Malware.Jeefo

By Sumo3000 in Worms

Translate To:

Threat Scorecard

Popularity Rank:	4,998
Threat Level:	80 % (High)
Infected Computers:	5,077

First Seen:	December 28, 2012
Last Seen:	March 22, 2026
OS(es) Affected:	Windows

Malware.Jeefo is a network worm that spreads via existing networks. Malware.Jeefo is designed to infect, prepend and overwrite certain files with its own body in order to deteriorate the performance of the system and execute malicious routines. Malware.Jeefo can be detected and removed with a recognized anti-malware application.

Table of Contents

File System Details

Malware.Jeefo may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\STUBEXE\@SYSTEM@\server.exe
Name: %AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\STUBEXE\@SYSTEM@\server.exe Type: Executable File Group: Malware file
2.	%Windir%\svchost.exe
Name: %Windir%\svchost.exe Type: Executable File Group: Malware file
3.	%AppData%\addons.dat
Name: %AppData%\addons.dat Type: Data file Group: Malware file
4.	%AppData%\Bifrost\logg.dat
Name: %AppData%\Bifrost\logg.dat Type: Data file Group: Malware file
5.	%AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\XRegistry.bin
Name: %AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\XRegistry.bin Type: Binary File Group: Malware file

Registry Details

Malware.Jeefo may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

Analysis Report

General information

Family Name:	Virus.Jeefo
Signature status:	No Signature

Known Samples

MD5: bac11dd7c72e782d169d059fc21076a7

SHA1: 06f8794b2b5d5b3569b750c3c65ebb1c95c4e091

File Size: 2.29 MB, 2288848 bytes

MD5: 01120ff4964934bc53ce7d54b7a94d00

SHA1: 80f2a0bba5a78f6aba3fad98c144c007823a6830

File Size: 274.94 KB, 274944 bytes

MD5: 0226e3d8b3cd15539652a0c7d8aed0c8

SHA1: ca0fa51fcaaa5926966fab61d0ce88ceec824783

File Size: 242.76 KB, 242760 bytes

MD5: cc324fc58f193cbbe0436727bcab237e

SHA1: aed2466b7c9901becbc0bfafbefce413fa57fabc

SHA256: C9EAA95E1BA3732FCC73081B563FDB2DC9B61C93885DF74026B3A930213E5CC9

File Size: 464.80 KB, 464796 bytes

MD5: 9a1e7ec90a6cbfbd687c65dbb591ed9b

SHA1: 85b73b8783649804bafe6e391706fc379479eacd

SHA256: 382E33904B3CFE430FBD9D424DF2B77EAB8CAFE88FFFF6880653B3F5B2C40752

File Size: 6.90 MB, 6899712 bytes

MD5: 357e8d634a2431cd5db7251627adc2b0

SHA1: ef457a5ffae1fc4e12e96052ede38c5713c39b65

SHA256: F86D252BA5A618DF88486160DC4EF85B77BD6908D2D19EE10E3E52DA21B2A3C3

File Size: 4.95 MB, 4952576 bytes

MD5: 5374401311083121c0d4ff90f3775c46

SHA1: cf5afb055d33848a99c5db198c8ef1c965f86c2c

SHA256: 71BF7B04230062378A2EABF3AB961E6A0A1B9581AF2275E84CECA88DD3B949B5

File Size: 2.28 MB, 2278288 bytes

MD5: 7f105a1bb3e6eb7aa0ba77583655ff06

SHA1: 50f44609ba00bd37e81877187fc820d0a1b6d591

SHA256: 5E003295D37496DC63DDD8AB2F086A313030298B77C656EB293A48D759B3AF96

File Size: 1.41 MB, 1409536 bytes

MD5: b03805244ab40351887a3c656e53c52b

SHA1: 548da8d648c3ee92ae061610308ec7b6b9927b63

SHA256: 0A016BCBF561A55C532F4BAB7F7BD0F725442695E9EEC9702567D51EBEDEFF21

File Size: 986.35 KB, 986352 bytes

MD5: 6a31981c12e447fbfbc1d28b660e0e40

SHA1: c7eeb3e9f5a1131564c7139216cefe11976c69b4

