Multi-License Discount Quote

Change Region

English Español Português
Threat Database Worms Malware.Jeefo

Malware.Jeefo

By Sumo3000 in Worms
Translate To:

Threat Scorecard

Popularity Rank: 4,996
Threat Level: 80 % (High)
Infected Computers: 5,059
First Seen: December 28, 2012
Last Seen: February 6, 2026
OS(es) Affected: Windows

Malware.Jeefo is a network worm that spreads via existing networks. Malware.Jeefo is designed to infect, prepend and overwrite certain files with its own body in order to deteriorate the performance of the system and execute malicious routines. Malware.Jeefo can be detected and removed with a recognized anti-malware application.

File System Details

Malware.Jeefo may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\STUBEXE\@SYSTEM@\server.exe
2. %Windir%\svchost.exe
3. %AppData%\addons.dat
4. %AppData%\Bifrost\logg.dat
5. %AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\XRegistry.bin

Registry Details

Malware.Jeefo may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
(Default) =
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

Analysis Report

General information

Family Name: Virus.Jeefo
Signature status: No Signature

Known Samples

MD5: bac11dd7c72e782d169d059fc21076a7
SHA1: 06f8794b2b5d5b3569b750c3c65ebb1c95c4e091
File Size: 2.29 MB, 2288848 bytes
MD5: 01120ff4964934bc53ce7d54b7a94d00
SHA1: 80f2a0bba5a78f6aba3fad98c144c007823a6830
File Size: 274.94 KB, 274944 bytes
MD5: 0226e3d8b3cd15539652a0c7d8aed0c8
SHA1: ca0fa51fcaaa5926966fab61d0ce88ceec824783
File Size: 242.76 KB, 242760 bytes
MD5: cc324fc58f193cbbe0436727bcab237e
SHA1: aed2466b7c9901becbc0bfafbefce413fa57fabc
SHA256: C9EAA95E1BA3732FCC73081B563FDB2DC9B61C93885DF74026B3A930213E5CC9
File Size: 464.80 KB, 464796 bytes
MD5: 9a1e7ec90a6cbfbd687c65dbb591ed9b
SHA1: 85b73b8783649804bafe6e391706fc379479eacd
SHA256: 382E33904B3CFE430FBD9D424DF2B77EAB8CAFE88FFFF6880653B3F5B2C40752
File Size: 6.90 MB, 6899712 bytes
Show More
MD5: 357e8d634a2431cd5db7251627adc2b0
SHA1: ef457a5ffae1fc4e12e96052ede38c5713c39b65
SHA256: F86D252BA5A618DF88486160DC4EF85B77BD6908D2D19EE10E3E52DA21B2A3C3
File Size: 4.95 MB, 4952576 bytes
MD5: 5374401311083121c0d4ff90f3775c46
SHA1: cf5afb055d33848a99c5db198c8ef1c965f86c2c
SHA256: 71BF7B04230062378A2EABF3AB961E6A0A1B9581AF2275E84CECA88DD3B949B5
File Size: 2.28 MB, 2278288 bytes
MD5: 7f105a1bb3e6eb7aa0ba77583655ff06
SHA1: 50f44609ba00bd37e81877187fc820d0a1b6d591
