Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.OpenSUpdater.FO

Adware.OpenSUpdater.FO

By CagedTech in Adware

Analysis Report

General information

Family Name: Adware.OpenSUpdater.FO
Signature status: No Signature

Known Samples

MD5: 76858c1fc80345e35dd315efdbc4fc03
SHA1: 78f7eb7e6f3bdb77cb3e3e475182cdbb3af1e18b
SHA256: 47E31CA5BAA68E923E95CC3F10DD2B61EC3F1C0804E02D86E950BE327B83D28F
File Size: 5.85 MB, 5848803 bytes
MD5: 24c0d258bc4208708532ed317470921e
SHA1: 0aab66050ae376676e773b0284ea5d9c5779de0d
SHA256: 26D815411B7271A00E281BE49585AB18E82906ECC6EA6640914197EFE22B7B34
File Size: 5.88 MB, 5878499 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name 9bis.com
File Description SSH, Telnet, Rlogin, and SUPDUP client
File Version Release 0.76 (without embedded help)
Internal Name PuTTY
Legal Copyright Copyright © 1997-2023 Simon Tatham.
Original Filename KiTTY
Product Name KiTTY
Product Version Release 0.76 - Additional features on KiTTY That's all folks! by 9bis.com, 2005-2023

File Traits

  • big overlay
  • x86

Block Information

Total Blocks: 1,227
Potentially Malicious Blocks: 317
Whitelisted Blocks: 879
Unknown Blocks: 31

Visual Map

0 x x x 0 x 0 0 x 0 0 0 0 x x 0 0 x x x 0 x 0 x 0 x 0 0 0 0 0 0 x 0 x 0 x 0 x 0 0 0 0 0 x x 0 0 x 0 x x x 0 x x 0 x 0 x 0 x x x x x x 0 x 0 x 0 x x 0 x x x x x 0 x x x x 0 0 0 0 x x x x x x x x x x x x x 0 x x 0 0 x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x 0 0 x x x x 0 x x x 0 x x 0 x 0 0 x x x x 0 x x x 0 x x x x x x x x x x x x x 0 0 x x x x 0 0 x x x x x x x x 0 0 0 0 0 x x x x x 0 x 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 x 0 x x 0 x x x 0 x 0 x 0 x 0 0 x x x x x 0 x x x x x x x x 0 x 0 0 x 0 x x 0 0 0 0 0 x x 0 0 x x 0 x x x 0 x x x x x x x 0 0 x x x x x x x x x x x x x x x x 0 x 0 x x 0 0 0 x 0 0 0 x x x x 0 x x x x x 0 x 0 0 x x x 0 x 0 0 x x x 0 0 x 0 0 0 x 0 0 x x x x 0 0 0 x x 0 0 x x 0 0 0 x x 0 x x x x 0 x 0 x 0 x 0 x x 0 0 x 0 x x x 0 x x x x x x x 0 0 x 0 0 0 0 0 x x x x 0 0 0 0 0 x x x x x 0 0 x x 0 x x x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 ? ? x ? x 0 x ? x ? x x 0 x 0 x 0 ? ? x 0 x ? ? x x 0 x ? 0 0 x ? x 0 x ? 0 x x x 0 ? ? 0 x x x ? x 0 x ? x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x x 0 x ? ? 0 x x 0 x ? ? x x x 0 ? ? ? x x 0 x ? ? x x 0 ? ? x ? x 0 x ? x x 0 x ? 0 0 x 2 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 3 1 1 1 1 0 2 2 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • OpenSUpdater.FO

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs02151da7 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs02151da7\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs02151da7\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0fd47330\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0fd47330\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\kitty\kitty.ini Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\9bis.com\kitty::folders Default RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kicount 1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kilastup 1761484604/1761484604 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kilastuh 1vv3bGFMx5/4j64/BIHeAPDG1MC534E6w/TIuerPAGK RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kisess 0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kivers 4n0x11DJDQ1pDt5QPQQ1DPt7PN/W RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kipath C:\Users\Tbntjepf\AppData\Local\Temp\7zS0FD47330\setup.exe RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kilic KI670-5LNXU-VLT4Q-KI9FV-A6DH0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::build 0.76.1.13 @ 17/09/2023-17:11:48(GMT) RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::present  RegNtPreCreateKey
Show More
HKCU\software\9bis.com\kitty\sessions\default%20settings::hostname RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logfilename kitty.log RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logtype RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logfileclash ￿￿ RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logflush  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logheader  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshlogomitpasswords  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshlogomitdata RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::protocol ssh RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::portnumber  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::closeonexit  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::warnonclose  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pinginterval RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pingintervalsecs RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::tcpnodelay  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::tcpkeepalives RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::terminaltype xterm RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::terminalspeed 38400,38400 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::terminalmodes CS7=A,CS8=A,DISCARD=A,DSUSP=A,ECHO=A,ECHOCTL=A,ECHOE=A,ECHOK=A,ECHOKE=A,ECHONL=A,EOF=A,EOL=A,EOL2=A,ERASE=A,FLUSH=A,ICANON=A,ICR RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::addressfamily RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyexcludelist RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxydns  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxylocalhost RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxymethod RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyhost proxy RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyport P RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyusername RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxypassword RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxytelnetcommand connect %host %port\n RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxylogtoterm  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::environment RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::username RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::usernamefromenvironment RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::localusername RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nopty RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::compression RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::tryagent  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::agentfwd RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gssapifwd RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::changeusername RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::cipher aes,chacha20,3des,WARN,des,blowfish,arcfour RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::kex ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::hostkey ed448,ed25519,ecdsa,rsa,dsa,WARN RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::preferknownhostkeys  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rekeytime < RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gssapirekey  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rekeybytes 1G RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshnoauth RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshnotrivialauth RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshbanner  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authtis RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authki  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authgssapi  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authgssapikex  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gsslibs gssapi32,sspi,custom RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gsscustom RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshnoshell RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshprot  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::loghost RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ssh2des RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::publickeyfile RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::remotecommand RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rfcenviron RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::passivetelnet RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::backspaceisdelete  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::entersendscrlf RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rxvthomeend RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::linuxfunctionkeys RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noapplicationkeys RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noapplicationcursors RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nomousereporting RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremoteresize RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noaltscreen RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremotewintitle RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremoteclearscroll RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::remoteqtitleaction  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nodbackspace RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremotecharset RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::applicationcursorkeys RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::applicationkeypad RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nethackkeypad RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::altf4  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::altspace RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::altonly RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::composekey RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ctrlaltkeys  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::telnetkey RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::telnetret  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::localecho  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::localedit  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::answerback KiTTY RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::alwaysontop RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fullscreenonaltenter RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::hidemouseptr RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sunkenedge RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowborder  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::curtype  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::blinkcur  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::beep  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::beepind RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::bellwavefile RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverload  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverloadn  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverloadt ߐ RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverloads RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollbacklines RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::decoriginmode RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::autowrapmode  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::lfimpliescr RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::crimplieslf RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::disablearabicshaping RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::disablebidi RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::winnamealways  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wintitle RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::termwidth P RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::termheight  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::font Courier New RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontisbold RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontcharset RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontheight RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontquality  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontvtmode  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::usesystemcolours RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::trypalette RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ansicolour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::xterm256colour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::truecolour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::boldascolour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowclosable  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowminimizable  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowmaximizable  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowhassysmenu  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::disablebottombuttons  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour0 187,187,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour1 255,255,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour2 0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour3 85,85,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour4 0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour5 0,255,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour6 0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour7 85,85,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour8 187,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour9 255,85,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour10 0,187,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour11 85,255,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour12 187,187,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour13 255,255,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour14 0,0,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour15 85,85,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour16 187,0,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour17 255,85,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour18 0,187,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour19 85,255,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour20 187,187,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour21 255,255,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rawcnp RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::utf8linedraw RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pastertf RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mouseisxterm RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rectselect RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pastecontrols RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mouseoverride  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness0 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness32 0,1,2,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness64 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness96 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness128 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness160 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness192 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness224 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mouseautocopy  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mousepaste explicit RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ctrlshiftins explicit RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ctrlshiftcv none RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::linecodepage RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::cjkambigwide RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::utf8override  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::printer RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::capslockcyr RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollbar  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollbarfullscreen RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollonkey RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollondisp  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::erasetoscrollback  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::locksize RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::bce  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::blinktext RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::x11forward RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::x11display RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::x11authtype  RegNtPreCreateKey

113 additional registry modifications are not displayed above.

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
Network Winsock2
  • WSAStartup
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

.\setup.exe

Trending

Most Viewed

Loading...