SHA256: 9BD5BED33418F4314D515259BDB726928D21E678BF126469BDF753659DD02192

File Size: 668.16 KB, 668160 bytes

MD5: 830c9e9cb43a3e7e0d858fb141bceca1

SHA1: f29c48235765bc56199c89df419245753b26286f

SHA256: 7394C61E4DA9DB7160955AB1669B7B7CDD877ABCF0D2075A49B78ACDDD37FC57

File Size: 147.86 KB, 147864 bytes

MD5: 9a65505dfee8db03d5ed580f3b679e7c

SHA1: 60a77c87be0871f43878fe4d2d130aaa6e4ba5e1

SHA256: AEAA2ACA21A1BEB122EB7A826AB24B37629CD4268218F08F305B3BAF370E39F7

File Size: 2.43 MB, 2426680 bytes

MD5: 68fd6f6e159d72ecfa05d1aaceebe1ac

SHA1: 8ad9999f76d648f1abd971bf6b1b8c635ffeafad

SHA256: 8DD956EE6C4A1BB5116B26E2610E4B8BC918A03115C48B808C9E599D12B58FE4

File Size: 5.18 MB, 5181040 bytes

MD5: b800d6b6179d61a211bd94bf730752d1

SHA1: 339276ecccccad5e59bf757144b8131ac242159a

SHA256: 5FE839752D905B2666C1F13343DE8B3E3BAD279DCB2D1D457D8F786D5083854B

File Size: 4.07 MB, 4074320 bytes

MD5: 5331d124e12a0b2fb2a93649d2feb16e

SHA1: 5dae2f3783ef9cf44a58cf9857c8a090aa64ba42

SHA256: 2F75B13438535859CDBD4ACA58FC26DFFD1FF7C43F588D13CA88038DC282F774

File Size: 2.47 MB, 2470360 bytes

MD5: 71cd2be796bcffd11fbb38722ae92ebf

SHA1: db547adb9085343aa0c2718eb97138cd30a20733

SHA256: 54938013AF21A63F40C3A2E9CFE76CD6D5B72B61FBF99BA25A08582EF93955A9

File Size: 139.11 KB, 139112 bytes

MD5: 71a8163ae0600a4a972621e629c5bb23

SHA1: 791210d8e4292346b3cb32d80833ddb4cb197310

SHA256: A3A6715797021CCB5432C4AE565BCD6B82E1E464D863034BBC6DEC0F50B425E1

File Size: 3.46 MB, 3459456 bytes

MD5: 284de4adace652f1bd8c323a5ba8bbfd

SHA1: 52ca985a38c9dbfb7a2de044ff1d11e3cc143381

SHA256: 1577256F2B7E1BBA24F8FEACB647B86C87DDFDD4AD71CCE6E7C58A14300F9AB6

File Size: 3.19 MB, 3189792 bytes

MD5: 99af063622089b7b3d39dae9aff6cfb4

SHA1: cac9620abb2fe038e7f894851bfdfe1e975a7f5b

SHA256: EB98B429776E796176B9256811ACA3C88D722179F6D8C917C093AC6B99A3BCA5

File Size: 1.65 MB, 1653248 bytes

MD5: cc081d99b80f0717cd7f66e5bfbfda7c

SHA1: 95e799a26c0a21abbe2528b9b8c4bdc7ded95faf

SHA256: AC1A28E7CEF14F7D6F7B6C470DF006021EDC5C65F4676B9FBD3C5147778DB528

File Size: 1.06 MB, 1055520 bytes

MD5: d958642798644d91743cb58909a7160b

SHA1: 1f8ffba5cba276e19c968da5f05a0454e4cd689e

SHA256: F283ACEB49EEBD9AECC6301C2567DEC5AEFCF96FDD03A4CDB08498A75F40FC65

File Size: 3.23 MB, 3230192 bytes

MD5: 2ec290d8cae1d64268012aeecb63918f

SHA1: 3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc

SHA256: E5C3963F4EE95BDF51A5C4C8AE3E7AAF2CD5D6535883496F4D127799E783FA70

File Size: 1.63 MB, 1632696 bytes

MD5: b49d0df28675dd2bf01809f446f45065

SHA1: 1c830613bb8e7967cb9c8abe80da2eb71d268e23

SHA256: 9FC2FB67E0E3851ECFA2918234C0403FA62845F3A5428BE1286FE8EAF3A8D383

File Size: 377.70 KB, 377704 bytes

MD5: 940c3c67fad769578ff2a3587a096c81

SHA1: 5a81eec853f840d42db8c4adc687a5bf1ef59e4d

SHA256: E49E6E2730E8B5BB1E65C8C4F615C339BCBE0871981413753B7F2CAB5DE5DEC7

File Size: 8.67 MB, 8668821 bytes

MD5: 2b8e55410a41435dbe95ad825c27fc3d

SHA1: e79528b72787747ed393b85c01cc5e82f6003c7e

SHA256: 2305A93EFB1BD92817259744CCE6DF8F7C402F7A719AF672A15F573898616C47

File Size: 147.93 KB, 147928 bytes

MD5: ebf8be76c4cedb714dc8fbebd7e6395b

SHA1: 95af4c2af5c3c860c435476dc59b151abec15ff1