SHA256: 5E003295D37496DC63DDD8AB2F086A313030298B77C656EB293A48D759B3AF96
File Size: 1.41 MB, 1409536 bytes
MD5: b03805244ab40351887a3c656e53c52b
SHA1: 548da8d648c3ee92ae061610308ec7b6b9927b63
SHA256: 0A016BCBF561A55C532F4BAB7F7BD0F725442695E9EEC9702567D51EBEDEFF21
File Size: 986.35 KB, 986352 bytes
MD5: 6a31981c12e447fbfbc1d28b660e0e40
SHA1: c7eeb3e9f5a1131564c7139216cefe11976c69b4
SHA256: 9BD5BED33418F4314D515259BDB726928D21E678BF126469BDF753659DD02192
File Size: 668.16 KB, 668160 bytes
MD5: 830c9e9cb43a3e7e0d858fb141bceca1
SHA1: f29c48235765bc56199c89df419245753b26286f
SHA256: 7394C61E4DA9DB7160955AB1669B7B7CDD877ABCF0D2075A49B78ACDDD37FC57
File Size: 147.86 KB, 147864 bytes
MD5: 9a65505dfee8db03d5ed580f3b679e7c
SHA1: 60a77c87be0871f43878fe4d2d130aaa6e4ba5e1
SHA256: AEAA2ACA21A1BEB122EB7A826AB24B37629CD4268218F08F305B3BAF370E39F7
File Size: 2.43 MB, 2426680 bytes
MD5: 68fd6f6e159d72ecfa05d1aaceebe1ac
SHA1: 8ad9999f76d648f1abd971bf6b1b8c635ffeafad
SHA256: 8DD956EE6C4A1BB5116B26E2610E4B8BC918A03115C48B808C9E599D12B58FE4
File Size: 5.18 MB, 5181040 bytes
MD5: b800d6b6179d61a211bd94bf730752d1
SHA1: 339276ecccccad5e59bf757144b8131ac242159a
SHA256: 5FE839752D905B2666C1F13343DE8B3E3BAD279DCB2D1D457D8F786D5083854B
File Size: 4.07 MB, 4074320 bytes
MD5: 5331d124e12a0b2fb2a93649d2feb16e
SHA1: 5dae2f3783ef9cf44a58cf9857c8a090aa64ba42
SHA256: 2F75B13438535859CDBD4ACA58FC26DFFD1FF7C43F588D13CA88038DC282F774
File Size: 2.47 MB, 2470360 bytes
MD5: 71cd2be796bcffd11fbb38722ae92ebf
SHA1: db547adb9085343aa0c2718eb97138cd30a20733
SHA256: 54938013AF21A63F40C3A2E9CFE76CD6D5B72B61FBF99BA25A08582EF93955A9
File Size: 139.11 KB, 139112 bytes
MD5: 71a8163ae0600a4a972621e629c5bb23
SHA1: 791210d8e4292346b3cb32d80833ddb4cb197310
SHA256: A3A6715797021CCB5432C4AE565BCD6B82E1E464D863034BBC6DEC0F50B425E1
File Size: 3.46 MB, 3459456 bytes
MD5: 284de4adace652f1bd8c323a5ba8bbfd
SHA1: 52ca985a38c9dbfb7a2de044ff1d11e3cc143381
SHA256: 1577256F2B7E1BBA24F8FEACB647B86C87DDFDD4AD71CCE6E7C58A14300F9AB6
File Size: 3.19 MB, 3189792 bytes
MD5: 99af063622089b7b3d39dae9aff6cfb4
SHA1: cac9620abb2fe038e7f894851bfdfe1e975a7f5b
SHA256: EB98B429776E796176B9256811ACA3C88D722179F6D8C917C093AC6B99A3BCA5
File Size: 1.65 MB, 1653248 bytes
MD5: cc081d99b80f0717cd7f66e5bfbfda7c
SHA1: 95e799a26c0a21abbe2528b9b8c4bdc7ded95faf
SHA256: AC1A28E7CEF14F7D6F7B6C470DF006021EDC5C65F4676B9FBD3C5147778DB528
File Size: 1.06 MB, 1055520 bytes
MD5: d958642798644d91743cb58909a7160b
