c6ae83adf3d4025ab7c4d2c7f54ee1ae3
SHA256: 2D4AEAED0B731968A97DCF898DEA70DC76913C628B267082B3EDE67E368BA259
File Size: 1.26 MB, 1255840 bytes
MD5: 8a3035d8c9a98077c78ace4529a65a65
SHA1: 7ab1f82486966c7bce5a94ff4b302ab3bf7f17ef
SHA256: 6AF8CBBFB6ECA50FA08B9E9EDA309063D231E8D1CA66FE835DCCDBF32BC3F543
File Size: 1.31 MB, 1313280 bytes
MD5: a303b7f00cca6d8488a57ac2d91b5e8c
SHA1: 09a35daa097dc506c76cd1850df829b734cc7412
SHA256: 5E456B9E62A9865FB614FC2FAEA78BCE24F067B814D67D203C489580035EE216
File Size: 2.12 MB, 2116608 bytes
MD5: edb484843f2a865b47795d9356f1d64c
SHA1: ce26684e2346954bf81a745ec4b48d91298b6002
SHA256: D910AB419288F00DDC8C408985717246D0A4E8E69CA2313A08BA004F0D3940CC
File Size: 4.87 MB, 4867376 bytes
MD5: 86955827b7ecf606744d83ab9ee685a1
SHA1: 1ca5ff15296bf39c769a027af84a497e29b397a4
SHA256: A29B655129AAEC8F64B2010C4B1830710EB0707248D0B8F950FA57B8A1327495
File Size: 686.85 KB, 686849 bytes
MD5: 69ba4a846ef691775214c84b630b0732
SHA1: 538f68a87aeff622189e250e55df8d9bd9b501e3
SHA256: ACFEF213187DBD8FAD9005AE34BE5E609F8936F9F81E613E2792B909B0324868
File Size: 461.98 KB, 461983 bytes
MD5: e558395c78d9759f2678b58b14ede5f1
SHA1: 6d274b7552bb60c65e880fa9d85d4fd341011e5f
SHA256: 5EF70997E62A2E774CC74E4A2AF12711879F7F9E34CAF55C9C6DDC5808F4FCFF
File Size: 2.72 MB, 2717896 bytes
MD5: 508f8e47b2d19c021c358169812a7af2
SHA1: dbedc185276af41f094549c668e7f13ccd8eb53c
SHA256: 22CE953DAFA76B13C6F0C72BF9E2975611CCA4D501EA3080E105ACDF14937BCD
File Size: 655.87 KB, 655872 bytes
MD5: a3e39ae220c7165242cce7fa62ff4ab9
SHA1: b76e4f0ad914b7c889e4d8a37f0918c44fee2c0b
SHA256: E6BAE74C78F0DF743AD98FF119D39CE1890039AEED8F8FCCC695F89D4005534A
File Size: 1.25 MB, 1254400 bytes
MD5: cbcf52d32e5fb6b5fc9988b0cb64b985
SHA1: c0f23b003c33bb6b891a1406774dfd4fa02203b5
SHA256: 306AD00E9EA8082F68A815B69F3A01676FB7D7356DF337ACBEAD989EBBD7C90F
File Size: 3.61 MB, 3605504 bytes
MD5: c6baae75d6b03ff5bc33b52823af2458
SHA1: bbea0729d0b9748f4d3f9eac56880a54e295b5b5
SHA256: 03DBA774672D13EAA63AB340C42CBA64F5769D994E5A97FEA2AF69A67CBF6EC9
File Size: 6.27 MB, 6272493 bytes
MD5: ac9f3006000a97f529777fb08e60e833
SHA1: 67f3a9572e385f3b20666004ebf72652d4faaa85
SHA256: 104614F99C9457456BE5386AE5E03A493EE5A2CFD24115D59961CE109FBFD6AE
File Size: 3.02 MB, 3023360 bytes
MD5: c06b72f253342dedde16d373ba619ec1
SHA1: 48657fd931a62e40283139d9176985c094205501
SHA256: 07A8A3465BDE0C9E83B023B7C8EF61318012D9749457C789F6B1BBBC2DC28EE2