SHA256: 56AF85A0A5110EBAC7063A597EB3607A988132180DAE908D1FC93343729D89AE

File Size: 1.63 MB, 1632696 bytes

MD5: a095dfde65ccd5883b5c0ec84e9003cb

SHA1: af2046a570e0d9c199a8f3b72d37d3b2619e7e9c

SHA256: C26FFD840ED04C5C5F9B8BBDA8DD6FBD7A674E1E0FD462B5297465C7FA3D30AD

File Size: 1.70 MB, 1702976 bytes

MD5: b746d208a157cd7617749afc4eb2692b

SHA1: 6f29991ff2dcf2af0732681c94a5a76f22374341

SHA256: 7788DC8163CE45FE54E2B166D02C7C27BAA84AED9D66CF4CC9DE5CAF5C62D696

File Size: 9.22 MB, 9222312 bytes

MD5: 8005ef2cbd8d84b45ff7bc8528409637

SHA1: a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6

SHA256: EDB3EB991AE5CFB3191ECB7F8C2F048453F5EC7E9CE76EE587B936346B3E2E94

File Size: 236.80 KB, 236799 bytes

MD5: 6d970243be6911bdd3804dc1ee6a7e5a

SHA1: e988692d0914211bb1a263bcd4874eace5d0632d

SHA256: 28B7EDF5B4CB7DC24A7C33EA2F0D612055008B12AA472309BB3A2A68BAF0879E

File Size: 142.42 KB, 142416 bytes

MD5: c4206b6898495d21f0c347a50dc949d7

SHA1: 179a86a27cd7ef236be955637fde72c4bbd68758

SHA256: C6B3238133B600DC9E2B84177B7AD3AA6AD85F56AF927755ACB77F740E3B9863

File Size: 901.88 KB, 901880 bytes

MD5: 1161ffaea5d09d2410872b4ab7c205b4

SHA1: 6fbbd5d1fef672523420cf299db8776f690a0487

SHA256: A987B785B82C013A51479B6569840CB454AC890A1103257D9162D96FC261D1C7

File Size: 363.91 KB, 363912 bytes

MD5: ccee59dd9926f17279931100475ceb05

SHA1: 136e81e67d1ab0b524d6cb72e963842c2fbbec8f

SHA256: FC50FD64B492BA146F3E525229CDC435020921679DCE86973049DB38F7BC3141

File Size: 236.05 KB, 236048 bytes

MD5: ed063aa0c259e3e041b78b718cef2eea

SHA1: f851287d5bb1354f8a1445ee2232a660c9665a57

SHA256: B49F2AA03B8798303055E83DDD395F40EEC374F257418A98621025AD056F3015

File Size: 242.27 KB, 242272 bytes

MD5: eec6931f731360d1286caf1006435cad

SHA1: c2790efb9d35b8e4d2c74657a9abdfe154896be2

SHA256: 8305A3752788014B56C68C36C06817BE52938C17248711EB9933315F4B6BCEB7

File Size: 715.96 KB, 715960 bytes

MD5: 8808f0c0e39952c06b986434ca101b03

SHA1: b9d62c1d98626cc9c67883ba59c3327f2d2bbc49

SHA256: 9B17784C22CE0F1AD2447F87B88E088EA28F18FBC2C8795F084FB46D5049D879

File Size: 289.79 KB, 289792 bytes

MD5: 89e7bc29ca87e07c47bd2984750faf92

SHA1: 38e415555a00e46b9a4863f9d94b22e4a7de2076

SHA256: 000E5CD2A6726684C4BBF60ADA6BA6D56C9B897DA3FE53A506AFD8B326CAC376

File Size: 1.56 MB, 1561368 bytes

MD5: 3efcb1d280d9116e685b4feae701820c

SHA1: 5981cb56136386c70e604d7e0e588902399f170b

SHA256: 9502DC5E1BD5756FDFD1268075D94E4BBF2322DA55B3EEED1D67680BA43CF52F

File Size: 6.66 MB, 6662024 bytes

MD5: 69b9401cc41914e5b0672ddcaea8df64

SHA1: 4c4ed7856320d27a2b698f51933dd81753788df2

SHA256: 08ED8CD0608008EC2DCD91F8124B1B8E4CDD2C4EC386281E8246980FB7978C45

File Size: 627.91 KB, 627912 bytes

MD5: d25e8fd53b23b6acb8dfc04d66942e8f

SHA1: a2bf44d61a79b39b406be327135a4ea0243aa67f

SHA256: D146B0DD16FC099B13125DBF895C21722876E760E9E669FF0BC2745F18E653FE

File Size: 2.60 MB, 2601665 bytes

MD5: c2dfe2dadba9332faeb3600c0542863b

SHA1: 67a96a4eeae51a9c0a64d929ec20d73030f75753

SHA256: 89A1666B49D312354B4C689FF6E35B0D01C9C7BBB5EAE14324156F6A3076D90A

File Size: 5.38 MB, 5378568 bytes

MD5: 440ebd4eb68dab20fa00ca519b3f7882

