Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.Kraddare.O

Adware.Kraddare.O

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 8,881
Threat Level: 20 % (Normal)
Infected Computers: 376
First Seen: July 8, 2021
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.Kraddare.O
Signature status: No Signature

Known Samples

MD5: f6b9b98e1daa4b1593f3f175acab8a11
SHA1: 2df5ed79ca45b58f63ec924f2d6cb999c06387d6
SHA256: A06FEA2D170F9ACFA08624C39B2E5028B37F13A22752C6DADE6A342A434617C5
File Size: 226.51 KB, 226512 bytes
MD5: 84745c27e0c1572f814e3db1b9ff5ddf
SHA1: a3a5798a6bcdfdf6c51dbe103629e8c9d90bc298
SHA256: 109118EFD3712CA03D08AC6745AF529808D6217794C76A37A202E9D3AF2274E4
File Size: 4.21 MB, 4207152 bytes
MD5: e8552d7dea7d9750ce916ca0b79f9857
SHA1: ba6ab0d19149d9ed67c28a84865f083230b068af
SHA256: 91D00D02613C1AD7C3720CFA3D6E6FF0DFA37B9363FCC5F1CC322ABCA4BC3D85
File Size: 1.39 MB, 1385472 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name http://isulnara.com
File Description IE 인쇄 페이지 설정 컨트롤
File Version
  • 2010.9.7.1
  • 1.4.0.3
  • 1.0.0.0
Internal Name IEPageSetupX
Legal Copyright http://isulnara.com
Ole Self Register 1
Product Version
  • 1.4.0.0
  • 1.0.0.0

Digital Signatures

Signer Root Status
ADD Information Technologies Co. Ltd Thawte Premium Server CA Root Not Trusted
Webcash Co., Ltd Thawte Premium Server CA Root Not Trusted

File Traits

  • dll
  • Installer Version
  • packed
  • x86

Block Information

Total Blocks: 7,532
Potentially Malicious Blocks: 7
Whitelisted Blocks: 6,383
Unknown Blocks: 1,142

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 0 0 0 ? ? 0 0 0 0 ? ? 0 ? ? ? 0 ? ? 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 ? ? 0 0 ? 0 ? ? 0 ? ? 0 0 0 ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? ? 0 0 0 ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 ? ? ? 0 0 ? ? ? ? 0 0 ? ? 0 0 0 ? 0 ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 ? 0 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? 0 ? ? ? 0 0 0 ? 0 ? 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 0 0 ? ? ? 0 ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 0 ? 0 0 ? 0 ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 ? 0 ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Injector.DGB
  • Injector.FHE
  • Injector.GDSA
  • Injector.KFAD
  • Injector.KZP
Show More
  • Injector.XF