File Size: 2.19 MB, 2192896 bytes
MD5: b82dc04af5c3bb45f37f74caea123df3
SHA1: 793cab1f41a8e844177acf0a311c866a991f8a37
SHA256: 1D4CF18198B63442C9FA715E79328834FAF93FDD54ECED1B4628350ED16F0A91
File Size: 1.57 MB, 1569792 bytes
MD5: d3c7d070ed7d6211341c9eeb67e4fa32
SHA1: 922b9ef56a5016342923da52aede987bf5d3704c
SHA256: 3B2ADD46D838653A9C3CA4E5F691A030E5FCB1F46F4930CA8F8B5E3E1C521056
File Size: 1.04 MB, 1043968 bytes
MD5: dcc67db396698db313532aeea45f0adc
SHA1: 21d18d729fcfbd06a13a4516b9b8bf179a80a741
SHA256: F8AFE6548E0D8F89D2AD8566B684285471DFE708D586EFBED2CDFAA3CA6F39CA
File Size: 919.04 KB, 919040 bytes
MD5: 985d5b1dd2ba9ddb1c6fd920aefeb253
SHA1: 34c1e3f69f13a4ed01190a3e9317df1fc93711a2
SHA256: C7E96B12150EE70E53EE285EFA9BCB052817D9305438990BD13FCD9DCC8CF15A
File Size: 1.76 MB, 1755648 bytes
MD5: 1359d32a74ae1388e5cbd1612b99d205
SHA1: 61ccf9c34b26c74eadef5fa866fb7c60cb863fc0
SHA256: FE0A4F3341710015F29230A4C6468E9228C277F4BF727E307EC9BAACEECED5D9
File Size: 1.37 MB, 1371136 bytes
MD5: de0258c80214c9a9044e84fc69e91c12
SHA1: c607d1fc3dfb2cae32134493dea093a0ec8478bf
SHA256: D8794A57A51258CC574B76A10B5C07F50C3231D2AE6ADE8FCD4EABE6C188D3D5
File Size: 1.13 MB, 1134592 bytes
MD5: c112d912df0421adce768cb7cdd5399e
SHA1: 14d35f78c1416229f0c0cf7eda8c4aa59d6eb9d4
SHA256: 61006529B1FE8225FC767C5B58EEE2F917FE8C38DF597177F1168E5C29D55F0C
File Size: 1.72 MB, 1721856 bytes
MD5: d624a92ed7a03b9ac17e0556167cc30c
SHA1: d89f26adeedf9e469071acc260a8af9eec76791d
SHA256: 7A65A50F2DBCE90CF0A00E661C46C1D79BAE424767BACB185E2BA29898894C14
File Size: 9.76 MB, 9761280 bytes
MD5: 533663e6aad1a5d21d4a27d50cf81ee6
SHA1: 34e9f6934ffdab3688b6d205251757d4007f883c
SHA256: B71DCE75C9903DA48857CAA908CFFCE5CF107A71B7BF42CA3E068001BDCE8B7D
File Size: 2.57 MB, 2567680 bytes
MD5: 3d3a42ef3bfeb5e70425073192450aa5
SHA1: 280fd59f1625d8ccc777687769de1144b3b62100
SHA256: 29F41F3F4B3AD50AC247D934424152E39E98454B8FDAC20B7D38EAEAA3301621
File Size: 2.03 MB, 2032640 bytes
MD5: 7edc9c4a6436631a5f641a4d7c7b9870
SHA1: bb00c48fe959fad0f7dd2a0aa4d89fb030f1b2a4
SHA256: 9122DA559A6743E09B5731AEA35F6ACEB398B1A6B1ABBA804CC505658E82EF2A
File Size: 1.62 MB, 1620728 bytes
MD5: 4314b4c490a5212106bdba4a902141a9
SHA1: e222bcc95030be84339d97bef2406ada8e1745d2
SHA256: 81E4368039F7D19756C5EAEC5E5B07A902B75C3E0B31A69D0C3FAE56A85EC7C1
File Size: 1.24 MB, 1244672 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