SHA1: 1f8ffba5cba276e19c968da5f05a0454e4cd689e
SHA256: F283ACEB49EEBD9AECC6301C2567DEC5AEFCF96FDD03A4CDB08498A75F40FC65
File Size: 3.23 MB, 3230192 bytes
MD5: 2ec290d8cae1d64268012aeecb63918f
SHA1: 3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc
SHA256: E5C3963F4EE95BDF51A5C4C8AE3E7AAF2CD5D6535883496F4D127799E783FA70
File Size: 1.63 MB, 1632696 bytes
MD5: b49d0df28675dd2bf01809f446f45065
SHA1: 1c830613bb8e7967cb9c8abe80da2eb71d268e23
SHA256: 9FC2FB67E0E3851ECFA2918234C0403FA62845F3A5428BE1286FE8EAF3A8D383
File Size: 377.70 KB, 377704 bytes
MD5: 940c3c67fad769578ff2a3587a096c81
SHA1: 5a81eec853f840d42db8c4adc687a5bf1ef59e4d
SHA256: E49E6E2730E8B5BB1E65C8C4F615C339BCBE0871981413753B7F2CAB5DE5DEC7
File Size: 8.67 MB, 8668821 bytes
MD5: 2b8e55410a41435dbe95ad825c27fc3d
SHA1: e79528b72787747ed393b85c01cc5e82f6003c7e
SHA256: 2305A93EFB1BD92817259744CCE6DF8F7C402F7A719AF672A15F573898616C47
File Size: 147.93 KB, 147928 bytes
MD5: ebf8be76c4cedb714dc8fbebd7e6395b
SHA1: 95af4c2af5c3c860c435476dc59b151abec15ff1
SHA256: 56AF85A0A5110EBAC7063A597EB3607A988132180DAE908D1FC93343729D89AE
File Size: 1.63 MB, 1632696 bytes
MD5: a095dfde65ccd5883b5c0ec84e9003cb
SHA1: af2046a570e0d9c199a8f3b72d37d3b2619e7e9c
SHA256: C26FFD840ED04C5C5F9B8BBDA8DD6FBD7A674E1E0FD462B5297465C7FA3D30AD
File Size: 1.70 MB, 1702976 bytes
MD5: b746d208a157cd7617749afc4eb2692b
SHA1: 6f29991ff2dcf2af0732681c94a5a76f22374341
SHA256: 7788DC8163CE45FE54E2B166D02C7C27BAA84AED9D66CF4CC9DE5CAF5C62D696
File Size: 9.22 MB, 9222312 bytes
MD5: 8005ef2cbd8d84b45ff7bc8528409637
SHA1: a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6
SHA256: EDB3EB991AE5CFB3191ECB7F8C2F048453F5EC7E9CE76EE587B936346B3E2E94
File Size: 236.80 KB, 236799 bytes
MD5: 6d970243be6911bdd3804dc1ee6a7e5a
SHA1: e988692d0914211bb1a263bcd4874eace5d0632d
SHA256: 28B7EDF5B4CB7DC24A7C33EA2F0D612055008B12AA472309BB3A2A68BAF0879E
File Size: 142.42 KB, 142416 bytes
MD5: c4206b6898495d21f0c347a50dc949d7
SHA1: 179a86a27cd7ef236be955637fde72c4bbd68758
SHA256: C6B3238133B600DC9E2B84177B7AD3AA6AD85F56AF927755ACB77F740E3B9863
File Size: 901.88 KB, 901880 bytes
MD5: 1161ffaea5d09d2410872b4ab7c205b4
SHA1: 6fbbd5d1fef672523420cf299db8776f690a0487
SHA256: A987B785B82C013A51479B6569840CB454AC890A1103257D9162D96FC261D1C7
File Size: 363.91 KB, 363912 bytes
MD5: ccee59dd9926f17279931100475ceb05
SHA1: 136e81e67d1ab0b524d6cb72e963842c2fbbec8f