Files Modified

File Attributes
c:\program files (x86)\common files\xgrid reports\xgridreport.fr3 Synchronize,Write Data
c:\program files (x86)\common files\xgrid reports\xgridreport2.fr3 Synchronize,Write Data
c:\program files (x86)\common files\xgrid reports\xgridreport3.fr3 Synchronize,Write Data
c:\program files (x86)\common files\xgrid reports\xgridreport4.fr3 Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\allinoneimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\armyimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\cfmsimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\chestimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\cityimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\dgbimg.dll Synchronize,Write Data
Show More
c:\program files (x86)\webcash\xgrid\emoreimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\gbankimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\hanaimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\hanatourimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\hsbcimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\hsbimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\jpmcimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\kbstarimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\kdbimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\kepcoimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\kiupimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\kiuppsnimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\knbankimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\maptimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\mkercmsimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\pppimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\pusanimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\rptlogo.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\smbaimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\solomonimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\somangimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\temporary files\allinoneimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\allinoneimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\allinoneimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\armyimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\armyimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\armyimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\cfmsimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\cfmsimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\cfmsimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\chestimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\chestimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\chestimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\cityimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\cityimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\cityimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\dgbimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\dgbimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\dgbimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\emoreimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\emoreimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\emoreimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\gbankimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\gbankimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\gbankimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hanaimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\hanaimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hanaimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hanatourimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\hanatourimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hanatourimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hsbcimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\hsbcimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hsbcimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hsbimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\hsbimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\hsbimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\jpmcimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\jpmcimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\jpmcimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kbstarimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\kbstarimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kbstarimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kdbimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\kdbimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kdbimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kepcoimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\kepcoimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kepcoimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kiupimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\kiupimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kiupimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kiuppsnimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\kiuppsnimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\kiuppsnimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\knbankimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\knbankimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\knbankimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\maptimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\maptimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\maptimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\mkercmsimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\mkercmsimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\mkercmsimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\pppimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\pppimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\pppimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\pusanimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\pusanimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\pusanimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\rptlogo.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\rptlogo.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\rptlogo.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\smbaimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\smbaimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\smbaimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\solomonimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\solomonimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\solomonimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\somangimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\somangimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\somangimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\tomatoimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\tomatoimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\tomatoimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\wcxg.ocx Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\wcxg.ocx Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\wcxg.ocx Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\wcxgres.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\wcxgres.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\wcxgres.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\welcoimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\welcoimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\welcoimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\wooriimg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\wooriimg.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\wooriimg.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgriddialog.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xgriddialog.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgriddialog.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridlist.cab Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport.fr3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport.fr3 Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport.fr3 Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport2.fr3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport2.fr3 Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport2.fr3 Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport3.fr3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport3.fr3 Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport3.fr3 Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport4.fr3 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport4.fr3 Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xgridreport4.fr3 Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xrpt.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\webcash\xgrid\temporary files\xrpt.dll Generic Write,Read Attributes
c:\program files (x86)\webcash\xgrid\temporary files\xrpt.dll Synchronize,Write Attributes
c:\program files (x86)\webcash\xgrid\tomatoimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\wcxg.ocx Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\wcxgres.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\welcoimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\wooriimg.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\xgriddialog.dll Synchronize,Write Data
c:\program files (x86)\webcash\xgrid\xrpt.dll Synchronize,Write Data

