Multi-License Discount Quote

Change Region

English
Threat Database Trojans Troj/Phish-AZ

Troj/Phish-AZ

By Sumo3000 in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 7
First Seen: December 5, 2011
Last Seen: February 1, 2026
OS(es) Affected: Windows

Many computer users have received an email that purportedly warns them that their account on the popular online retailer Amazon.com is about to expire. This email message, replete with spelling and grammar mistakes (such as 'wether' instead of 'whether') is really a common phishing scam, known by some PC security researchers as Troj/Phish-AZ. ESG security researchers strongly warn against responding to the Troj/Phish-AZ phishing email, as it will almost certainly result in identity theft and in the loss of essential information, such as your credit card details and Amazon.com account. This phishing scam is fairly common, and is not limited only to Amazon! Similar emails have been sent out claiming that your online accounts on popular websites (such as YouTube or Twitter) will expire by the middle of December 2011 if you do not follow an embedded link in order to reenter your personal information. Of course, you can be sure that the embedded link will not take you to the legitimate website it claims, but to a highly-authentic fake. Inexperienced computer users, fooled by this fake website's appearance may then proceed to hand over their personal information directly to an unscrupulous criminal.

What is Contained in the Troj/Phish-AZ Phishing Email?

The Troj/Phish-AZ email's subject line will claim that you have a message from Amazon. This email will also contain a randomly-named file with an .html extension which you are not, under any circumstances, open. ESG security researchers strongly warn against opening email attachments in unsolicited emails, even if they appear to come from a legitimate company or business. The message body goes on to claim that the victim's online account will be deactivated because it is about to expire. It asks the user whether (or, in this case, 'wether') they want to let their account expire of if they want to renew. Then – here comes the scam – this fraudulent email will urge the receiver to open the attached file in order to fill out a form in order to renew the Amazon description. This attached file will ask for the user's credit card information as well as various personal details. You can be certain that this file is not meant for Amazon, but will actually be used by criminals for their own activities. Warn your friends and family about the Troj/Phish-AZ phishing scam and similar online cons. Also make sure to use a reliable spam filter for your email accounts in order to avoid Troj/Phish-AZ.

Analysis Report

General information

Family Name: Trojan.Lohmys.A
Packers: UPX!
Signature status: Modified signature

Known Samples

MD5: e23ad59baf3d8575dcb491b4408824fc
SHA1: 12008249ec7127586f2269a5f72ba27c9805955d
SHA256: 8C1BED00A68FD0E321099F1A0D5607730EB3281FD139B2E1CA3513CAA1E84582
File Size: 572.46 KB, 572456 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Arquivo Solicitado
File Description Arquivo Solicitado
File Version 1.0.0.0
Product Name Arquivo Solicitado
Product Version 1.0.0.0

File Traits

  • packed
  • x86

Block Information

Total Blocks: 3,241
Potentially Malicious Blocks: 14
Whitelisted Blocks: 3,224
Unknown Blocks: 3

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Delf.XB
  • Ekstak.AN
  • FakeAlert.X
  • Kasperagent.A
  • Trojan.Downloader.Gen.HP