SHA256: FC50FD64B492BA146F3E525229CDC435020921679DCE86973049DB38F7BC3141
File Size: 236.05 KB, 236048 bytes
MD5: ed063aa0c259e3e041b78b718cef2eea
SHA1: f851287d5bb1354f8a1445ee2232a660c9665a57
SHA256: B49F2AA03B8798303055E83DDD395F40EEC374F257418A98621025AD056F3015
File Size: 242.27 KB, 242272 bytes
MD5: eec6931f731360d1286caf1006435cad
SHA1: c2790efb9d35b8e4d2c74657a9abdfe154896be2
SHA256: 8305A3752788014B56C68C36C06817BE52938C17248711EB9933315F4B6BCEB7
File Size: 715.96 KB, 715960 bytes
MD5: 8808f0c0e39952c06b986434ca101b03
SHA1: b9d62c1d98626cc9c67883ba59c3327f2d2bbc49
SHA256: 9B17784C22CE0F1AD2447F87B88E088EA28F18FBC2C8795F084FB46D5049D879
File Size: 289.79 KB, 289792 bytes
MD5: 89e7bc29ca87e07c47bd2984750faf92
SHA1: 38e415555a00e46b9a4863f9d94b22e4a7de2076
SHA256: 000E5CD2A6726684C4BBF60ADA6BA6D56C9B897DA3FE53A506AFD8B326CAC376
File Size: 1.56 MB, 1561368 bytes
MD5: 3efcb1d280d9116e685b4feae701820c
SHA1: 5981cb56136386c70e604d7e0e588902399f170b
SHA256: 9502DC5E1BD5756FDFD1268075D94E4BBF2322DA55B3EEED1D67680BA43CF52F
File Size: 6.66 MB, 6662024 bytes
MD5: 69b9401cc41914e5b0672ddcaea8df64
SHA1: 4c4ed7856320d27a2b698f51933dd81753788df2
SHA256: 08ED8CD0608008EC2DCD91F8124B1B8E4CDD2C4EC386281E8246980FB7978C45
File Size: 627.91 KB, 627912 bytes
MD5: d25e8fd53b23b6acb8dfc04d66942e8f
SHA1: a2bf44d61a79b39b406be327135a4ea0243aa67f
SHA256: D146B0DD16FC099B13125DBF895C21722876E760E9E669FF0BC2745F18E653FE
File Size: 2.60 MB, 2601665 bytes
MD5: c2dfe2dadba9332faeb3600c0542863b
SHA1: 67a96a4eeae51a9c0a64d929ec20d73030f75753
SHA256: 89A1666B49D312354B4C689FF6E35B0D01C9C7BBB5EAE14324156F6A3076D90A
File Size: 5.38 MB, 5378568 bytes
MD5: 440ebd4eb68dab20fa00ca519b3f7882
SHA1: 284487b2a36b36c9214b12ce15d8d98af0776567
SHA256: D6D56163D59C9D799E3C63838E66BDD20C99506A5233709971829351CA6BEB9F
File Size: 1.07 MB, 1065624 bytes
MD5: 83b4da0c5e91e676c355a34ad0fe73da
SHA1: 09322303503ed0a70613110ca72e1bc790348882
SHA256: 5AD575DCCFE237328DE529EA01D57917C5D639ED0D8454A01AF98AAEA9724110
File Size: 36.35 KB, 36352 bytes
MD5: 27956f9d183b80dd80e050c704ec6ea3
SHA1: d1393b53bb6f5e97e95c682477198ad7920a07a0
SHA256: FDD929E7C83B3829D7F57B64B8A4CA1F1210C241B7039C14BA99E11925F6B1A5
File Size: 210.51 KB, 210515 bytes
MD5: d8f0313dadd468470ee2bd5247e2d868
SHA1: 75a9252469eb363974e72385814c5e189b0af47a
SHA256: 88B1A42516F52391C9F7BFDD897DBD803045BBF5584F31B6C3920D75EF491DBB
File Size: 3.03 MB, 3025408 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

92 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 4.5.0.0
  • 2.0.0.0
  • 1.1.1.0
  • 1.0.4022.27203
  • 1.0.0.0
Build 2008-11-30
Build Date 02/26/2025 11:09:07
Build Num 27(run 1)
Coder By BlueLife
Comments
  • ASUS WebStorage Panel
  • Command Line Interface application for all ACE Components
  • Crystal Launcher
  • Environmental Systems Research Institute, Inc.
  • This installation was built with Inno Setup.
  • Update
  • UpLauncher
  • Windows Update Blocker v1.6
Company Name
  • Adaware
  • Adobe Systems Incorporated
  • Advanced Micro Devices, Inc.
  • Advanced Micro Devices Inc.
  • ASUS Cloud Corporation
  • ASUSTek Computer Inc.
  • BraveSoftware Inc.
  • Discord Inc.
  • Eden Games
  • Electronic Arts
Show More
  • Environmental Systems Research Institute, Inc.
  • Freedom Scientific, Inc.
  • GitHub
  • https://crystal-launcher.net
  • Igor Pavlov
  • Intel Corporation
  • KLCP
  • Microsoft Corporation
  • MyCache
  • now.gg, Inc.
  • Python Software Foundation
  • Tencent
  • TODO: <Company name>
  • Wlodzimierz Grabowski, info@extranslator.com
  • www.sordum.org
  • Ymir Entertainment
File Description
  • 7z Setup SFX
  • Adaware Privacy
  • Adobe Acrobat 32BitMAPIBroker
  • Adobe Bootstrapper for Single Installation
  • AMD Software
  • ASUS WebStorage Panel
  • BlueStacks Setup
  • BraveSoftware Update
  • Client Activator
  • CrashReporter
Show More
  • Crystal Launcher
  • EA app
  • GameLoop
  • Generic Host Process for Win32 Services
  • Intel(R) Graphics Installer
  • KMPLoading
  • Metin2Client
  • Microsoft Edge Update
  • MyCache 1.0.0.0
  • NXTWEAKER
  • Opera installer SFX
  • Python
  • Radeon Additional Settings: Command Line Interface
  • Sample Converter, Browser, Player & Editor
  • Setup/Uninstall
  • Setup application
  • Simulate Store App Execution Application
  • TODO: <File description>
  • Tower of Fantacy Downloader
  • Update
  • UpLauncher
  • Windows Update Blocker v1.6
File Version
  • 117.0.5408.162
  • 51.1052.0.0
  • 25.1.20630.0
  • 24.5.20320.0
  • 23.01
  • 13.575.0.6088
  • 11.2.25.0
  • 11.1.0.0
  • 9.0.000.4
  • 5.1.0.0
Show More
  • 5.0
  • 4.57
  • 4.5.0.0
  • 4.0.0.1
  • 3.91.5299.81
  • 3.21.4873.80
  • 3.13.1
  • 3.5.9.1543
  • 2.9.2.4809
  • 2.0.0.0
  • 1.6.0.0
  • 1.3.361.151
  • 1.3.215.9
  • 1.3.185.27
  • 1.1.1.0
  • 1.0.28249.1
  • 1.0.85.3
  • 1.0.1.0
  • 1.0.0.1
  • 1.0.0.0
  • 1, 7, 49, 0
  • 0.0.6.120
Internal Name
  • 7zS.sfx
  • Adaware Privacy
  • AndroidEmulator
  • AsusWSPanel.exe
  • BlueStacks Installer
  • BraveSoftware Update
  • CLI.exe
  • CrashReporter.exe
  • CrystalLauncherInstaller.exe
  • EXSC
Show More
  • fsClientActivator.exe
  • GFX
  • Metin2Client
  • Microsoft Edge Update
  • Minidown
  • NXTWEAKER.exe
  • P1.exe
  • Python Application
  • setup
  • Setup.exe
  • SimAppExec.exe
  • svchost.exe
  • Update.exe
  • UpLauncher.exe
Language Id sr-Cyrl-RS
Legal Copyright
  • 2002-2015
  • 2024 (c) MyCache
  • Adaware Software Canada. All Rights Reserved.
  • ASUSTek Computer Inc.
  • Copyright (C)
  • Copyright (C), Intel Corporation. All rights reserved.
  • Copyright (c) 1999-2007 Igor Pavlov
  • Copyright (c) 1999-2023 Igor Pavlov
  • Copyright (c) 2007 - 2018, Advanced Micro Devices, Inc.
  • Copyright (c) 2010-2021 Bluestacks from Now.gg, Inc.
Show More
  • Copyright (C) 2011
  • Copyright (C) 2022 Pixel. All Rights Reserved.
  • Copyright (c) 2025 Discord Inc. All rights reserved.
  • Copyright (c) Electronic Arts. All rights reserved.
  • Copyright 1984-2024 Adobe Systems Incorporated and its licensors. All rights reserved.
  • Copyright 1984-2025 Adobe Systems Incorporated and its licensors. All rights reserved.
  • Copyright 2025, Freedom Scientific, Inc.
  • Copyright Microsoft Corporation
  • Copyright © 2001-2024 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.
  • Copyright © 2008 Adobe Systems Incorporated. All rights reserved.
  • Copyright © 2008 Wlodzimierz Grabowski
  • Copyright © 2016-2020 www.sordum.org All Rights Reserved.
  • Copyright © 2018
  • Copyright © 2020 Tencent. All Rights Reserved.
  • Copyright © 2025
  • Copyright © Crystal Launcher 2021
  • Copyright © Eden Games 2010
  • Copyright © GitHub 2013-2015
  • Esri, Inc.Copyright ©1999-2023 ESRI Inc. All Rights Reserved
  • Opera Software 2025
  • TODO: (c) <Company name>. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Legal Trademarks
  • ASUS Cloud Corporation
  • Extreme Sample Converter
  • Intel Corporation
Original Filename
  • 7zS.sfx.exe
  • 32BitMAPIBroker.exe
  • Adaware Privacy
  • AndroidEmulator.exe
  • AsusWSPanel.exe
  • BlueStacksInstaller.exe
  • BraveUpdate.exe
  • CLI.exe
  • CrashReporter.exe
  • CrystalLauncherInstaller.NX.exe
Show More
  • EAappInstaller.exe
  • EXSC.EXE
  • fsClientActivator.exe
  • goopdate.dll
  • igxpin.exe
  • Metin2Client.exe
  • Minidown.exe
  • msedgeupdate.dll
  • NXTWEAKER.exe
  • P1.exe
  • pythonw.exe
  • setup-win32-bundle.exe
  • Setup.exe
  • SimAppExec.exe
  • svchost.exe
  • Update.exe
  • UpLauncher.exe
  • Wub.exe
Product Name
  • 7-Zip
  • Adaware Privacy
  • Adobe Acrobat 32BitMAPIBroker
  • AMD Software
  • ASUS WebStorage Panel
  • ATK Hotkey
  • BlueStacks 5
  • Bootstrapper Small
  • BraveSoftware Update
  • Client Activator
Show More
  • CrashReporter
  • CrystalLauncherInstaller.NX
  • EA app
  • Extreme Sample Converter
  • GameLoop
  • Intel(R) Graphics
  • K-Lite Mega Codec Pack
  • KMPLoading
  • Metin2Client
  • Microsoft Edge Update
  • Microsoft® Windows® Operating System
  • MyCache 1.0.0.0
  • NXTWEAKER
  • Python
  • Radeon Additional Settings
  • Setup
  • TODO: <Product name>
  • Tower of Fantacy Downloader
  • Update
  • UpLauncher
Product Version
  • 117.0.5408.162
  • 25.1.20630.0
  • 24.5.20320.0
  • 23.01
  • 19.3.5
  • 13.575.0.6088
  • 11.2.25.400
  • 11.1.0.0
  • 9.0.000.4
  • 5.1.0.0
Show More
  • 5.0
  • 4.57
  • 4.5.0.0
  • 4.0.0.1
  • 3.13.1
  • 3,91,5299,81
  • 3,21,4873,80
  • 2.9.2.4809
  • 2.0.0.0
  • 1.6.0.0
  • 1.3.361.151
  • 1.3.215.9
  • 1.3.185.27
  • 1.1.1.0
  • 1.0.85.0
  • 1.0.1.0
  • 1.0.0.1
  • 1.0.0.0
  • 1, 7, 49, 0
  • 1, 0, 0, 1
  • 0.0.6.120
Program I D com.embarcadero.KMPLoading
Upstream Version 1.3.99.0
Productname Opera installer
Stream Stable

File Traits

  • 2+ executable sections
  • big overlay
  • Default Version Info
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • No Version Info
  • x86

Block Information

Total Blocks: 276
Potentially Malicious Blocks: 114
Whitelisted Blocks: 162
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x 0 x x x x 0 x 0 x x 0 x x x 0 0 0 0 x 0 x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 x 0 0 x 0 x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x x x 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Jeefo.A
  • MSIL.SnakeLogger.RF
  • Parite.F
  • Parite.FA
  • Parite.W

Files Modified

File Attributes
\device\namedpipe\crashpad_5800_ihqiytrtgkgnrvvk Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5800_ihqiytrtgkgnrvvk Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\intel\logs\intelgfx.log Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\programdata\adaware\adaware privacy\options\statistics.txt Generic Write,Read Attributes
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt Generic Write,Read Attributes
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.opera Synchronize,Append data
Show More
c:\users\user\appdata\local\temp\.opera\opera gx installer temp\setup.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera gx installer\opera_installer_20251111014647502.log Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\002ca840_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca840_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\002ca8ad_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca8ad_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\3feb7684702249987556e8d60973c0f3\sqlite.interop.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3feb7684702249987556e8d60973c0f3\sqlite.interop.dll.lock Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\5800_584333888 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\bios.fd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\bios.fd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\biosimageproc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\biosimageproc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\ding.wav Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\ding.wav Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\flshook.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\flshook.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\fwupdlcl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\fwupdlcl.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt-w.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt-w.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.cat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.cat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.inf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt32.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt32.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt64.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt64.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\mfc90u.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\mfc90u.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.crt.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.crt.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.mfc.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.mfc.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcp90.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcp90.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcr90.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcr90.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\platform.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\platform.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\wdfinst.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\wdfinst.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscd517f96\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscd517f96\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apinstaller.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\apresources\app.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946465645800.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946473615896.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946484551264.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_ui.lck Generic Write,Read Attributes,Delete
c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports\metadata Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports\settings.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe Generic Write,Read Attributes
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe Synchronize,Write Attributes
c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048 Generic Write,Read Attributes
c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048 Synchronize,Write Attributes
c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Generic Write,Read Attributes
c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880 Synchronize,Write Attributes
c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704 Generic Write,Read Attributes
c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704 Synchronize,Write Attributes
c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192 Generic Write,Read Attributes
c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192 Synchronize,Write Attributes
c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624 Generic Write,Read Attributes
c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624 Synchronize,Write Attributes
c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320 Generic Write,Read Attributes
c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320 Synchronize,Write Attributes
c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368 Generic Write,Read Attributes
c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368 Synchronize,Write Attributes
c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696 Generic Write,Read Attributes
c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696 Synchronize,Write Attributes
c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912 Generic Write,Read Attributes
c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912 Synchronize,Write Attributes
c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352 Generic Write,Read Attributes
c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352 Synchronize,Write Attributes
c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024 Generic Write,Read Attributes
c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024 Synchronize,Write Attributes
c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821 Generic Write,Read Attributes
c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821 Synchronize,Write Attributes
c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360 Generic Write,Read Attributes
c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360 Synchronize,Write Attributes
c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680 Generic Write,Read Attributes
c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680 Synchronize,Write Attributes
c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568 Generic Write,Read Attributes
c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568 Synchronize,Write Attributes
c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312 Generic Write,Read Attributes
c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312 Synchronize,Write Attributes
c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912 Generic Write,Read Attributes
c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912 Synchronize,Write Attributes
c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408 Generic Write,Read Attributes
c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408 Synchronize,Write Attributes
c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456 Generic Write,Read Attributes
c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456 Synchronize,Write Attributes
c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe Generic Write,Read Attributes
c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe Synchronize,Write Attributes
c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040 Generic Write,Read Attributes
c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040 Synchronize,Write Attributes
c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696 Generic Write,Read Attributes
c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696 Synchronize,Write Attributes
c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520 Generic Write,Read Attributes
c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520 Synchronize,Write Attributes
c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665 Generic Write,Read Attributes
c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665 Synchronize,Write Attributes
c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799 Generic Write,Read Attributes
c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799 Synchronize,Write Attributes
c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796 Generic Write,Read Attributes
c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796 Synchronize,Write Attributes
c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792 Generic Write,Read Attributes
c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792 Synchronize,Write Attributes
c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960 Generic Write,Read Attributes
c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960 Synchronize,Write Attributes
c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160 Generic Write,Read Attributes
c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160 Synchronize,Write Attributes
c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe Generic Write,Read Attributes
c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe Synchronize,Write Attributes
c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248 Generic Write,Read Attributes
c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248 Synchronize,Write Attributes
c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288 Generic Write,Read Attributes
c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288 Synchronize,Write Attributes
c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515 Generic Write,Read Attributes
c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515 Synchronize,Write Attributes
c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112 Generic Write,Read Attributes
c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112 Synchronize,Write Attributes
c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928 Generic Write,Read Attributes
c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928 Synchronize,Write Attributes
c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416 Generic Write,Read Attributes
c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416 Synchronize,Write Attributes
c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576 Generic Write,Read Attributes
c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576 Synchronize,Write Attributes
c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864 Generic Write,Read Attributes
c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864 Synchronize,Write Attributes
c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272 Generic Write,Read Attributes
c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272 Synchronize,Write Attributes
c:\users\user\downloads\squirrelsetup.log Generic Write,Read Attributes
c:\windows\svchost.exe Generic Write,Read Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1 RegNtPreCreateKey
HKLM\software\wow6432node\adaware\adaware privacy::machineid 268ddfeb-393b-01ab-2937-4e66db5d0964 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 㻇糆攢ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﯢ沎ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls C:\PROGRA~1\COMMON~1\System\symsrv.dll RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317  RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ǜ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://www.ledyazilim.com/logo.gifhttp://ksandrafashion.com/l RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 䡴⬋ RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::append 0 RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::file C:/Program Files (x86)/AMD/CIM/Log/Installer.log RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::level 3 RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::maxsize $ RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
Service Control
  • OpenSCManager
  • StartServiceCtrlDispatcher
Process Manipulation Evasion
  • NtUnmapViewOfSection
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetCurrentProcessorNumber
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2