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\settings\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}::flags RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\settings\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}::version * RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\settings\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}::flags RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\settings\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}::version * RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\settings\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}::flags RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\settings\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}::version * RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\settings\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}::flags RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\settings\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}::version * RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\settings\{4f094496-2b3e-46d1-9668-5a7674bc047a}::flags RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\settings\{4f094496-2b3e-46d1-9668-5a7674bc047a}::version * RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\ext\settings\{4f094496-2b3e-46d1-9668-5a7674bc047a}::flags RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\settings\{4f094496-2b3e-46d1-9668-5a7674bc047a}::version * RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::type  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::flags  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::count  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::blocked  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::type  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::flags  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::count  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\iexplore::blocked  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::type  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::flags  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::count  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::blocked  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::type  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::flags  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::count  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}\iexplore::blocked  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::type  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::flags  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::count  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::blocked  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::type  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::flags  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::count  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\ext\stats\{4f094496-2b3e-46d1-9668-5a7674bc047a}\iexplore::blocked  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\activex compatibility\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}::compatibility flags RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\activex compatibility\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}::compatibility flags RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\activex compatibility\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}::compatibility flags RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\activex compatibility\{c403630e-cc00-4e3f-8d02-edf7e3d75ed3}::compatibility flags RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\activex compatibility\{4f094496-2b3e-46d1-9668-5a7674bc047a}::compatibility flags RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\activex compatibility\{4f094496-2b3e-46d1-9668-5a7674bc047a}::compatibility flags RegNtPreCreateKey
HKLM\software\classes\typelib\{0a79c51d-8376-4eab-ad7c-4af887003b00}\1.0:: WCXG Library RegNtPreCreateKey
HKLM\software\classes\typelib\{0a79c51d-8376-4eab-ad7c-4af887003b00}\1.0\flags:: 2 RegNtPreCreateKey
HKLM\software\classes\typelib\{0a79c51d-8376-4eab-ad7c-4af887003b00}\1.0\0\win32:: C:\Program Files (x86)\webcash\xgrid\wcxg.ocx RegNtPreCreateKey
HKLM\software\classes\typelib\{0a79c51d-8376-4eab-ad7c-4af887003b00}\1.0\helpdir:: C:\Program Files (x86)\webcash\xgrid\ RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}:: IXGrid RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}:: IXGrid RegNtPreCreateKey
HKLM\software\classes\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{7933ab0b-78fc-4485-a04e-80cd6f3febb4}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}:: IXGridEvents RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}\proxystubclsid32:: {00020420-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}:: IXGridEvents RegNtPreCreateKey
HKLM\software\classes\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}\proxystubclsid32:: {00020420-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{ca87695c-84ce-40dc-aa91-c25007b7e709}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}:: IXColumn RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}:: IXColumn RegNtPreCreateKey
HKLM\software\classes\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{28454f91-0b6a-4575-8a23-5c3b99792f0f}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}:: IXCurrencyColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}:: IXCurrencyColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{53f58d91-f72e-45d5-b01e-c8330face8aa}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}:: IXCheckColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}:: IXCheckColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{8f06a827-e173-4083-958f-3dd8ce4d926d}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}:: IXMaskColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}:: IXMaskColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{3f6398e4-1bcf-4e77-9e65-4f33674f405a}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}:: IXDateColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}:: IXDateColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{1eb3e9d8-dbf3-4d31-8cf7-8ebe28d416cd}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d1812602-126f-4f28-9279-e2b498992db8}:: IXHyperlinkColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d1812602-126f-4f28-9279-e2b498992db8}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d1812602-126f-4f28-9279-e2b498992db8}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d1812602-126f-4f28-9279-e2b498992db8}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{d1812602-126f-4f28-9279-e2b498992db8}:: IXHyperlinkColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{d1812602-126f-4f28-9279-e2b498992db8}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{d1812602-126f-4f28-9279-e2b498992db8}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{d1812602-126f-4f28-9279-e2b498992db8}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}:: IXTextColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}:: IXTextColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{c1f43a19-688f-473d-aac0-d7d0b07b3549}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}:: IXButtonColumnProperties RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}:: IXButtonColumnProperties RegNtPreCreateKey