Files Modified

File Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\dde8b1b7e253a9758ec380bd648952af_843bcbab61ad44e00e351a8e8b7eafcf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\05ddc6aa91765aacacdb0a5f96df8199 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\24bd96d5497f70b3f510a6b53cd43f3e_3a89246fb90c5ee6620004f1ae0eb0ea Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\dde8b1b7e253a9758ec380bd648952af_843bcbab61ad44e00e351a8e8b7eafcf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\desktop\contaprime.url Generic Write,Read Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 Û RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 é RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://affiliate.free.rongrean.com/logo.gifhttp://demo.mosiva RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 襙 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 Ԩ喎 RegNtPreCreateKey
HKCU\software\apcr::u2_1 橸牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 쨣롩 RegNtPreCreateKey
HKCU\software\apcr::u2_2 ノ RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 멀 RegNtPreCreateKey
HKCU\software\apcr::u2_3 佸地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 랁숇 RegNtPreCreateKey
HKCU\software\apcr::u2_4 틤즕 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 﫡풋 RegNtPreCreateKey
HKCU\software\apcr::u2_5 哤㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 ㏦䦫 RegNtPreCreateKey
HKCU\software\apcr::u2_6 곩깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 뱪去 RegNtPreCreateKey
HKCU\software\apcr::u2_7 ㅜ⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 鹼輊 RegNtPreCreateKey
HKCU\software\apcr::u2_8 距錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 ཫ RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᠮ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 ꇋ㷄 RegNtPreCreateKey
HKCU\software\apcr::u2_10 阏矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 멘磂 RegNtPreCreateKey
HKCU\software\apcr::u2_11  RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\apcr::u1_12 Ӈ丑 RegNtPreCreateKey
HKCU\software\apcr::u2_12 灜峁 RegNtPreCreateKey
HKCU\software\apcr::u3_12 ͕巂 RegNtPreCreateKey
HKCU\software\apcr::u4_12 楼峁 RegNtPreCreateKey
HKCU\software\apcr::u1_13 䫟˟ RegNtPreCreateKey
HKCU\software\apcr::u2_13 瑎켦 RegNtPreCreateKey
HKCU\software\apcr::u3_13 뛘츥 RegNtPreCreateKey
HKCU\software\apcr::u4_13 RegNtPreCreateKey
HKCU\software\apcr::u1_14 ⱝ⡺ RegNtPreCreateKey
HKCU\software\apcr::u2_14 瑀䆌 RegNtPreCreateKey
HKCU\software\apcr::u3_14 㩏䂏 RegNtPreCreateKey
HKCU\software\apcr::u4_14 偦䆌 RegNtPreCreateKey
HKCU\software\apcr::u1_15 RegNtPreCreateKey
HKCU\software\apcr::u2_15 RegNtPreCreateKey
HKCU\software\apcr::u3_15 ꧲닲 RegNtPreCreateKey
HKCU\software\apcr::u4_15 쏛돱 RegNtPreCreateKey
HKCU\software\apcr::u1_16 ἉȪ RegNtPreCreateKey
HKCU\software\apcr::u2_16 ⥷♗ RegNtPreCreateKey
HKCU\software\apcr::u3_16 嵹❔ RegNtPreCreateKey
HKCU\software\apcr::u4_16 㝐♗ RegNtPreCreateKey
HKCU\software\apcr::u1_17 쮋î RegNtPreCreateKey
HKCU\software\apcr::u2_17 뉊颼 RegNtPreCreateKey
HKCU\software\apcr::u3_17 샬馿 RegNtPreCreateKey
HKCU\software\apcr::u4_17 ꫅颼 RegNtPreCreateKey
HKCU\software\apcr::u1_18  RegNtPreCreateKey
HKCU\software\apcr::u2_18 㯰ଢ RegNtPreCreateKey
HKCU\software\apcr::u3_18 琓ਡ RegNtPreCreateKey
HKCU\software\apcr::u4_18 Ḻଢ RegNtPreCreateKey
HKCU\software\apcr::u1_19 RegNtPreCreateKey
HKCU\software\apcr::u2_19 둥綇 RegNtPreCreateKey
HKCU\software\apcr::u3_19 ﮆ粄 RegNtPreCreateKey
HKCU\software\apcr::u4_19 醯綇 RegNtPreCreateKey
HKCU\software\apcr::u1_20 ⱽ퉵 RegNtPreCreateKey
HKCU\software\apcr::u2_20 ቋ RegNtPreCreateKey
HKCU\software\apcr::u3_20 漍 RegNtPreCreateKey
HKCU\software\apcr::u4_20 Ԥ RegNtPreCreateKey
HKCU\software\apcr::u1_21 ྑ RegNtPreCreateKey
HKCU\software\apcr::u2_21 滞扒 RegNtPreCreateKey
HKCU\software\apcr::u3_21 ኰ捑 RegNtPreCreateKey
HKCU\software\apcr::u4_21 碙扒 RegNtPreCreateKey
HKCU\software\apcr::u1_22 ꅃ䶬 RegNtPreCreateKey
HKCU\software\apcr::u2_22 句풷 RegNtPreCreateKey
HKCU\software\apcr::u3_22 蘧햴 RegNtPreCreateKey