208 additional icons are not displayed above.

Windows PE Version Information

Name Value
360驱动大师优化版 AM电脑吧制作
Auto It Version
  • 3.3.16.1
  • 3.3.14.5
Build
  • 2012/01/03
  • 2025.11.28
Build Date 2019.11.03
Builder Admin 19:37:28 30/12/2022
Coded By
  • Alexandr-Pessimist
  • Pre2.0 Soluzioni Informatiche
Comments
  • 6TSa 6qLIc6dLY
  • 360驱动大师
  • Acronis系列软件WinPE版安装程序(Modified By SpadeK)
  • Button For creation and job with 7z SXF archives
  • CLiTg8Cvp454Abxw9dVmqBsUInSQrTZiOfgZ4ygq39RYlSaahQpfmwNnlae2EcXYecD63VErK5aOQ
  • Compiled with AutoIt 3.3.14.2
  • Delete all removal tools
  • Design Diagnostics
  • http://www.autoitscript.com/autoit3/
  • https://www.premereinvio.eu
Show More
  • iSeePassword Windows Password Recovery
  • OnePiece DX Tool
  • Pro Evolution Soccer Video Converter
  • Restauration de paramètres système par défaut
  • Tech Control
  • This settings application will allow users to easily change what splitter is used for specific filetypes.
  • This tool used for work with MStar SmartTV\Android firmwares
  • Utility for configuring Defender antivirus on Windows 10
  • Utility for hardening Windows Firewall
  • Windows11 Tweak Tool
  • www.opautoclicker.com
Company Microsoft Corporation
Company Name
  • ...
  • 4PDA users
  • AMpc8
  • Company 'gora-sah'
  • Desktop Switcher Data Model
  • DTL Technology Co. Ltd.
  • DX
  • Farbar
  • HanGulHwa.Tistory.Com
  • iSeePassword(iseepassword.com)
Show More
  • iSoft
  • kernel-panik
  • Microsoft Corporation
  • Mole, 2018
  • notepad
  • Pre2.0 Soluzioni Informatiche
  • Rifbot
  • Shark007
  • U-Haul International INC,
Compile Date Wednesday 21 January 2026 08:23:17
Compiled By Compiled by SFXMaker
Compiled Script
  • AutoIt v3 Script : 3, 2, 12, 0
  • AutoIt v3 Script : 3, 3, 0, 0
  • AutoIt v3 Script: 3, 3, 6, 1
  • AutoIt v3 Script: 3, 3, 7, 15
  • AutoIt v3 Script: 3, 3, 8, 0
  • AutoIt v3 Script: 3, 3, 8, 1
Compiler iSeePassword
Created 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
File Description
  • ...
  • 7z SFX archive tool. The last version of 'Button' you can find on http://buttontc.7zsfx.info
  • 360驱动大师
  • Acronis系列软件WinPE版安装程序(Modified By SpadeK)
  • Activador del programa TuneUp Utilities 2013 v13.0.3000.143
  • Aut2Exe
  • CKK.AIS Event check
  • Compiled by SFXMaker
  • Croatian/Slovenian Keyboard Layout
  • Design Diagnostics
Show More
  • DVD-RX Light Client Software
  • DX Tool
  • edpnotify
  • Farbar Recovery Scan Tool
  • InstallBySmartScreen, Run installation/update executables with SmartScreen check.
  • iSeePassword
  • K-Tools 11 For K-Windows
  • Keyboard Layout Editor
  • KpRm By Kernel-Panik
  • Logon domain
  • MStarBinTool-GUI utility
  • n/a
  • OP Auto Clicker
  • PPS Program
  • Pre Service Agent by Pre2.0 - NetSecurity Monitor
  • Rifbot 64-bit
  • Starts many tune up tools. (By: Nate S.)
  • Utility for configuring Defender antivirus on Windows 10
  • Utility for hardening Windows Firewall
  • Video Converter for PES by Jenkey1002
  • Win7codecs Settings Application
  • Win32 Cabinet Self-Extractor
  • Windows Local Multimidia
  • WinPE Diskpart GUI Micro
  • ZHPCleaner
  • {kug`H<<tt
  • 원키고스트
File Version
  • Version of file 6.2.3 build 3437 [x64]
  • 2025.5.2.0
  • 2021.7.29
  • 2016.4.30.33
  • 2015.8.29.335
  • 99.8.1.0
  • 27.98.189.645
  • 21.9.2014.1
  • 14.11.2014.0
  • 13.6.5.9
Show More
  • 11.00.17763.1 (WinBuild.160101.0800)