HKLM\software\classes\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{d26d7a14-4af4-4f61-a91b-108442b4bf2d}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}:: IXSelectDir RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}:: IXSelectDir RegNtPreCreateKey
HKLM\software\classes\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{5f8c3997-101c-4dbf-9f6a-86ebee2a67ed}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}:: IXDuplication RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}:: IXDuplication RegNtPreCreateKey
HKLM\software\classes\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{cdb6c0bd-b375-49e4-82cd-000b71b964e5}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}:: IXGridFileMover RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}:: IXGridFileMover RegNtPreCreateKey
HKLM\software\classes\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\interface\{73906fe4-32ee-472d-8ede-051cf0b607a2}\typelib::version 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}:: XGridSaveForm Object RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}\inprocserver32:: C:\PROGRA~2\webcash\xgrid\wcxg.ocx RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wcxg.xgridfilemover:: XGridSaveForm Object RegNtPreCreateKey
HKLM\software\classes\wcxg.xgridfilemover\clsid:: {ABC4F18C-4340-47CB-9640-D1CD07A44168} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}\progid:: WCXG.XGridFileMover RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}\version:: 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\appid\{abc4f18c-4340-47cb-9640-d1cd07a44168}:: XGridSaveForm Object RegNtPreCreateKey
HKLM\software\classes\appid\{abc4f18c-4340-47cb-9640-d1cd07a44168}::dllsurrogate RegNtPreCreateKey
HKLM\software\classes\appid\wcxg.ocx::appid {ABC4F18C-4340-47CB-9640-D1CD07A44168} RegNtPreCreateKey
HKLM\software\classes\appid\{abc4f18c-4340-47cb-9640-d1cd07a44168}::accesspermission 耄DT0āԀāԀȁԀ ȠȁԀ Ƞ RegNtPreCreateKey
HKLM\software\classes\appid\{abc4f18c-4340-47cb-9640-d1cd07a44168}::launchpermission 耔L\0āကက āĀȁԀ ȠȁԀ Ƞ RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}::appid {ABC4F18C-4340-47CB-9640-D1CD07A44168} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}::localizedstring @C:\Program Files (x86)\webcash\xgrid\wcxg.ocx,-101 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{abc4f18c-4340-47cb-9640-d1cd07a44168}\elevation::enabled  RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{caa6c048-261d-45df-8d3d-dfb0ac3fa07e}:: XSelectDir Object RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{caa6c048-261d-45df-8d3d-dfb0ac3fa07e}\inprocserver32:: C:\PROGRA~2\webcash\xgrid\wcxg.ocx RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{caa6c048-261d-45df-8d3d-dfb0ac3fa07e}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wcxg.xselectdir:: XSelectDir Object RegNtPreCreateKey
HKLM\software\classes\wcxg.xselectdir\clsid:: {CAA6C048-261D-45DF-8D3D-DFB0AC3FA07E} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{caa6c048-261d-45df-8d3d-dfb0ac3fa07e}\progid:: WCXG.XSelectDir RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{caa6c048-261d-45df-8d3d-dfb0ac3fa07e}\version:: 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{caa6c048-261d-45df-8d3d-dfb0ac3fa07e}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}:: XGrid Control RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\inprocserver32:: C:\PROGRA~2\webcash\xgrid\wcxg.ocx RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wcxg.xgrid:: XGrid Control RegNtPreCreateKey
HKLM\software\classes\wcxg.xgrid\clsid:: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\progid:: WCXG.XGrid RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\version:: 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\miscstatus:: 0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\miscstatus\1:: R RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\toolboxbitmap32:: C:\Program Files (x86)\webcash\xgrid\wcxg.ocx,1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\control:: RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\verb:: RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3e086d34-0ed5-4a8e-bb6a-c4df5ac4357b}\verb\0:: Properties,0,2 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{45ebf434-e454-46fc-bc56-d7bf1a6636cc}:: XDuplication Object RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{45ebf434-e454-46fc-bc56-d7bf1a6636cc}\inprocserver32:: C:\PROGRA~2\webcash\xgrid\wcxg.ocx RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{45ebf434-e454-46fc-bc56-d7bf1a6636cc}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wcxg.xduplication:: XDuplication Object RegNtPreCreateKey
HKLM\software\classes\wcxg.xduplication\clsid:: {45EBF434-E454-46FC-BC56-D7BF1A6636CC} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{45ebf434-e454-46fc-bc56-d7bf1a6636cc}\progid:: WCXG.XDuplication RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{45ebf434-e454-46fc-bc56-d7bf1a6636cc}\version:: 1.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{45ebf434-e454-46fc-bc56-d7bf1a6636cc}\typelib:: {0A79C51D-8376-4EAB-AD7C-4AF887003B00} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{06965fef-f382-4bc8-9dcd-c010a4e3d3e8}:: XColumn Object RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{06965fef-f382-4bc8-9dcd-c010a4e3d3e8}\inprocserver32:: C:\PROGRA~2\webcash\xgrid\wcxg.ocx RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{06965fef-f382-4bc8-9dcd-c010a4e3d3e8}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wcxg.xcolumn:: XColumn Object RegNtPreCreateKey

96 additional registry modifications are not displayed above.

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\2df5ed79ca45b58f63ec924f2d6cb999c06387d6_0000226512.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ba6ab0d19149d9ed67c28a84865f083230b068af_0001385472.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...