HKCU\software\apcr::u4_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u1_23 瑗␺ RegNtPreCreateKey
HKCU\software\apcr::u2_23 䚤䜝 RegNtPreCreateKey
HKCU\software\apcr::u3_23 㖪䘞 RegNtPreCreateKey
HKCU\software\apcr::u4_23 徃䜝 RegNtPreCreateKey
HKCU\software\apcr::u1_24 ꢮ뽻 RegNtPreCreateKey
HKCU\software\apcr::u2_24 쓋릂 RegNtPreCreateKey
HKCU\software\apcr::u3_24 룑뢁 RegNtPreCreateKey
HKCU\software\apcr::u4_24 틸릂 RegNtPreCreateKey
HKCU\software\apcr::u1_25 䜇俑 RegNtPreCreateKey
HKCU\software\apcr::u2_25 学⯨ RegNtPreCreateKey
HKCU\software\apcr::u3_25 ⱄ⫫ RegNtPreCreateKey
HKCU\software\apcr::u4_25 䙭⯨ RegNtPreCreateKey
HKCU\software\apcr::u1_26 農玳 RegNtPreCreateKey
HKCU\software\apcr::u2_26 ꌭ鹍 RegNtPreCreateKey
HKCU\software\apcr::u3_26 폋齎 RegNtPreCreateKey
HKCU\software\apcr::u4_26 맢鹍 RegNtPreCreateKey
HKCU\software\apcr::u1_27 RegNtPreCreateKey
HKCU\software\apcr::u2_27 㔃Ⴓ RegNtPreCreateKey
HKCU\software\apcr::u3_27 䝾ᆰ RegNtPreCreateKey
HKCU\software\apcr::u4_27 ⵗႳ RegNtPreCreateKey
HKCU\software\apcr::u1_28 嬨裮 RegNtPreCreateKey
HKCU\software\apcr::u2_28 뵩茘 RegNtPreCreateKey
HKCU\software\apcr::u3_28 쫥舛 RegNtPreCreateKey
HKCU\software\apcr::u4_28 ꃌ茘 RegNtPreCreateKey
HKCU\software\apcr::u1_29 ⻟䆫 RegNtPreCreateKey
HKCU\software\apcr::u2_29 ϵ RegNtPreCreateKey
HKCU\software\apcr::u3_29 繨 RegNtPreCreateKey
HKCU\software\apcr::u4_29 ᑁ RegNtPreCreateKey
HKCU\software\apcr::u1_30 ꃯ凃 RegNtPreCreateKey
HKCU\software\apcr::u2_30 鋍柣 RegNtPreCreateKey
HKCU\software\apcr::u3_30 曠 RegNtPreCreateKey
HKCU\software\apcr::u4_30 螶柣 RegNtPreCreateKey
HKCU\software\apcr::u1_31 牵ꧣ RegNtPreCreateKey
HKCU\software\apcr::u2_31 RegNtPreCreateKey
HKCU\software\apcr::u3_31 RegNtPreCreateKey
HKCU\software\apcr::u4_31 RegNtPreCreateKey
HKCU\software\apcr::u1_32 䉩Ⰽ RegNtPreCreateKey
HKCU\software\apcr::u2_32 琛䲮 RegNtPreCreateKey
HKCU\software\apcr::u3_32 ҉䶭 RegNtPreCreateKey
HKCU\software\apcr::u4_32 溠䲮 RegNtPreCreateKey
HKCU\software\apcr::u1_33 蟞 RegNtPreCreateKey
HKCU\software\apcr::u2_33 쀢뼓 RegNtPreCreateKey
HKCU\software\apcr::u3_33 蠼븐 RegNtPreCreateKey
HKCU\software\apcr::u4_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u1_34 껔硊 RegNtPreCreateKey
HKCU\software\apcr::u2_34 䀷ㅹ RegNtPreCreateKey
HKCU\software\apcr::u3_34 㾣ぺ RegNtPreCreateKey
HKCU\software\apcr::u4_34 喊ㅹ RegNtPreCreateKey
HKCU\software\apcr::u1_35 䨴⯜ RegNtPreCreateKey
HKCU\software\apcr::u2_35 ꏞ RegNtPreCreateKey
HKCU\software\apcr::u3_35 ꋖꋝ RegNtPreCreateKey
HKCU\software\apcr::u4_35 죿ꏞ RegNtPreCreateKey
HKCU\software\apcr::u1_36 缡 RegNtPreCreateKey
HKCU\software\apcr::u2_36 ␣ᙄ RegNtPreCreateKey
HKCU\software\apcr::u3_36 噝ᝇ RegNtPreCreateKey
HKCU\software\apcr::u4_36 㱴ᙄ RegNtPreCreateKey
HKCU\software\apcr::u1_37 잶磽 RegNtPreCreateKey
HKCU\software\apcr::u2_37 떴袩 RegNtPreCreateKey
HKCU\software\apcr::u3_37 엀親 RegNtPreCreateKey
HKCU\software\apcr::u4_37 꿩袩 RegNtPreCreateKey
HKCU\software\apcr::u1_38  RegNtPreCreateKey
HKCU\software\apcr::u2_38 㼯﬏ RegNtPreCreateKey
HKCU\software\apcr::u3_38 䥷兀 RegNtPreCreateKey
HKCU\software\apcr::u4_38 ⍞﬏ RegNtPreCreateKey
HKCU\software\apcr::u1_39 眏➰ RegNtPreCreateKey
HKCU\software\apcr::u2_39 臘浴 RegNtPreCreateKey
HKCU\software\apcr::u3_39 ﳺ汷 RegNtPreCreateKey
HKCU\software\apcr::u4_39 雓浴 RegNtPreCreateKey
HKCU\software\apcr::u1_40 偳貽 RegNtPreCreateKey
HKCU\software\apcr::u2_40 RegNtPreCreateKey
HKCU\software\apcr::u3_40 RegNtPreCreateKey
HKCU\software\apcr::u4_40 RegNtPreCreateKey
HKCU\software\apcr::u1_41 㚃碶 RegNtPreCreateKey
HKCU\software\apcr::u2_41 枇刿 RegNtPreCreateKey
HKCU\software\apcr::u3_41 ប匼 RegNtPreCreateKey
HKCU\software\apcr::u4_41 綽刿 RegNtPreCreateKey
HKCU\software\apcr::u1_42 ⯶㋿ RegNtPreCreateKey
HKCU\software\apcr::u2_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u3_42 鬛얧 RegNtPreCreateKey
HKCU\software\apcr::u4_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u1_43 阓侱 RegNtPreCreateKey

3774 additional registry modifications are not displayed above.

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...