  • 9.8.2015.0
  • 9.8.0.7
  • 8.5.7.3
  • 8.3.2015.3
  • 7.0.0.3
  • 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
  • 4.1
  • 4.0.0.0
  • 3.8.14.1
  • 3.4.5.6
  • 3.3.14.2
  • 3.1.12
  • 3.1.7.3609
  • 3.0.1.1
  • 3.0.0.1
  • 3.0.0.0
  • 3, 3, 8, 1
  • 3, 3, 8, 0
  • 3, 3, 7, 15
  • 3, 3, 6, 1
  • 3, 3, 0, 0
  • 3, 2, 12, 0
  • 2.7.0
  • 2.4.1.0
  • 02.08.2010
  • 2.0.1.1
  • 2.0.0.1430
  • 2.0.0.21
  • 2.0.0.20
  • 2.0.0.0
  • 1.6.0.2
  • 1.5.0.0
  • 1.2.1.1
  • 1.1.0.0
  • 1.0.0.72
  • 1.0.0.2
  • 1.0.0.0
  • 0.0.0.0
Fileversion 14.5.8.215
Internal Name System32
Internal Name
  • Button For 7z SFX
  • DXTool.exe
  • Fondue.exe
  • iSeePassword
  • PES Video Convert.exe
  • rx-light.exe
  • settings
  • uefipart.exe
  • Wextract
Legal Copyright
  • "ⓒ Public Procurement Service"
  • (c) DTL Technology Co. Ltd., 2010 - 2016
  • 2009-2010 © Shark007
  • @AMpc8.com
  • @ Pre20 Soluzioni Informatiche - Italia 2026
  • A>Uh:"I8cZWdE8
  • Andrzej Pluta (@Andy Ful)
  • Andrzej Pluta (@Andy Ful), August 2019
  • Aping Ge
  • CKK.AIS ®
Show More
  • Copyright (C) 1995-2014 a9aOgQTYduBhWh59efmpbz4c6pEBgC2cOL7X7dgADplZerVsklzMYCYH6tXeS2HfbSOX, Inc. All rights reserved.
  • Copyright (c) 2006-2009 Iuli
  • Copyright (C) 2012 Jenkey1002.
  • Copyright * Andrzej Pluta (@Andy Ful)
  • Copyright 20-20 Technologies Inc. All Rights Reserved.
  • Copyright 2013 Advanced Tech Support
  • Copyright © 2011 - 2017 iSeePassword All Rights Reserved.
  • curl
  • free
  • http://spadek.blog.163.com
  • kernel-panik
  • Nicolas Coolman
  • OnePiece
  • www.opautoclicker.com
  • www.softwaregratisofull.blogspot.com
  • ©1999-2014 Jonathan Bennett & AutoIt Team
  • ©1999-2018 Jonathan Bennett & AutoIt Team
  • © 1999-2022 Jonathan Bennett & AutoIt Team
  • © gora
  • © Microsoft Corporation. All rights reserved.
  • © Mole, 2018
  • © Rifbot
  • ©1999-2015 Jonathan Bennett & AutoIt Team
  • 저작권 (C) 2013-2014 HanGulHwa
  • 지민이 - Kongmanz@naver.com
Legal Trade Marks kernel-panik
Legal Trademarks
  • DX
  • free
  • HanGulHwa.Tistory.Com
  • Mole, 2018
  • Still is not present
  • Trademark Rifbot'
Made By Jenkey1002.
Original File Name System32.exe
Original Filename
  • Button.exe
  • dstokenclean
  • DXTool.exe
  • iSeePassword Windows Password Recovery
  • Launchpad 3.exe
  • OneKeyGhost.exe
  • PES Video Convert.exe
  • Rifbot_x64.exe
  • rx-light.exe
  • Settings32.exe
Show More
  • uefipart.exe
  • WEXTRACT.EXE .MUI
Private Build 15.05.2016
Product Name Microsoft® Windows® Operating System
Product Version 6.00.2900.2180
Product Name
  • 360驱动大师
  • atl110
  • Button v6.2.3 [x64]
  • DVD-RX Light Client Software
  • DX Tool
  • Eimza Servis Kurulum
  • Internet Explorer
  • iSeePassword
  • K-Tools 11
  • KpRm
Show More
  • MStarBinTool-GUI
  • OneKey Ghost
  • OP Auto Clicker
  • PES Video Converter
  • PPS Program
  • PreService
  • Rifbot
  • SFXMaker
  • Win7codecs
  • WinPE Diskpart GUI Micro
Product Version
  • Version of product 6.2.3 [x64]
  • 20140508
  • 14012025
  • 2021.7.29
  • 2016.4.30.33
  • 392.543.944.473
  • 25.5
  • 17
  • 11.00.17763.1
  • 8.5.7.3
Show More
  • 4.1
  • 3.17
  • 3.4.5.6
  • 3.3.14.5
  • 3.3.14.2
  • 3.3.14.0
  • 3.3.12.0
  • 3.3.10.0
  • 3.0
  • 2.x
  • 2.21.0
  • 2.20.0
  • 2.7.0
  • 2.4.1.0
  • 2.0.0.1430
  • 1.6.0.2
  • 1.5
  • 1.2.1.1
  • 1.1.0.0
  • 0.0.0.0
Productname PE版安装程序
Special Build For all users
Version 9
编译工具 AuMFCompiler(标准版)