SHA1: 284487b2a36b36c9214b12ce15d8d98af0776567

SHA256: D6D56163D59C9D799E3C63838E66BDD20C99506A5233709971829351CA6BEB9F

File Size: 1.07 MB, 1065624 bytes

MD5: 83b4da0c5e91e676c355a34ad0fe73da

SHA1: 09322303503ed0a70613110ca72e1bc790348882

SHA256: 5AD575DCCFE237328DE529EA01D57917C5D639ED0D8454A01AF98AAEA9724110

File Size: 36.35 KB, 36352 bytes

MD5: 27956f9d183b80dd80e050c704ec6ea3

SHA1: d1393b53bb6f5e97e95c682477198ad7920a07a0

SHA256: FDD929E7C83B3829D7F57B64B8A4CA1F1210C241B7039C14BA99E11925F6B1A5

File Size: 210.51 KB, 210515 bytes

MD5: d8f0313dadd468470ee2bd5247e2d868

SHA1: 75a9252469eb363974e72385814c5e189b0af47a

SHA256: 88B1A42516F52391C9F7BFDD897DBD803045BBF5584F31B6C3920D75EF491DBB

File Size: 3.03 MB, 3025408 bytes

MD5: 3ff742807c8a438174c678fbc6c3aad3

SHA1: 9bf9fdcce71e1cfe4be3a7a5cb4f7b064a80b814

SHA256: 69F87FB2288E18850C3441AECFA9DB9FFF6D14CDC590A572B01F95B5AD72191C

File Size: 243.06 KB, 243064 bytes

MD5: 2b1e3c7312999a95f955856be1ee04ee

SHA1: 6fb3d03148215f6c95cdef5008a52ad869b3be24

SHA256: 7003336DA7AD0DA054EA2C07A234DA0D0F265D3158D854DB9AE5CE2C94C0EDA1

File Size: 1.68 MB, 1678800 bytes

MD5: 91b0e4030d7d84acc33c31f014ee7698

SHA1: ed92c2e5e304c366ba991ef68c056e1a15165518

SHA256: FB48F701A207E8E69EEBA370FA09DCA9DE8CD5E250D6FA6E284ACCD67FC59EBF

File Size: 281.09 KB, 281088 bytes

MD5: f55f15f384a17dad3b550e2fb443ac0d

SHA1: c77f3311b8a230042b323f84fb4438daab314cf3

SHA256: 43A76DA1904AD09C1F18006B466C8DDAD646C8ADD3E760BD01218093BE162FFB

File Size: 569.86 KB, 569856 bytes

MD5: 10bb8232245b8c32d7524a30f121a531

SHA1: a5d0f3dd3889db1efa18a874b5e8fb432fda2103

SHA256: 7AD49DF8D4A4C0262B5FAC0E0935896A249B2D3759C9DEDC765DC4884E5B107E

File Size: 605.69 KB, 605688 bytes

MD5: b89b56944b36207d1759dd4c7bba286c

SHA1: 7c739964a6fe6cdc609cc62828d179de8883982f

SHA256: 3A70B6C05E1CDCA4ADCDEECDDA1DDC9FA3375AB008CABA45F7490329C4CC3C5C

File Size: 8.10 MB, 8104042 bytes

MD5: d23fa27f2192162b90c72dec04911c64

SHA1: 064b1d43d44216a7b3ce80461f08cf398cbf2ff1

SHA256: 2C69F46D38E7C5C681063ABDD97B5C649121AA483623AF51EB0DE02FB740F271

File Size: 866.89 KB, 866895 bytes

MD5: 35995e4b894f9cda6ddff292840c1059

SHA1: 94645cbc8f77b719623aa657032452d1af9d93ee

SHA256: 1C9BBFE54E2A4A8AB91582F08C0D7B497B31498F827A7D174F53DE5366243CA6

File Size: 304.43 KB, 304432 bytes

MD5: 75534f4ccb4db323fad17463e1cf06c2

SHA1: e03a3d03036d21f87f0f685983c3e3de198bdd13

SHA256: 066480FCFB84170A9FC0AC5E98F0ECFDEE1353899A8D0440DF4EF7A4093FFC21

File Size: 2.92 MB, 2917729 bytes

MD5: 897558942d847c24f276df8a81c3d812

SHA1: 75a3771b64c9378a55484f063bb67221f68a9f96

SHA256: 992EE0F4EF881ED1EF33F794B53F0F64489270BAE34B87436502EF1A0CE2DA68

File Size: 243.30 KB, 243296 bytes

MD5: b4f9b952fe88216c2e481ec86cd455b5

SHA1: e4cdbfb27913c135c418bbf6a65841aae7de7c83

SHA256: 29900F50390F3AC6F9B52A4900494CABBDD54E9762A018733DECEE2D1AC01038

File Size: 234.42 KB, 234416 bytes

MD5: 4135ed866f99f4b3201567c65904367e

SHA1: 4feb196103db5ad57982e4135a2ff6558b283a80

SHA256: 123075504E80E65A905C66C050EBB18870D87C867BB189988AE2A1425CF11588

File Size: 1.16 MB, 1159952 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

