Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.CnsMin.A

Adware.CnsMin.A

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 11,013
Threat Level: 20 % (Normal)
Infected Computers: 228
First Seen: March 30, 2022
Last Seen: January 22, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.CnsMin.A
Signature status: No Signature

Known Samples

MD5: e3a904235e7aa78d4569b3793a3212ed
SHA1: 0214d10b7d3ce39f69af6c82db26cac1c5ef46ef
SHA256: 2ECEE5E2E2E235F114A28B311A457C49359069F2349E6923C93C4876EA270D72
File Size: 4.65 MB, 4645520 bytes
MD5: d851f2ad57ccff06e9d45169f65307f9
SHA1: baeece3b5f5b54a3faf6458cd92715af3716185c
SHA256: CD8D5C9B1FDF9C750EBCA40AA3824556C71204BBFD49CFB135596F14A94902DA
File Size: 2.11 MB, 2108588 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
TREND MEDIA CORPORATION LIMITED VeriSign Class 3 Code Signing 2004 CA Root Not Trusted

File Traits

  • dll
  • x86

Files Modified

File Attributes
c:\users\user\appdata\local\temp\gtapi.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\google.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\google.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg5c1c.tmp\google.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsg5c1c.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5c1c.tmp\system.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsg5c1c.tmp\task.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2145968 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\cd.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\cd.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\config\bits.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\config\bits.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\dbghelp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\dbghelp.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\debugrpt.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\debugrpt.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\default.jcd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\default.jcd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgbhocfg.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgbhocfg.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgbtcore.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgbtcore.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgemcore.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgemcore.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmgr.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgmgr.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\core.cfg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\core.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\core.ed2k.svr Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\core.ed2k.svr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\fgemcore.cfg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\fgemcore.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\lang Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\lang Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\update Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\config\update Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\log Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\log\stat.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgmule\log\stat.db Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\log\torfiles Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgmule\log\torfiles Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgres1.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgres1.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgupdate Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgupdate Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgupdate.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgupdate.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgupdate1.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgupdate1.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgupdate2.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgupdate2.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\fgupdate3.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\fgupdate3.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\flashget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\flashget.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\flashget.exe.manifest Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\flashget.exe.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\getflash.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\getflash.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\jc_all.htm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\jc_all.htm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\jc_link.htm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\jc_link.htm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\jccatch.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\jccatch.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\language Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language\jcdeu.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\language\jcdeu.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language\jcell.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\language\jcell.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language\jceng.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\language\jceng.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language\jcesp.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\language\jcesp.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language\jcfin.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\language\jcfin.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\language\jcfra.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\language\jcfra.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\normal.jcs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\normal.jcs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\skin Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\skin Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\skin\leftback.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\skin\leftback.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\skin\logo_bg.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\skin\logo_bg.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\skin\normal.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\skin\normal.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\sounds Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\sounds Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\sounds\benchmark.wav Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\sounds\benchmark.wav Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\sounds\done.wav Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\sounds\done.wav Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\table.jcs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\table.jcs Synchronize,Write Attributes