Digital Signatures

Signer Root Status
Open Source Developer, Andrzej Pluta Certum Code Signing 2021 CA Self Signed
Open Source Developer, Andrzej Pluta Certum Code Signing CA SHA2 Self Signed
DTL Technology Co. Ltd. DTL Technology Co. Ltd. Self Signed
ADVANCED TECH SUPPORTCO, LLC. DigiCert Assured ID Code Signing CA-1 Root Not Trusted
U-Haul International, Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Show More
Mole Mole Self Signed
20-20 TECHNOLOGIES INC. Symantec Class 3 SHA256 Code Signing CA Self Signed
dg186039 Teradata-Root-CA Root Not Trusted
Public Procurement Service Republic of Korea USERTrust RSA Certification Authority Root Not Trusted
gora sah gora sah Self Signed
kernel-panik kernel-panik Self Signed

File Traits

  • .UPX
  • 00 section
  • 2+ executable sections
  • Autoit
  • autoit
  • Badsig autoit
  • big overlay
  • HighEntropy
  • No Version Info
  • packed
Show More
  • upx
  • UPX!
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 4,380
Potentially Malicious Blocks: 0
Whitelisted Blocks: 4,380
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 2 0 0 0 1 0 0 0 0 1 0 0 0 0 2 2 0 0 1 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.KLB
  • AutoHotkey.A
  • Autoit
  • BadJoke.FH
  • Bitcoinminer.BDA
Show More
  • Bitcoinminer.BDB
  • Bitcoinminer.DJE
  • Bitcoinminer.R
  • CobaltStrike.CX
  • Crack.K
  • Delf.Q
  • DialupPass.A
  • Filecoder.DF
  • MPRESS Packer
  • Philadelphia.A
  • Philadelphia.B
  • Rugmi.T
  • Strictor.A

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.133960952955821647.4452.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134120537356255221.7992.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134143418265765914.7052.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\frst\hives\erdnt.con Generic Write,Read Attributes
c:\frst\hives\erdnt.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
Show More
c:\frst\hives\erdnt.exe Synchronize,Write Attributes
c:\frst\hives\erdnt.inf Generic Write,Read Attributes
c:\frst\hives\erdntdos.loc Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\frst\hives\erdntdos.loc Synchronize,Write Attributes
c:\frst\hives\erdntwin.loc Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\frst\hives\erdntwin.loc Synchronize,Write Attributes
c:\program files (x86)\rainmeter\addons\rainbackup\rainbackup.exe Generic Write,Read Attributes
c:\program files (x86)\rainmeter\addons\rainbrowser\rainbrowser.exe Generic Write,Read Attributes
c:\program files (x86)\rainmeter\default.ini Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\advancedcpu.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\itunesplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\mbm5plugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\mediakey.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\perfmon.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\pingplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\powerplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\quoteplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\recyclemanager.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\resmon.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\speedfanplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\sysinfo.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\virtualdesktops.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\webparser.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\wifistatus.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\win7audioplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\windowmessageplugin.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\wirelessinfo.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\wirelessuio.inf Generic Write,Read Attributes
c:\program files (x86)\rainmeter\plugins\wirelessuio.sys Generic Write,Read Attributes
c:\program files (x86)\rainmeter\rainmeter.dll Generic Write,Read Attributes
c:\program files (x86)\rainmeter\rainmeter.exe Generic Write,Read Attributes
c:\program files (x86)\rainmeter\vcredist_x86.exe Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\soft\serviwin_menu\1.ico Generic Write,Read Attributes
c:\soft\serviwin_menu\1.ico Synchronize,Write Attributes
c:\soft\serviwin_menu\readme.txt Generic Write,Read Attributes
c:\soft\serviwin_menu\readme.txt Synchronize,Write Attributes
c:\soft\serviwin_menu\serviwin.bat Generic Write,Read Attributes
c:\soft\serviwin_menu\serviwin.bat Synchronize,Write Attributes
c:\soft\serviwin_menu\serviwin.cfg Generic Write,Read Attributes
c:\soft\serviwin_menu\serviwin.cfg Synchronize,Write Attributes
c:\soft\serviwin_menu\serviwin.exe Generic Write,Read Attributes
c:\soft\serviwin_menu\serviwin.exe Synchronize,Write Attributes
c:\soft\serviwin_menu\serviwin_lng.ini Generic Write,Read Attributes
c:\soft\serviwin_menu\serviwin_lng.ini Synchronize,Write Attributes
c:\soft\serviwin_menu\serviwin_menu.exe Generic Write,Read Attributes
c:\soft\serviwin_menu\serviwin_menu.exe Synchronize,Write Attributes
c:\soft\serviwin_menu\srvinstw.exe Generic Write,Read Attributes
c:\soft\serviwin_menu\srvinstw.exe Synchronize,Write Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkitbanner.png Generic Write,Read Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkitconfig.xml Generic Write,Read Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkitextensions.ps1 Generic Write,Read Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkithelp.ps1 Generic Write,Read Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkitlogo.ico Generic Write,Read Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkitmain.cs Generic Write,Read Attributes
c:\temp\office365\appdeploytoolkit\appdeploytoolkitmain.ps1 Generic Write,Read Attributes
c:\temp\office365\deploy-application.exe Generic Write,Read Attributes
c:\temp\office365\deploy-application.exe.config Generic Write,Read Attributes
c:\temp\office365\files\setup.exe Generic Write,Read Attributes
c:\temp\office365\postinstall-deploy-application.ps1 Generic Write,Read Attributes
c:\temp\office365\supportfiles\edit-officeconfigurationfile.ps1 Generic Write,Read Attributes
c:\temp\office365\supportfiles\ipcheck.ps1 Generic Write,Read Attributes
c:\temp\office365\supportfiles\o365prereqx64.exe Generic Write,Read Attributes
c:\temp\office365\supportfiles\o365prereqx86.exe Generic Write,Read Attributes
c:\temp\office365\supportfiles\offscrub10.vbs Generic Write,Read Attributes
c:\temp\office365\supportfiles\popup.ps1 Generic Write,Read Attributes
c:\temp\office365\supportfiles\preload.ps1 Generic Write,Read Attributes
c:\tools\auto\omegatc\ats_automation_v4.5.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\tools\auto\omegatc\ats_automation_v4.5.exe Generic Write,Read Attributes
c:\tools\auto\omegatc\pc-health-advisor-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\pc-health-advisor-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\pc-unleashed-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\pc-unleashed-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\pc360fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\pc360fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\pcmri-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\pcmri-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\regcurefix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\regcurefix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\sparktrust-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\sparktrust-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\speedmax-pc-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\speedmax-pc-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\speedy-pc-pro-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\speedy-pc-pro-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\turbo-myspeed-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\turbo-myspeed-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\util-kit-fix.reg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\util-kit-fix.reg Generic Write,Read Attributes
c:\tools\auto\omegatc\whitelist.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\tools\auto\omegatc\whitelist.dat Generic Write,Read Attributes
c:\users\public\desktop\microsoft edge.lnk Synchronize,Write Attributes
c:\users\user\appdata\local\microsoft\windows\powershell\startupprofiledata-noninteractive Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3372yevaeep Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3372yevaeep Generic Write,Read Attributes
c:\users\user\appdata\local\temp\360drv.7z Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\360drv.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5928lmxbmcp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\5928lmxbmcp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7300snmqbfx Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7300snmqbfx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7za.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7za.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\rainmeter13.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\rainmeter13.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_0p4e3yrl.c5o.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_cwgx2ei5.5nn.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_dg1l2q0k.0lu.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_i2tyqta0.daq.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ll3gkgyz.xaf.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_plp1fqpd.yaf.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_qjnjs1xp.4zo.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_w50sgdy0.ypu.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\42a11284ba0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a1d26e2\58ae9d8a98.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut1e3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut1f16.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2b4c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2b6c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4530.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut498c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4e99.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4f83.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4fa7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut4fe7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut517c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut532d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut54d7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5555.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut55e3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5622.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5662.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5787.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5805.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5852.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5872.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut58a2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut58c2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut5b14.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut82b1.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut93e7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta340.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta360.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta370.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta3c0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta514.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta524.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta718.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta738.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta9af.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auta9df.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autabb4.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autb45f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autba2c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbade.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbafe.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autbe25.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd1ed.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd2e7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd317.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd328.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd348.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd368.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd5f5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd6e0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd6f1.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd6f2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd702.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd713.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd724.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd734.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd735.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd746.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd757.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autd767.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute1a.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute3b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute4b.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aute6c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auted2c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\auteec3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autf25e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\autf942.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\back.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\back.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bcmjxmp Generic Read,Write Data,Write Attributes,Write extended,Append data

173 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ツ텾Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 櫓䬧Ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microsoft update C:\Users\Scwocnhb\AppData\Local\Temp\skyp\Microsoft Update.lnk RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::{52rurdpq-ydp9-wok-r64k-fl6yemav49m} "C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e44 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Dsscvdsi\AppData\Local\Temp\IXP000.TMP\" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup1 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Dsscvdsi\AppData\Local\Temp\IXP001.TMP\" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup2 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Dsscvdsi\AppData\Local\Temp\IXP002.TMP\" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup3 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Dsscvdsi\AppData\Local\Temp\IXP003.TMP\" RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 个鋳♢ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::enablenegotiate  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::migrateproxy  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls C:\PROGRA~1\COMMON~1\System\symsrv.dll RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls RegNtPreCreateKey
HKCU\software::tefunjygw False RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 侎⢔䏆ǜ RegNtPreCreateKey
HKCU\software\gnu\ffdshow\default::threadsnum  RegNtPreCreateKey
HKLM\software\classes\.mov\shellex\{bb2e617c-0920-11d1-9a0b-00c04fc2d6c1}:: {c5a40261-cd64-4ccf-84cb-c394da41d590} RegNtPreCreateKey
HKLM\software\classes\.3gp\shellex\{bb2e617c-0920-11d1-9a0b-00c04fc2d6c1}:: {c5a40261-cd64-4ccf-84cb-c394da41d590} RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes (NULL) RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes  RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version 142.0.3595.53 RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state  RegNtPreCreateKey
HKCU\software\winrar sfx::temp C:\Users\Dbydkzaa\AppData\Local\Temp\RarSFX0 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䆕㟧冟ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꎛ㟩冟ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::pegaxo "C:\Users\Xiwbeevw\AppData\Roaming\Windata\WBCETS.exe" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Ibnegmrt\AppData\Local\Temp\IXP000.TMP\" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\360drvmgr::displayversion 2.0.0.1430 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᣫᶗ喎ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ᷬ喎ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 俿ᷯ喎ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 笑㝫眀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㿧㝰眀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⵬驖睺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䡌ਸ਼緫ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䘩考ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules::tcp -logon_domain v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=c:\users\user\downloads\c0f23 RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules::udp -logon_domain v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=c:\users\user\downloads\c0f2 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::bemyjt "C:\Users\Eubncfzn\AppData\Roaming\Windata\Adobe Acrobat.exe" RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::filteradministratortoken RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 켔檸銺ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecute
  • ShellExecuteEx
  • WriteConsole
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
Show More
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtLockFile
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryTimerResolution
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResetWriteWatch

203 additional items are not displayed above.

Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
  • ZwMapViewOfSection
Network Winsock2
  • WSAStartup
Network Winsock
  • gethostbyname
  • gethostname
  • inet_addr
  • socket
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Service Control
  • OpenSCManager
  • OpenService

Shell Command Execution

C:\WINDOWS\system32\cmd.exe /c schtasks /create /tn p8rfIma8GsP /tr "mshta C:\Users\Zqadjqwl\Desktop\c98jyS9ZY.hta" /sc minute /mo 10 /ru "Zqadjqwl" /f
mshta C:\Users\Zqadjqwl\Desktop\c98jyS9ZY.hta
C:\WINDOWS\system32\cmd.exe /c schtasks /create /tn mvAV4maQiWA /tr "mshta C:\Users\Cwwfexzl\Desktop\lJcEw6w9b.hta" /sc minute /mo 10 /ru "Cwwfexzl" /f
mshta C:\Users\Cwwfexzl\Desktop\lJcEw6w9b.hta
C:\WINDOWS\system32\schtasks.exe schtasks /create /tn mvAV4maQiWA /tr "mshta C:\Users\Cwwfexzl\Desktop\lJcEw6w9b.hta" /sc minute /mo 10 /ru "Cwwfexzl" /f
Show More
WriteConsole: Access is denied
(NULL) Rainmeter13.exe /S /NCRC
C:\WINDOWS\system32\cmd.exe /c schtasks /create /tn zVwXSmav7L0 /tr "mshta C:\Users\Wufphlln\Desktop\PqKvys7zs.hta" /sc minute /mo 10 /ru "Wufphlln" /f
mshta C:\Users\Wufphlln\Desktop\PqKvys7zs.hta
C:\WINDOWS\system32\schtasks.exe schtasks /create /tn zVwXSmav7L0 /tr "mshta C:\Users\Wufphlln\Desktop\PqKvys7zs.hta" /sc minute /mo 10 /ru "Wufphlln" /f
powershell -executionpolicy bypass -File slui.ps1
WriteConsole: The argument 'sl
WriteConsole:
WriteConsole: Windows PowerShe
WriteConsole:
C:\Users\Scwocnhb\AppData\Local\Temp/TSYSGB.exe
C:\Users\Scwocnhb\AppData\Local\Temp/GIFCOJ.exe
(NULL) serviwin_menu.exe
C:\WINDOWS\system32\cmd.exe /c icacls "C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e445" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)" & icacls "C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e445" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)" & icacls "C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e445" /inheritance:e /deny "Onjxxoht:(R,REA,RA,RD)"
C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e445\KBDROPR.exe
C:\WINDOWS\system32\icacls.exe icacls "C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e445" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
WriteConsole: processed file:
WriteConsole: Successfully pro
C:\WINDOWS\system32\icacls.exe icacls "C:\Users\Onjxxoht\AppData\Roaming\x86_windows-defender-management-powershell_31bf3856ad364e35_10.0.22621.1_none_e93a8b3adcb2e445" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
c:\users\user\downloads\DontSleep.exe
C:\Users\Dsscvdsi\AppData\Local\Temp\IXP000.TMP\pK2AD50.exe
C:\Users\Dsscvdsi\AppData\Local\Temp\IXP001.TMP\fX0Xv27.exe
C:\Users\Dsscvdsi\AppData\Local\Temp\IXP002.TMP\UE9HD42.exe
C:\Users\Dsscvdsi\AppData\Local\Temp\IXP003.TMP\1uu29ME8.exe
C:\WINDOWS\system32\cmd.exe /c ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
C:\WINDOWS\erunt.exe ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
c:\Users\user\downloads\acаd2024.exe /product ACAD
(NULL) uefipart_x64.exe
diskpart.exe /s "C:\Users\Otwvfvvt\AppData\Local\Temp\uefiparts.txt"
C:\Users\Temtogjt\AppData\Local\Temp\s.cmd
WriteConsole: C:\Users\Temtogj
WriteConsole: del
WriteConsole: "C:\Users\user\
WriteConsole: if
WriteConsole: exist "C:\Users\
WriteConsole: goto
WriteConsole: loop
WriteConsole: C:\Users\Temtog
WriteConsole: The batch file c
C:\Users\Vftagilw\AppData\Local\Temp\xwthvyuyauofasgzvbphtehvj.exe -p22084806526476607321971145822250832732812918020594239723161514668146784312142452424627845306571498232119121844687264
http://shark007.net/forum/Thread-Settings-Application-Development
(NULL) C:\Users\Dbydkzaa\AppData\Local\Temp\RarSFX0\su1x-setup.exe
runas c:\users\user\downloads\6f06eec018083fd37febde493234d43c90434b98_0000306479
cmd /c cdrtools\cdrecord.exe -scanbus>info.txt
WriteConsole: The system canno
C:\Users\Ibnegmrt\AppData\Local\Temp\IXP000.TMP\SDUfECCJCY.exe
C:\Users\Mjjiqwpf\AppData\Local\Temp\7za.exe x C:\Users\Mjjiqwpf\AppData\Local\Temp\360Drv.7z -y -oC:\Users\Mjjiqwpf\AppData\Local\Temp\360DrvMgr\ -p16888
C:\Users\Mjjiqwpf\AppData\Local\Temp\360DrvMgr\360DrvMgr.exe
C:\WINDOWS\system32\cmd.exe /c rd /s /q %TEMP%\360DrvMgr
C:\WINDOWS\system32\cmd.exe /c netsh advfirewall set allprofiles state off
c:\temp\office365\supportfiles\O365Prereqx64.exe
C:\WINDOWS\system32\windowspowershell\v1.0\Powershell.exe -executionpolicy bypass c:\temp\office365\supportfiles\preload.ps1
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Mgcewtsg\AppData\Local\Temp\znpew2iy\znpew2iy.cmdline"
netsh advfirewall firewall add rule name="Logon_Domain" dir=in action=Allow program="c:\users\user\downloads\c0f23b003c33bb6b891a1406774dfd4fa02203b5_0003605504" enable=yes
C:\WINDOWS\system32\LMXBMCPU.exe

Trending

Most Viewed

Loading...