141 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	5.22.167.1006 4.5.0.0 3.0.24037.2 2.0.0.0 1.1.1.0 1.0.4022.27203 1.0.0.0
Build	2008-11-30
Build Date	02/26/2025 11:09:07
Build Num	27(run 1)
Coder	By BlueLife
Comments	Acrobat Installer Utility ASUS WebStorage Panel Command Line Interface application for all ACE Components Crystal Launcher Environmental Systems Research Institute, Inc. This installation was built with Inno Setup. Update UpLauncher Windows Update Blocker v1.6
Company Name	Adaware Adobe Systems, Inc. Adobe Systems Incorporated Advanced Micro Devices, Inc. Advanced Micro Devices Inc. ASUS Cloud Corporation ASUSTek Computer Inc. BraveSoftware Inc. Caphyon LTD Discord Inc. Show More Eden Games Electronic Arts Environmental Systems Research Institute, Inc. Freedom Scientific, Inc. GitHub https://crystal-launcher.net Igor Pavlov Intel Corporation KLCP Microsoft Corporation MyCache NetEase(Hangzhou) Network Co. Ltd. now.gg, Inc. Oracle Corporation Python Software Foundation TechSmith Corporation Tencent TODO: <Company name> Wlodzimierz Grabowski, info@extranslator.com www.sordum.org Ymir Entertainment
Company Short Name	NetEase
File Description	7z Setup SFX Adaware Privacy ADelRCP Dynamic Link Library Adobe Acrobat 32BitMAPIBroker Adobe Bootstrapper for Single Installation Advanced Updater AMD Software ASUS WebStorage Panel BlueStacks 5 Uninstaller BlueStacks Setup Show More BraveSoftware Update Camtasia 2019 Client Activator CrashReporter Crystal Launcher EA app GameLoop Generic Host Process for Win32 Services GPG3 Intel(R) Graphics Installer Java Update Scheduler KMPLoading Metin2Client Microsoft Edge Update Motorola Device Management Update MyCache 1.0.0.0 NXTWEAKER Opera installer SFX Python Radeon Additional Settings: Command Line Interface Sample Converter, Browser, Player & Editor Setup/Uninstall Setup application Simulate Store App Execution Application TODO: <File description> Tower of Fantacy Downloader Update UpLauncher Windows Update Blocker v1.6 网易邮箱大师
File Version	117.0.5408.162 51.1052.0.0 25.1.20630.0 24.5.20320.0 23.01 19.0.2.4719 17.12.30249.10249 14, 5, 07, 0 13.575.0.6088 11.2.25.0 Show More 11.1.0.0 9.0.000.4 5.22.167.1006 5.5.4.1009 5.1.0.0 5.0 4.57 4.5.0.0 4.0.0.1 3.91.5299.81 3.21.4873.80 3.13.1 3.5.9.1543 3.0.24037.2 2.9.2.4809 2.8.481.10 2.1 2.0.0.0 1.6.0.0 1.3.361.151 1.3.225.7 1.3.215.9 1.3.185.27 1.1.1.0 1.0.28249.1 1.0.85.3 1.0.1.0 1.0.0.1 1.0.0.0 1, 7, 49, 0 0.0.6.120
Full Version	2.8.481.10
Internal Name	7zS.sfx Adaware Privacy ADelRCP AndroidEmulator AsusWSPanel.exe BlueStacks Installer BlueStacksUninstaller.exe BraveSoftware Update CLI.exe CrashReporter.exe Show More CrystalLauncherInstaller.exe EXSC fsClientActivator.exe GFX GPG3_adunit.exe Java Update Scheduler mailmaster.exe Metin2Client Microsoft Edge Update Minidown Motorola Device Management Update NXTWEAKER.exe P1.exe Python Application setup Setup.exe SimAppExec.exe svchost.exe Update.exe updater.exe UpLauncher.exe
Language Id	sr-Cyrl-RS