c:\users\user\appdata\roaming\flashget\database\default.jcd Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKCU\software\jetcar\jetcar\general::prepartner dU RegNtPreCreateKey
HKCU\software\jetcar\jetcar\general::prepartner1 0 RegNtPreCreateKey
HKLM\software\wow6432node\google\navclient::test test RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\jetcar\jetcar\general::apppath C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\flashget.exe RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy::count  RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy::defaultforhttp RegNtPreCreateKey
Show More
HKCU\software\jetcar\jetcar\proxy::defaultforstream RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy::defaultforftp RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy::rollback RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::title Direct Connection RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::flags  RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::type RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::server RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::username RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::port RegNtPreCreateKey
HKCU\software\jetcar\jetcar\proxy\proxy1::password (NULL) RegNtPreCreateKey
HKCU\software\netscape\netscape navigator\automation protocols::ftp JetCar.Netscape RegNtPreCreateKey
HKCU\software\netscape\netscape navigator\automation protocols::http JetCar.Netscape RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\menuext\&download with flashget:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\jc_link.htm RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\menuext\&download with flashget::contexts " RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\menuext\&download all with flashget:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\jc_all.htm RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\menuext\&download all with flashget::contexts ó RegNtPreCreateKey
HKLM\software\classes\flashget.document:: FlashGet Download Database RegNtPreCreateKey
HKLM\software\classes\flashget.document\defaulticon:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\flashget.exe,1 RegNtPreCreateKey
HKLM\software\classes\flashget.document\shell\open\command:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\flashget.exe "%1" RegNtPreCreateKey
HKLM\software\classes\.jcd:: FlashGet.Document RegNtPreCreateKey
HKLM\software\classes\jetcar.netscape.1:: JetCarNetscape Class RegNtPreCreateKey
HKLM\software\classes\jetcar.netscape.1\clsid:: {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} RegNtPreCreateKey
HKLM\software\classes\jetcar.netscape:: JetCarNetscape Class RegNtPreCreateKey
HKLM\software\classes\jetcar.netscape\clsid:: {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} RegNtPreCreateKey
HKLM\software\classes\jetcar.netscape\curver:: JetCar.Netscape.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}:: JetCarNetscape Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}\progid:: JetCar.Netscape.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}\versionindependentprogid:: JetCar.Netscape RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}\inprocserver32:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\jccatch.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.iecatch.1:: IECatch Class RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.iecatch.1\clsid:: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.iecatch:: IECatch Class RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.iecatch\clsid:: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.iecatch\curver:: FGCatchUrl.IECatch.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}:: Flashget Catch Url Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}\progid:: FGCatchUrl.IECatch.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}\versionindependentprogid:: FGCatchUrl.IECatch RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}\inprocserver32:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\jccatch.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}:: flashget urlcatch RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.downmgr.1:: DownMgr Class RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.downmgr.1\clsid:: {ACBCF095-E8C0-420F-8769-2845D9B92E8C} RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.downmgr:: DownMgr Class RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.downmgr\clsid:: {ACBCF095-E8C0-420F-8769-2845D9B92E8C} RegNtPreCreateKey
HKLM\software\classes\fgcatchurl.downmgr\curver:: FGCatchUrl.DownMgr.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}:: DownMgr Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}\progid:: FGCatchUrl.DownMgr.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}\versionindependentprogid:: FGCatchUrl.DownMgr RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}\inprocserver32:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\jccatch.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\typelib\{79de8d41-161c-11d3-8b9b-df77640ba112}\1.0:: FGCatchUrl 1.0 Type Library RegNtPreCreateKey
HKLM\software\classes\typelib\{79de8d41-161c-11d3-8b9b-df77640ba112}\1.0\flags:: 0 RegNtPreCreateKey
HKLM\software\classes\typelib\{79de8d41-161c-11d3-8b9b-df77640ba112}\1.0\0\win32:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\jccatch.dll RegNtPreCreateKey
HKLM\software\classes\typelib\{79de8d41-161c-11d3-8b9b-df77640ba112}\1.0\helpdir:: C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\ RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}:: IIECatch RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}:: IIECatch RegNtPreCreateKey
HKLM\software\classes\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\interface\{be2b5965-4249-4c70-81ab-70e2889309f3}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}:: IJetCarNetscape RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}:: IJetCarNetscape RegNtPreCreateKey
HKLM\software\classes\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\interface\{fb5da723-162b-11d3-8b9b-aa70b4b0b524}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}:: IDownMgr RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}:: IDownMgr RegNtPreCreateKey
HKLM\software\classes\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}\typelib:: {79DE8D41-161C-11D3-8B9B-DF77640BA112} RegNtPreCreateKey
HKLM\software\classes\interface\{54a0200b-d1ae-4887-b5b4-6f8caa99a9e6}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{2f364306-aa45-47b5-9f9d-39a8b94e7ef7}:: FGCatchUrl RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fb5da724-162b-11d3-8b9b-aa70b4b0b524}:: FGCatchUrl RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{acbcf095-e8c0-420f-8769-2845d9b92e8c}:: FGCatchUrl RegNtPreCreateKey

Windows API Usage

Category API
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • ShellExecuteEx
Other Suspicious
  • SetWindowsHookEx
Network Winsock2
  • WSAStartup

Shell Command Execution

(NULL) C:\Users\Fhhmuzdm\AppData\Local\Temp\RarSFX0\flashget.exe

Trending

Most Viewed

Loading...