17 additional items are not displayed above.

User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Network Info Queried
  • GetAdaptersAddresses
  • GetAdaptersInfo
  • GetNetworkParams
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • gethostname
  • inet_addr
  • recv
  • send
  • setsockopt
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
Network Winhttp
  • WinHttpOpen
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe"
"c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe"
"c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe"
Show More
"c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796"
"c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\85b73b8783649804bafe6e391706fc379479eacd_0006899712"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576"
"c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288"
"c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\50f44609ba00bd37e81877187fc820d0a1b6d591_0001409536"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352"
"c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160"
"c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864"
"c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680"
"c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040"
"c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320"
"c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320"
C:\Users\Uqrnhdiw\AppData\Local\Temp\7zSCD517F96\setup.exe C:\Users\Uqrnhdiw\AppData\Local\Temp\7zSCD517F96\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Uqrnhdiw\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Uqrnhdiw\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=117.0.5408.162 --initial-client-data=0x384,0x388,0x38c,0x360,0x390,0x73dcd2e4,0x73dcd2f0,0x73dcd2fc
"C:\Users\Uqrnhdiw\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360"
"c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112"
"c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456"
"c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248"
"c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520"
"c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192"
"c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696"
"c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704"
"c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821"
"c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821"
.\H2OFFT-W.exe -sfx7z "c:\users\user\downloads" execApp
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928"
"c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696"
"c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\af2046a570e0d9c199a8f3b72d37d3b2619e7e9c_0001702976"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312"
"c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799"
"c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416"
"c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416"
"c:\users\user\BraveUpdate.exe" /ondemand
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880"
"c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912"
"c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048"
"c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048"
"C:\Users\Odhrwpre\AppData\Local\BraveSoftware\Update\BraveUpdate.exe" /c
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272"
"c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960"
"c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960"
"c:\users\user\downloads\RadeonInstaller.exe" /IGNORE_UPGRADE
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792"
"c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792"
"C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368"
"c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024"
"c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912"
"c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665"
"c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568"
"c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624"
"c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515"
"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408"
"c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408"

Trending

Most Viewed

Loading...