Legal Copyright	(c) Caphyon LTD. All rights reserved. 2002-2015 2024 (c) MyCache Adaware Software Canada. All Rights Reserved. ASUSTek Computer Inc. Copyright (C) Copyright (C), Intel Corporation. All rights reserved. Copyright (c) 1999-2007 Igor Pavlov Copyright (c) 1999-2023 Igor Pavlov Copyright (c) 2007 - 2018, Advanced Micro Devices, Inc. Show More Copyright (c) 2010-2021 Bluestacks from Now.gg, Inc. Copyright (C) 2011 Copyright (C) 2022 Pixel. All Rights Reserved. Copyright (C) 2024 NetEase. All rights reserved. Copyright (c) 2025 Discord Inc. All rights reserved. Copyright (c) Electronic Arts. All rights reserved. Copyright (c) TechSmith Corporation. All rights reserved. Copyright 1984-2024 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 1984-2025 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 2012 Copyright 2025, Freedom Scientific, Inc. Copyright Microsoft Corporation Copyright © 1998-2011 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright © 2001-2024 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. Copyright © 2008 Adobe Systems Incorporated. All rights reserved. Copyright © 2008 Wlodzimierz Grabowski Copyright © 2016-2020 www.sordum.org All Rights Reserved. Copyright © 2018 Copyright © 2020 Tencent. All Rights Reserved. Copyright © 2024 Copyright © 2025 Copyright © 2026 Copyright © BlueStacks by now.gg, Inc., 2011 through 2023, All Rights Reserved. Copyright © Crystal Launcher 2021 Copyright © Eden Games 2010 Copyright © GitHub 2013-2015 Esri, Inc.Copyright ©1999-2023 ESRI Inc. All Rights Reserved Opera Software 2025 TODO: (c) <Company name>. All rights reserved. © Microsoft Corporation. All rights reserved.
Legal Trademarks	ASUS Cloud Corporation Extreme Sample Converter Intel Corporation
Official Build	0
Original Filename	7zS.sfx.exe 32BitMAPIBroker.exe Adaware Privacy ADelRCP.dll AndroidEmulator.exe AsusWSPanel.exe BlueStacksInstaller.exe BlueStacksUninstaller.exe BraveUpdate.exe CamtasiaInstaller.exe Show More CLI.exe CrashReporter.exe CrystalLauncherInstaller.NX.exe EAappInstaller.exe EXSC.EXE fsClientActivator.exe goopdate.dll GPG3_adunit.exe igxpin.exe jusched.exe mailmaster.exe Metin2Client.exe MicrosoftEdgeUpdate.exe Minidown.exe MotorolaDeviceManagerUpdate.exe msedgeupdate.dll NXTWEAKER.exe P1.exe pythonw.exe setup-win32-bundle.exe Setup.exe SimAppExec.exe svchost.exe Update.exe updater.exe UpLauncher.exe Wub.exe
Product Name	7-Zip Adaware Privacy ADelRCP Dynamic Link Library Adobe Acrobat 32BitMAPIBroker Advanced Updater AMD Software ASUS WebStorage Panel ATK Hotkey BlueStacks 5 Bootstrapper Small Show More BraveSoftware Update Camtasia 2019 Client Activator CrashReporter CrystalLauncherInstaller.NX EA app Extreme Sample Converter GameLoop GPG3 Intel(R) Graphics Java Platform SE Auto Updater K-Lite Mega Codec Pack KMPLoading Metin2Client Microsoft Edge Update Microsoft® Windows® Operating System Motorola Device Management Update MyCache 1.0.0.0 NXTWEAKER Python Radeon Additional Settings Setup TODO: <Product name> Tower of Fantacy Downloader Update UpLauncher 网易邮箱大师
Product Short Name	网易邮箱大师
Product Version	117.0.5408.162 25.1.20630.0 24.5.20320.0 23.01 19.3.5 19.0.2.4719 17.12.30249.10249 14, 5, 07, 0 13.575.0.6088 11.2.25.400 Show More 11.1.0.0 9.0.000.4 5.22.167.1006 5.5.4.1009 5.1.0.0 5.0 4.57 4.5.0.0 4.0.0.1 3.13.1 3.0.24037.2 3,91,5299,81 3,21,4873,80 2.9.2.4809 2.8.481.10 2.0.0.0 2, 1, 0, 0 1.6.0.0 1.3.361.151 1.3.225.7 1.3.215.9 1.3.185.27 1.1.1.0 1.0.85.0 1.0.1.0 1.0.0.1 1.0.0.0 1, 7, 49, 0 1, 0, 0, 1 0.0.6.120
Program I D	com.embarcadero.KMPLoading
Upstream Version	1.3.99.0
Productname	Opera installer
Stream	Stable

File Traits

2+ executable sections
big overlay
Default Version Info
HighEntropy
Inno
InnoSetup Installer
Installer Manifest
Installer Version
No Version Info
x86

Block Information

Total Blocks:	276
Potentially Malicious Blocks:	114
Whitelisted Blocks:	162
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x 0 x x x x 0 x 0 x x 0 x x x 0 0 0 0 x 0 x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 x 0 0 x 0 x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x x x 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Jeefo.A
MSIL.SnakeLogger.RF
Parite.F
Parite.FA
Parite.W

Files Modified

File	Attributes
\device\namedpipe\crashpad_5800_ihqiytrtgkgnrvvk	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5800_ihqiytrtgkgnrvvk	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\intel\logs\intelgfx.log	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\adaware\adaware privacy\options\statistics.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt	Synchronize,Write Attributes

c:\users\user\appdata\local\netease\mailmaster\logs\app.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\.opera	Synchronize,Append data
c:\users\user\appdata\local\temp\.opera\opera gx installer temp\setup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera gx installer\opera_installer_20251111014647502.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\002ca840_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca840_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\002ca8ad_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca8ad_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\3feb7684702249987556e8d60973c0f3\sqlite.interop.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3feb7684702249987556e8d60973c0f3\sqlite.interop.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\5800_584333888	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\bios.fd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\bios.fd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\biosimageproc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\biosimageproc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\ding.wav	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\ding.wav	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\flshook.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\flshook.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\fwupdlcl.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\fwupdlcl.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt-w.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt-w.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.cat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.cat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.inf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.inf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt32.sys	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt32.sys	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt64.sys	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt64.sys	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\mfc90u.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\mfc90u.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.crt.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.crt.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.mfc.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.mfc.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcp90.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcp90.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcr90.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcr90.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\platform.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\platform.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\wdfinst.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\wdfinst.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscd517f96\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscd517f96\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_mei24922\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei24922\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei34082\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei41002\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei43882\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei45242\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei46002\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei47522\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei57722\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\_bz2.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\_ctypes.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\_decimal.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\_hashlib.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\_lzma.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\_socket.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\base_library.zip	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\libcrypto-3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\libffi-8.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\python311.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\select.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\unicodedata.pyd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei7322\vcruntime140.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\apinstaller.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\apresources\app.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jusched.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946465645800.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946473615896.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946484551264.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_ui.lck	Generic Write,Read Attributes,Delete
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\698460a0b6e60f2f602361424d832905_8bb23d43de574e82f2bee0df0ec47eeb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\8ec9b1d0abbd7f98b401d425828828ce_0f573fcd857350c13752ea188f27d043	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\c8e534ee129f27d55460ce17fd628216_1130d9b25898b0db0d4f04dc5b93f141	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\698460a0b6e60f2f602361424d832905_8bb23d43de574e82f2bee0df0ec47eeb	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\8ec9b1d0abbd7f98b401d425828828ce_0f573fcd857350c13752ea188f27d043	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\c8e534ee129f27d55460ce17fd628216_1130d9b25898b0db0d4f04dc5b93f141	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports\metadata	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports\settings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\064b1d43d44216a7b3ce80461f08cf398cbf2ff1_0000866895	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\064b1d43d44216a7b3ce80461f08cf398cbf2ff1_0000866895	Generic Write,Read Attributes
c:\users\user\downloads\064b1d43d44216a7b3ce80461f08cf398cbf2ff1_0000866895	Synchronize,Write Attributes
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe	Generic Write,Read Attributes
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe	Synchronize,Write Attributes

152 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey

HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1	RegNtPreCreateKey
HKLM\software\wow6432node\adaware\adaware privacy::machineid	268ddfeb-393b-01ab-2937-4e66db5d0964	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㻇糆攢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ﯢ沎ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ǜ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://www.ledyazilim.com/logo.gifhttp://ksandrafashion.com/l	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	䡴⬋	RegNtPreCreateKey
HKCU\software\apcr::u2_0	ᩣ	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::append	0	RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::file	C:/Program Files (x86)/AMD/CIM/Log/Installer.log	RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::level	3	RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::maxsize	$	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4::blob		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data	隞̃耀꧌ı˥	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess
Service Control	OpenSCManager StartServiceCtrlDispatcher
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext Show More ntdll.dll!NtAlpcDisconnectPort ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtFsControlFile ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetCurrentProcessorNumber ntdll.dll!NtLoadKeyEx ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryObject ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThread ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread 27 additional items are not displayed above.
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Network Info Queried	GetAdaptersAddresses GetAdaptersInfo GetNetworkParams
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	bind closesocket freeaddrinfo getaddrinfo gethostname inet_addr recv send setsockopt
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Network Wininet	HttpOpenRequest HttpSendRequest InternetConnect InternetOpen
Network Winhttp	WinHttpOpen
Process Terminate	TerminateProcess

Shell Command Execution


							"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe"


							"c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe"


							"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe"


							"c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe"


							"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe"


									"c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796"


									"c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\85b73b8783649804bafe6e391706fc379479eacd_0006899712"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576"


									"c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288"


									"c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\50f44609ba00bd37e81877187fc820d0a1b6d591_0001409536"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352"


									"c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160"


									"c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864"


									"c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680"


									"c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040"


									"c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320"


									"c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320"


									C:\Users\Uqrnhdiw\AppData\Local\Temp\7zSCD517F96\setup.exe C:\Users\Uqrnhdiw\AppData\Local\Temp\7zSCD517F96\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Uqrnhdiw\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Uqrnhdiw\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=117.0.5408.162 --initial-client-data=0x384,0x388,0x38c,0x360,0x390,0x73dcd2e4,0x73dcd2f0,0x73dcd2fc


									"C:\Users\Uqrnhdiw\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360"


									"c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112"


									"c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456"


									"c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248"


									"c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520"


									"c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192"


									"c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696"


									"c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704"


									"c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821"


									"c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821"


									.\H2OFFT-W.exe -sfx7z "c:\users\user\downloads" execApp


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928"


									"c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696"


									"c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\af2046a570e0d9c199a8f3b72d37d3b2619e7e9c_0001702976"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312"


									"c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799"


									"c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416"


									"c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416"


									"c:\users\user\BraveUpdate.exe" /ondemand


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880"


									"c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912"


									"c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048"


									"c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048"


									"C:\Users\Odhrwpre\AppData\Local\BraveSoftware\Update\BraveUpdate.exe" /c


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272"


									"c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960"


									"c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960"


									"c:\users\user\downloads\RadeonInstaller.exe"  /IGNORE_UPGRADE


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792"


									"c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792"


									"C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368"


									"c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024"


									"c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912"


									"c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665"


									"c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568"


									"c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624"


									"c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408"


									"c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\9bf9fdcce71e1cfe4be3a7a5cb4f7b064a80b814_0000243064"


									"c:\users\user\downloads\9bf9fdcce71e1cfe4be3a7a5cb4f7b064a80b814_0000243064"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6fb3d03148215f6c95cdef5008a52ad869b3be24_0001678800"


									"c:\users\user\downloads\6fb3d03148215f6c95cdef5008a52ad869b3be24_0001678800"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ed92c2e5e304c366ba991ef68c056e1a15165518_0000281088"


									"c:\users\user\downloads\ed92c2e5e304c366ba991ef68c056e1a15165518_0000281088"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c77f3311b8a230042b323f84fb4438daab314cf3_0000569856"


									"c:\users\user\downloads\c77f3311b8a230042b323f84fb4438daab314cf3_0000569856"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a5d0f3dd3889db1efa18a874b5e8fb432fda2103_0000605688"


									"c:\users\user\downloads\a5d0f3dd3889db1efa18a874b5e8fb432fda2103_0000605688"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\7c739964a6fe6cdc609cc62828d179de8883982f_0008104042"


									"c:\users\user\downloads\7c739964a6fe6cdc609cc62828d179de8883982f_0008104042"


									c:\users\user\downloads\7c739964a6fe6cdc609cc62828d179de8883982f_0008104042 "c:\users\user\downloads\7c739964a6fe6cdc609cc62828d179de8883982f_0008104042"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\064b1d43d44216a7b3ce80461f08cf398cbf2ff1_0000866895"


									"c:\users\user\downloads\064b1d43d44216a7b3ce80461f08cf398cbf2ff1_0000866895"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\94645cbc8f77b719623aa657032452d1af9d93ee_0000304432"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e03a3d03036d21f87f0f685983c3e3de198bdd13_0002917729"


									"c:\users\user\downloads\e03a3d03036d21f87f0f685983c3e3de198bdd13_0002917729"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\75a3771b64c9378a55484f063bb67221f68a9f96_0000243296"


									"c:\users\user\downloads\75a3771b64c9378a55484f063bb67221f68a9f96_0000243296"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e4cdbfb27913c135c418bbf6a65841aae7de7c83_0000234416"


									"c:\users\user\downloads\e4cdbfb27913c135c418bbf6a65841aae7de7c83_0000234416"


									C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 816


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\4feb196103db5ad57982e4135a2ff6558b283a80_0001159952"


									"c:\users\user\downloads\4feb196103db5ad57982e4135a2ff6558b283a80_0001159952"

Malware.Jeefo

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed