Multi-License Discount Quote

Change Region

English
Threat Database Adware Multiplug

Multiplug

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 571
Threat Level: 20 % (Normal)
Infected Computers: 456,085
First Seen: May 23, 2014
Last Seen: January 16, 2026
OS(es) Affected: Windows

If your anti-virus software is detecting a Multiplug infection, this may mean that adware has been detected on your computer. These types of infections take the form of an extension or toolbar for your Web browser and are designed to generate revenue from advertising and affiliate marketing on the affected computer. The Multiplug infections are not particularly threatening and can be removed in a simpler manner than with other, more severe types of threats. However, despite that the Multiplug infection is categorized as adware, this does not mean that Multiplug is not severely disruptive. Many of the symptoms associated with Multiplug also may appear in cases of a more harmful threat like the Sirefef rootkit.

Multiplug may make the affected Web browser difficult to use and also may be difficult to remove completely because, if not removed entirely, Multiplug may come back to the affected computer. The Multiplug infections may cause the appearance of pop-up windows and error messages and cause alterations to your computer and Web browser preferences. In most cases, Multiplug also may make it difficult to use the affected Web browser because of its constant interruptions.

The Advertisements Exhibited by Multiplug May Lead to Unsafe Websites

Symptoms associated with Multiplug may prevent computer users from using the infected computer effectively. The main purpose of Multiplug and similar infections is to profit at the expense of the computer user, mainly using advertisement revenue and affiliate marketing schemes. Because of this, the main purpose of Multiplug infections is to display advertisements on the infected Web browser or to force computer users to visit websites containing advertisements and affiliate marketing links repeatedly. Multiplug also may insert advertisements and links into online content that would normally not have these types of components. Many of these advertisements may be disruptive, and include video or audio content.

Multiplug may add banners, linked text, and similar advertisements to websites viewed on the affected Web browser. Many of the advertisements associated with Multiplug may be difficult to close, appear repeatedly, or open new Web browser windows or tabs when the computer user closes the advertisements. Some of the symptoms of the Multiplug infections that may be noticed easily include browser redirects to websites associated with Multiplug, the appearance of an unwanted toolbar on the infected Web browser, changes to the compromised Web browser's homepage and default search engine, browser redirects to websites associated with Multiplug, and poor system and Web browser's performance and Internet connection speed. Multiplug may change the affected Web browser's homepage and default search engine to websites associated with Multiplug and, in some cases, also may change the affected Web browser's security settings to make it easier for other unwanted components to be installed.

How Multiplug may Enter a Computer

The main way in which Multiplug is distributed is by bundling this adware with legitimate, free software. Shady marketers may hide Multiplug and the option to opt out of installing these types of components. Browser toolbars associated with Multiplug are very common when downloading free software from download websites with poorly regulated content. You can stay away from these types of tactics by paying attention to the installation process when installing new software on your computer. In many cases, computer users may be opted in automatically to begin the installation of Multiplug when installing other software. The option to drop out may be hidden, needing computer users to select 'custom' or 'advanced' installation. The language informing the computer user on how to opt out of installing Multiplug may be convoluted, using double negatives as well as multiple, confusing confirmation messages. This is all deliberate, ensuring that inexperienced computer users allow Multiplug to enter their computers, believing Multiplug to be a legitimate component.

Aliases

14 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG Generic6.AXCM
Fortinet Riskware/MultiPlug
Ikarus PUA.Multiplug
Panda Generic Suspicious
AhnLab-V3 PUP/Win32.MultiPlug
McAfee-GW-Edition MultiPlug-FYT
TrendMicro TROJ_GEN.R021C0FF915
F-Secure Gen:Variant.Adware.Kazy
Kaspersky Trojan-Dropper.Win32.Agent.biqise
ClamAV Win.Trojan.Agent-880756
Avast Win32:PUP-gen [PUP]
Symantec PUA.Gen.2
K7AntiVirus Trojan ( 0040fa761 )
CAT-QuickHeal TrojanDropper.Agent.g6

Multiplug Screenshots

File System Details

Multiplug may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. gamestechstore_helper_service.exe eafb798e13c296281878e70bcfe41a69 368
2. A0034853.exe 17f601c301cfcf559f496bf268533fc1 263
3. SectionDouble.dll ff5ca4e5d5425589a14064a34e20b4b1 51
4. SystemAssister.dll 419b9a3aa15b866aafd5ec08847d4a61 34
5. TextEnhance_26.0.1773.401.dll 43eea0c9b47d493fa5cbb7f823f6b14f 21
6. TextEnhance.dll 30d21c9739fcf4fb21c26ce396e54b10 12
7. 5b99d07a4b94bec2a61b0e99bcb027c13e411c35785bab14599fa1bc2f59ab10.exe 6c0aa4a07293103f8efb00ae5d7968ae 1
8. PragmaMaker.dll a1965fdddaac1b4c845984dc636d1066 1
9. PragmaGeneration.dll 73d090cde17b05df9e4d8f28c2e248f7 1
10. PragmaFunc.dll d32457048b71db2b49e8718db7f57795 1
11. PragmaEdit.dll 9e18b5177db0318259d5a1e0c03f8adf 1
12. PragmaInstance.dll aff69b29881975ef4af17e1e7760f6cd 1
13. 2163ea13116fdd9a1add4d7966c7b2a3f5da4e8eaa5ac340cdbb290510ad21b1.exe 74f7a01054b981708f7335510834124c 1
14. PragmaMonitor.dll e845a02ade4d0e6ce26303989c0c366c 1
15. spyhunter 4.17.6.4336 full version with patch.exe af8685a1052b3013679584c6246284b7 1
16. Troj31.exe 6b940263fda0d67f604a7784c9db2390 1
17. TextEnhance.exe c05c9608289ac4bdaea46e31308d3531 1
18. Perplexed Examination.exe d7411b426fbed97813cff3775e932df4 1
19. Sk-Enhancer.exe 08fd9792eb734a2de1c9766251172062 1
20. RelaySys.dll d83d29c41d81dae61e6acd07110fada4 1
21. WebLight_x64.dll 5ce8eb47df6a284281572ff9ef95012e 1
22. weblight.dll b5c305c3b2ff2e35d4a270fad0675649 1
23. WebLightSvc.dll 85cb067676c2b654a510566905956f43 1
24. TextEnhance_6.2.2999.522.dll 3b2697d63c404ce3eec49de4c4741c0f 1
25. Flava Clipper.exe 1ce9fe173a0c0d14a670488daee98fcf 0
26. file.exe e20d9121513d22e39a64034dcf41d1cd 0
More files

Registry Details

Multiplug may create the following registry entry or registry entries:
CLSID
{0F19EF48-CB8C-416A-B84C-C33B02970632}
{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}
{157B1AA6-3E5C-404A-9118-C1D91F537040}
{382F6195-1B46-40D5-B9FD-0493263E6132}
{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
{3C94CD82-91C5-4DA7-AC36-BC96B16DEB26}
{41F978F3-431A-4464-A789-5C0692D562FB}
{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
{5F189DF5-2D05-472B-9091-84D9848AE48B}
{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}
{9129BF03-EE04-4C16-B8AA-5DA6ADE6AB2B}
{9B41579A-1996-42F9-8F84-7B7786818CEF}
{9D4DC1C6-EFD1-44B1-91F9-6C7D4FC13CBD}
{ADA38E4E-F20A-4399-BE91-E260AC341C69}
{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}
{C3510196-382C-41D1-8E63-6E84DB3709C9}
{DFF50D27-9859-4F50-9BE1-A4CBFA102B9D}
{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
{E2343056-CC08-46AC-B898-BFC7ACF4E755}
{E481A870-86C7-44E1-97DF-E759FC147CBE}
{E55496A1-3090-44B0-96BF-518EA4B6828B}
{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
{EB559340-3A8F-4456-B24D-160098054EF0}
{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}
Regexp file mask
%APPDATA%\appdataFr[NUMBERS].bin
%PROGRAMFILES%\AppendGeneration\AppendGeneration.dll
%PROGRAMFILES%\AppendInit\AppendInit.dll
%PROGRAMFILES%\AppendMonitor\AppendMonitor.dll
%PROGRAMFILES%\BorderlineMaker\BorderlineMaker.dll
%PROGRAMFILES%\brainwash\brainwash.dll
%PROGRAMFILES%\CutterFoobar\CutterFoobar.dll
%PROGRAMFILES%\decodit\decodit.dll
%PROGRAMFILES%\goopad\goopad.dll
%PROGRAMFILES%\IncludeInstance\IncludeInstance.dll
%PROGRAMFILES%\IncludeMonitor\IncludeMonitor.dll
%PROGRAMFILES%\IncrementEdit\IncrementEdit.dll
%PROGRAMFILES%\IncrementModule\IncrementModule.dll
%PROGRAMFILES%\IncrementMonitor\IncrementMonitor.dll
%PROGRAMFILES%\IndepthFunc\IndepthFunc.dll
%PROGRAMFILES%\LinkFunc\LinkFunc.dll
%PROGRAMFILES%\PathFoobar\PathFoobar.dll
%PROGRAMFILES%\PragmaEdit\PragmaEdit.dll
%PROGRAMFILES%\ProcessFoobar\ProcessFoobar.dll
%PROGRAMFILES%\ProcessMaker\ProcessMaker.dll
%PROGRAMFILES%\ReactorKeeper\ReactorKeeper.dll
%PROGRAMFILES%\ReactorSubs\ReactorSubs.dll
%PROGRAMFILES%\RelayDouble\RelayDouble.dll
%PROGRAMFILES%\RelaySoft\RelaySoft.dll
%PROGRAMFILES%\RelaySys\RelaySys.dll
%PROGRAMFILES%\sayescoupon\sayescoupon.dll
%PROGRAMFILES%\SegmentProlonger\SegmentProlonger.dll
%PROGRAMFILES%\SegmentSystem\SegmentSystem.dll
%PROGRAMFILES%\SoftwarePlus\SoftwarePlus.dll
%PROGRAMFILES%\StatFoobar\StatFoobar.dll
%PROGRAMFILES%\SystemConserve\SystemConserve.dll
%PROGRAMFILES%\SystemEnterprise\SystemEnterprise.dll
%PROGRAMFILES%\SystemHelp\SystemHelp.dll
%PROGRAMFILES%\SystemRaise\SystemRaise.dll
%PROGRAMFILES%\SystemUphold\SystemUphold.dll
%PROGRAMFILES%\TerminusDefender\TerminusDefender.dll
%PROGRAMFILES%\TerminusExtender\TerminusExtender.dll
%PROGRAMFILES%\TerminusMaker\TerminusMaker.dll
%PROGRAMFILES%\ToolMaker\ToolMaker.dll
%PROGRAMFILES%\TrimAppend\TrimAppend.dll
%PROGRAMFILES%\TrimEdit\TrimEdit.dll
%PROGRAMFILES%\turbostrength\turbostrength.dll
%PROGRAMFILES(x86)%\AppendEngine\AppendEngine.dll
%PROGRAMFILES(x86)%\AppendFoobar\AppendFoobar.dll
%PROGRAMFILES(x86)%\AppendInit\AppendInit.dll
%PROGRAMFILES(x86)%\AppendModule\AppendModule.dll
%PROGRAMFILES(x86)%\AppendRunner\AppendRunner.dll
%PROGRAMFILES(x86)%\BorderlineEngine\BorderlineEngine.dll
%PROGRAMFILES(x86)%\BorderlineInit\BorderlineInit.dll
%PROGRAMFILES(x86)%\BorderlineMonitor\BorderlineMonitor.dll
%PROGRAMFILES(x86)%\couponight\couponight.dll
%PROGRAMFILES(x86)%\CutterFoobar\CutterFoobar.dll
%PROGRAMFILES(x86)%\CutterProc\CutterProc.dll
%PROGRAMFILES(x86)%\decodit\decodit.dll
%PROGRAMFILES(x86)%\goopad\goopad.dll
%PROGRAMFILES(x86)%\IncludeInstance\IncludeInstance.dll
%PROGRAMFILES(x86)%\IncrementEdit\IncrementEdit.dll
%PROGRAMFILES(x86)%\IncrementFunc\IncrementFunc.dll
%PROGRAMFILES(x86)%\IncrementProc\IncrementProc.dll
%PROGRAMFILES(x86)%\IndepthEngine\IndepthEngine.dll
%PROGRAMFILES(x86)%\IndepthMonitor\IndepthMonitor.dll
%PROGRAMFILES(x86)%\IndepthProc\IndepthProc.dll
%PROGRAMFILES(x86)%\LinkFunc\LinkFunc.dll
%PROGRAMFILES(x86)%\LinkGeneration\LinkGeneration.dll
%PROGRAMFILES(x86)%\PathGeneration\PathGeneration.dll
%PROGRAMFILES(x86)%\PragmaEdit\PragmaEdit.dll
%PROGRAMFILES(x86)%\PragmaGeneration\PragmaGeneration.dll
%PROGRAMFILES(x86)%\PragmaMaker\PragmaMaker.dll
%PROGRAMFILES(x86)%\PragmaModulator\PragmaModulator.dll
%PROGRAMFILES(x86)%\PragmaSystem\PragmaSystem.dll
%PROGRAMFILES(x86)%\ProcessMaker\ProcessMaker.dll
%PROGRAMFILES(x86)%\ProcessRunner\ProcessRunner.dll
%PROGRAMFILES(x86)%\ReactorKeeper\ReactorKeeper.dll
%PROGRAMFILES(x86)%\RelayDefender\RelayDefender.dll
%PROGRAMFILES(x86)%\RelayDouble\RelayDouble.dll
%PROGRAMFILES(x86)%\RelaySoft\RelaySoft.dll
%PROGRAMFILES(x86)%\RelaySys\RelaySys.dll
%PROGRAMFILES(X86)%\sayescoupon\sayescoupon.dll
%PROGRAMFILES(x86)%\SegmentProlonger\SegmentProlonger.dll
%PROGRAMFILES(x86)%\SoftwarePlus\SoftwarePlus.dll
%PROGRAMFILES(x86)%\StatFoobar\StatFoobar.dll
%PROGRAMFILES(x86)%\StatInit\StatInit.dll
%PROGRAMFILES(x86)%\SystemChronicles\SystemChronicles.dll
%PROGRAMFILES(x86)%\SystemConserve\SystemConserve.dll
%PROGRAMFILES(x86)%\SystemContinue\SystemContinue.dll
%PROGRAMFILES(x86)%\SystemEnterprise\SystemEnterprise.dll
%PROGRAMFILES(x86)%\SystemHelp\SystemHelp.dll
%PROGRAMFILES(x86)%\SystemPlus\SystemPlus.dll
%PROGRAMFILES(x86)%\systempreserve\systempreserve.dll
%PROGRAMFILES(x86)%\SystemRaise\SystemRaise.dll
%PROGRAMFILES(x86)%\TampaFoobar\TampaFoobar.dll
%PROGRAMFILES(x86)%\TampaModule\TampaModule.dll
%PROGRAMFILES(x86)%\TampaMonitor\TampaMonitor.dll
%PROGRAMFILES(x86)%\TampaRunner\TampaRunner.dll
%PROGRAMFILES(x86)%\TerminusDefender\TerminusDefender.dll
%PROGRAMFILES(x86)%\TerminusKeeper\TerminusKeeper.dll
%PROGRAMFILES(x86)%\TerminusMaker\TerminusMaker.dll
%PROGRAMFILES(x86)%\TrimFunc\TrimFunc.dll
%PROGRAMFILES(x86)%\TrimInit\TrimInit.dll
%PROGRAMFILES(x86)%\TrimMaker\TrimMaker.dll
HKEY..\..\..\..{RegistryKeys}
Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
SOFTWARE\Classes\..9
Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\BestSleep.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\BestSleep.job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task.job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task.job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[3c32].job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[3c32].job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[74c7].job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[74c7].job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[pr].job
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Bidaily Synchronize Task[pr].job.fp
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[3c32]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[pr]
SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}
SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
SOFTWARE\Wow6432Node\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
SYSTEM\ControlSet001\services\1998d97c
SYSTEM\ControlSet001\Services\24c54e38
SYSTEM\ControlSet001\services\6135ae48
SYSTEM\ControlSet001\services\813b67ce
SYSTEM\ControlSet001\Services\863788fa
SYSTEM\ControlSet001\services\a89d7674
SYSTEM\ControlSet001\services\a952796e
SYSTEM\ControlSet001\services\abc71024
SYSTEM\ControlSet001\services\cf05acd1
SYSTEM\ControlSet001\Services\d45d88d8
SYSTEM\ControlSet001\Services\d6b52028
SYSTEM\ControlSet001\services\e3f7f5ff
SYSTEM\ControlSet001\services\fc67e7a0
SYSTEM\ControlSet001\services\fd3b02ee
SYSTEM\ControlSet002\services\1998d97c
SYSTEM\ControlSet002\Services\24c54e38
SYSTEM\ControlSet002\services\6135ae48
SYSTEM\ControlSet002\services\a952796e
SYSTEM\ControlSet002\services\abc71024
SYSTEM\ControlSet002\services\cf05acd1
SYSTEM\ControlSet002\Services\d6b52028
SYSTEM\ControlSet002\services\e3f7f5ff
SYSTEM\ControlSet002\services\fc67e7a0
SYSTEM\ControlSet002\services\fd3b02ee
SYSTEM\CurrentControlSet\services\1998d97c
SYSTEM\CurrentControlSet\Services\24c54e38
SYSTEM\CurrentControlSet\services\6135ae48
SYSTEM\CurrentControlSet\services\813b67ce
SYSTEM\CurrentControlSet\Services\863788fa
SYSTEM\CurrentControlSet\services\a89d7674
SYSTEM\CurrentControlSet\Services\a952796e
SYSTEM\CurrentControlSet\services\abc71024
SYSTEM\CurrentControlSet\services\cf05acd1
SYSTEM\CurrentControlSet\Services\d45d88d8
SYSTEM\CurrentControlSet\Services\d6b52028
SYSTEM\CurrentControlSet\services\e3f7f5ff
SYSTEM\CurrentControlSet\services\fc67e7a0
SYSTEM\CurrentControlSet\services\fd3b02ee
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
S-46480778
{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{813b67ce}
{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
{355FE5A0-F76C-0FCB-3575-FAD0CBA4A5F3}
{3F7D597C-7512-F73C-B0F3-5D711BC91948}
{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}
{4820778D-AB0D-6D18-C316-52A6A0E1D507}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1}
{5F189DF5-2D05-472B-9091-84D9848AE48B}{f7dc94c1}
{65886F9B-214B-530F-E4EA-7565AFF6DE8D}
{681002C6-5019-81A2-7871-A43754F71E56}
{6C998B44-82D8-CC7E-D847-4CD73036412A}
{6F10CA8F-97E3-48FB-9003-3EE8E9050577}
{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
{7F90CB46-EB38-83F9-7DB4-CB89897D5836}
{842C4394-47F7-60DE-480B-C09116B63559}
{88E96402-3BBD-02D9-0A36-6FB806AEE04E}
{924C3DC2-8E4E-432E-F973-9A2174A39774}
{A695893E-A5C7-2E5C-6953-52B0E61E4C1A}
{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
{B0EC0808-6922-8705-C255-F9C79C315BD5}
{B945F928-45A2-231E-495F-38C40CA198E9}
{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD}
{E32743D3-5789-6E4F-3998-06FB87C9214B}
{E96338DC-1468-4918-8EC2-8454BFFC5025}
{F04D4328-4631-1CBE-1907-201B33FAF2E8}
{F364255F-18D3-2E0A-6D4D-A0C3FF4A43B1}
{F679D2F0-CE91-93C8-BD2D-062DF04DA0C1}
{F6EF44E0-CA47-4F41-8C06-431C005AAEFE}
{F7FFE175-E3D6-2E86-0226-1D3AE4905E40}

Directories

Multiplug may create the following directory or directories:

%ALLUSERSPROFILE%\5e6fb5de08469020
%ALLUSERSPROFILE%\Accelewin
%ALLUSERSPROFILE%\Application Data\Accelewin
%ALLUSERSPROFILE%\Application Data\Browser Enhancer
%ALLUSERSPROFILE%\Application Data\Browser Stabilizer
%ALLUSERSPROFILE%\Application Data\Content Accelerator
%ALLUSERSPROFILE%\Application Data\FastSys
%ALLUSERSPROFILE%\Application Data\Intelewin filter
%ALLUSERSPROFILE%\Application Data\InteliWeb
%ALLUSERSPROFILE%\Application Data\Interenet Optimizer
%ALLUSERSPROFILE%\Application Data\Performance Optimizer
%ALLUSERSPROFILE%\Application Data\Speed Streamer
%ALLUSERSPROFILE%\Application Data\System Booster
%ALLUSERSPROFILE%\Application Data\TurboNet
%ALLUSERSPROFILE%\Application Data\WebGeniuos
%ALLUSERSPROFILE%\Application Data\WebPlat
%ALLUSERSPROFILE%\Application Data\Win sys filter
%ALLUSERSPROFILE%\Application Data\WinSpeed
%ALLUSERSPROFILE%\Application Data\WorldWideWebCoupon
%ALLUSERSPROFILE%\Browser Enhancer
%ALLUSERSPROFILE%\Browser Stabilizer
%ALLUSERSPROFILE%\Codec-C
%ALLUSERSPROFILE%\CodecC
%ALLUSERSPROFILE%\Content Accelerator
%ALLUSERSPROFILE%\Coolyou
%ALLUSERSPROFILE%\FastSys
%ALLUSERSPROFILE%\Intelewin filter
%ALLUSERSPROFILE%\InteliWeb
%ALLUSERSPROFILE%\Interenet Optimizer
%ALLUSERSPROFILE%\Network Acceleration
%ALLUSERSPROFILE%\Performance Optimizer
%ALLUSERSPROFILE%\Speed Streamer
%ALLUSERSPROFILE%\Surf Protect
%ALLUSERSPROFILE%\System Booster
%ALLUSERSPROFILE%\TurboNet
%ALLUSERSPROFILE%\Web Light
%ALLUSERSPROFILE%\WebGeniuos
%ALLUSERSPROFILE%\WebPlat
%ALLUSERSPROFILE%\WebTouch
%ALLUSERSPROFILE%\Win sys filter
%ALLUSERSPROFILE%\WinSpeed
%ALLUSERSPROFILE%\WorldWideWebCoupon
%PROGRAMFILES%\ Mail Checker
%PROGRAMFILES%\ Similar Pages
%PROGRAMFILES%\ Translate
%PROGRAMFILES%\BocaEdit
%PROGRAMFILES%\BocaFunc
%PROGRAMFILES%\ChromeReload
%PROGRAMFILES%\Clip to OneNote
%PROGRAMFILES%\CutterMaker
%PROGRAMFILES%\DiscountCouponPro
%PROGRAMFILES%\Godzilla Shopper
%PROGRAMFILES%\IncludeMaker
%PROGRAMFILES%\IncludeRunner
%PROGRAMFILES%\IndepthEdit
%PROGRAMFILES%\IndepthRunner
%PROGRAMFILES%\PragmaEngine
%PROGRAMFILES%\SoftwareHelp
%PROGRAMFILES%\TerminusSys
%PROGRAMFILES%\TotalComicBooks
%PROGRAMFILES%\TrimModule
%PROGRAMFILES%\UpgradeLeader
%PROGRAMFILES%\Weather Aware
%PROGRAMFILES%\coPuunk
%PROGRAMFILES%\myselfcoupon
%PROGRAMFILES%\reactorrise
%PROGRAMFILES%\toolextender
%PROGRAMFILES(X86)%\ Mail Checker
%PROGRAMFILES(X86)%\ Translate
%PROGRAMFILES(X86)%\TotalComicBooks
%PROGRAMFILES(x86)%\ Similar Pages
%PROGRAMFILES(x86)%\BocaEdit
%PROGRAMFILES(x86)%\BocaFunc
%PROGRAMFILES(x86)%\ChromeReload
%PROGRAMFILES(x86)%\Clip to OneNote
%PROGRAMFILES(x86)%\CutterMaker
%PROGRAMFILES(x86)%\DiscountCouponPro
%PROGRAMFILES(x86)%\Godzilla Shopper
%PROGRAMFILES(x86)%\IncludeMaker
%PROGRAMFILES(x86)%\IncludeRunner
%PROGRAMFILES(x86)%\IndepthEdit
%PROGRAMFILES(x86)%\IndepthRunner
%PROGRAMFILES(x86)%\PragmaEngine
%PROGRAMFILES(x86)%\SoftwareHelp
%PROGRAMFILES(x86)%\TerminusSys
%PROGRAMFILES(x86)%\TrimModule
%PROGRAMFILES(x86)%\UpgradeLeader
%PROGRAMFILES(x86)%\Weather Aware
%PROGRAMFILES(x86)%\coPuunk
%PROGRAMFILES(x86)%\myselfcoupon
%PROGRAMFILES(x86)%\reactorrise
%PROGRAMFILES(x86)%\toolextender
%ProgramFiles%\DeltaFix
%ProgramFiles(x86)%\DeltaFix

URLs

Multiplug may call the following URLs:

"Azm9CdOLv
epicunitscan.info
mynamedomain.koko

Analysis Report

General information

Family Name: Adware.Multiplug
Signature status: Modified signature

Known Samples

MD5: cb20682af407cca0beb17e9b1814ddd4
SHA1: 033200d6edfd9f591dc0043f2b21fc42bebde5e9
File Size: 6.51 MB, 6510592 bytes
MD5: 3107f21223a48dd519728861e850d6cf
SHA1: c58306db5cd4a768a79c0854a0ef831bdcf3c2ac
File Size: 290.98 KB, 290984 bytes
MD5: 17250ea45ddbee1c344540d16ecb5919
SHA1: 53a639fa6191fda333bfa37022b58ca7305133db
SHA256: DCA81FF0B6B0D092776627A99DE23F554E5C8429573EB5E4079E5960EFE3CC0A
File Size: 293.43 KB, 293432 bytes
MD5: 6fed0103b2821f38d8d473f1014aaa5b
SHA1: 922ff1d8e3a82b1248c5db6e889d180474e2d736
SHA256: 16FEA4F2D490D1FBF062664E4CF74F1057DB0D7EE88562CB72BE43B243A1691B
File Size: 322.72 KB, 322720 bytes
MD5: 2b81cb9fab1fd664b9919081787ec063
SHA1: 9d58563335ecc08ef7db812f04865617272bea25
SHA256: DCBC501780F409FCEADBBA688875B219E9FF46E5FEB757F9B5C7456AB775076A
File Size: 226.36 KB, 226360 bytes
Show More
MD5: 351b222482d6b4792bfd18cb064e04df
SHA1: 2e24a27b4a4cbb8a4750e5600aedd26a1d2774a7
SHA256: CED20F24915CC161C287A872697FF7C55BA91C9923BFAC0B3A2CFBA6DEECD4C4
File Size: 322.93 KB, 322928 bytes
MD5: ac492445538892229f4af5b721b76f6f
SHA1: 60210c452b7de2c41ba403047bb30df7d3bce51e
SHA256: 5972586BD676554A642F276ECEA6F0B4E64CAA86985A3B66E84FAF8EA3774A6D
File Size: 331.28 KB, 331280 bytes
MD5: efe1ffcbd34e4c3db4c6382d8dc940d2
SHA1: 2281cb1e8cc93ae1c9e254884dcd07c313c447fe
SHA256: 9509741510AB8DEC7477C155C20AA656263D9409E0FE76FF008D8498A5753141
File Size: 247.35 KB, 247352 bytes
MD5: df717e1d1014ffe06066788b2b3ba1e4
SHA1: 2fd5ff1e9ae7c47b483b0ea0a3bfae1cbee08042
SHA256: 10B038967CD270CAD42EB48735E53BC7CB82BC2457E483A1EA076226AEAC0F55
File Size: 321.22 KB, 321224 bytes
MD5: 2e34a0a253da74147838e8193ed5632c
SHA1: 449e719a5cd36333cd2c82d741c6ac5c004d1848
SHA256: D0B873B94B5555855BDADB544C2AEC1E60A51B35FCD194E613AFDB9C6E388E00
File Size: 1.16 MB, 1161928 bytes
MD5: 71571ec106df90a7eab73a5ebb2a3c2e
SHA1: 21b5e3c6534f3cc2d14fa97726fdf5353e3b5732
SHA256: AD9F04250C2A9F825D505478DACFA81AC4AD3F4E36300AF0E026051C00890491
File Size: 276.27 KB, 276272 bytes
MD5: bb5a65e2343462c648ca50a42b1edbe0
SHA1: 040489136a795e4b20360b49ad47642ba0fb44a1
SHA256: 8EEC8ED24F24418A4D467CA4D417B3CE605F819A3F5C71ADD8F14FC07051C799
File Size: 266.22 KB, 266224 bytes
MD5: 04ef4007ac5173c6805b56444887e09e
SHA1: b4af78354fbd4e40496ae11ffd293890c6bc0595
SHA256: 5C7DE4BBDC1810FBD891AB4A9DC17789557B290DE92DB02B72977A2B999E5963
File Size: 304.14 KB, 304144 bytes
MD5: 4a98bca78a764e016c628339e1fc0554
SHA1: 0f1145c5bc5053d1650b73557157d86f82ed51bc
SHA256: F1C9EE66D79B09A94B24BBECD5080776254C38FA4930FE44C6B3F862B245B0E7
File Size: 655.36 KB, 655360 bytes
MD5: ed20819285a6b237ab3d94ea8c4551bd
SHA1: c49727cf0b784ad67e2bfa1e3665ddf0c2f12326
SHA256: 33AAD8AB18A31AED4F5704368094C18032D992A97DDB5D25F7DAFA1737FDB806
File Size: 203.32 KB, 203320 bytes
MD5: f4ff6f86014e0aa5934c14d012b71e3c
SHA1: e7dcd44d21f0a83fa5f836780de7bccf1909fd32
SHA256: 5FB3BDF8BE40D81A6B8246998E3B7E26B2C94B56EADA3716EA5FBD9DFBDD09B9
File Size: 1.23 MB, 1230424 bytes
MD5: ca20281eec64834f8ecac8b5827442cc
SHA1: 2d2876a678952f449aade97a6aad276b21a1d41f
SHA256: 1354C37B70ADBA649C90E098D14010978E983AAB9D42F547F237A8B17481BE33
File Size: 323.86 KB, 323856 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Arguments /x
Comments
  • This installation was built with Inno Setup.
  • WinNT (x86) Unicode
  • WinNT (x86) Unicode Lib Rel
Company Name
  • Excellent4App
  • GreatSoft
  • PlutoApp
  • Premium
  • Socosokuno
  • Space Physics Data Facility, Goddard Space Flight Center, NASA
  • StarApp
  • Wideblue installer
  • WinterSoft
Email gsfc-cdf-support@lists.nasa.gov
File Description
  • Installer
  • Installer for Appit
  • Installer for CDF_Distribution
  • Installer for Excellent4App
  • Installer for PlutoApp
  • Installer for StarApp
  • Installer for Wideblue installer
  • Installer for WinterSoft
  • Kikohe Setup
File Version
  • 2017.4.20.1317
  • 2014.8.11.1240
  • 2014.6.29.1256
  • 2014.5.18.1727
  • 2014.2.12.1452
  • 2013.10.31.1157
  • 2013.6.19.1256
  • 2012.9.16.1145
  • 2012.7.25.1928
  • 2012.5.30.2115
Show More
  • 2012.4.1.2030
  • 2012.1.3.1545
  • 2011.10.16.44
  • 2011.8.24.1616
Internal Name TSULoader
Legal Copyright
  • CDF©2017 SPDF/GSFC/NASA
  • Copyright © 2010 Premium
  • Copyright © 2012 StarApp
  • Copyright © 2013 WinterSoft
  • Copyright © 2014 Excellent4App
  • Copyright © 2014 GreatSoft
  • Copyright © 2014 PlutoApp
  • Copyright © 2014 Wideblue installer
Original Filename TSULoader.exe
Package Code
  • {2B55C80D-A3B4-4FA0-AD4B-EB96F0B6EAFB}
  • {11E8EC71-88F4-EF43-0DA8-C0D6CA0BCE87}
  • {16D2FFBD-01C7-97B2-7559-49E5CD31DD4B}
  • {19E74EE3-D73F-4B7D-A996-9F1DC2046C15}
  • {78D722E0-B615-8BE8-BD11-B2287CFBD39D}
  • {562FD82B-432F-3DED-DF06-0B0D8DCCFADD}
  • {8587E0EE-9F43-4031-5C48-636B4BD901C6}
  • {32039087-5C03-4EB4-AC5F-1421E9E0B271}
  • {B19B23E0-2A48-41E1-A30A-626A6A780116}
  • {C69D27F6-9547-402A-A2C1-DD651D7E0500}
Show More
  • {C80CDD88-8C55-BFD5-5D3E-C47713EFFF7E}
  • {DFA08389-89C2-63FA-8111-C1E00443A17F}
  • {E706B53A-F0E9-4AA4-A84F-B8CB3CE597CC}
  • {FCE9D83F-680B-5140-67B9-6C36F8C52942}
Product Code
  • {3C7BB346-60EE-4A4F-BD08-119A67490010}
  • {9F4F7131-B49B-4521-91DA-ECE2C1E54741}
  • {226A7CDE-832A-41ED-B31F-5478E8FDA384}
  • {1298F6E9-9E4C-4B3B-9549-0E50C623D394}
  • {16782E9C-E344-47BD-A045-B9BA79870632}
  • {C1E28B35-42CA-43F0-8B8B-85F6E7255916}
  • {D42AE7DD-299F-4F45-AF04-EDD907DDD671}
  • {DBB02F63-2284-42AA-B1BC-F2912BC5B32B}
  • {DC4124DE-16EF-482C-83B2-19E16FF65068}
  • {DD327F91-365D-453F-94A9-06FD674D7EA0}
Product Name
  • Appit
  • CDF_Distribution
  • Excellent4App
  • Kikohe
  • PlutoApp
  • Setup
  • StarApp
  • Wideblue installer
  • WinterSoft
Product Version
  • 3.6.4.0
  • 1.7
  • 1.0.0.3
  • 1.0.0.2
  • 1.0.0.1
  • 1.0
Web Site https://cdf.gsfc.nasa.gov

Digital Signatures

Signer Root Status
Artua Vladislav Artua Vladislav Self Signed
Stanislav Kabin Certum Trusted Network CA Root Not Trusted
Stepan Rybin Stepan Rybin Self Signed

File Traits

  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • x86

Block Information

Total Blocks: 27
Potentially Malicious Blocks: 8
Whitelisted Blocks: 19
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 x x x 0 0 x 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autorun.X
  • Delf.EA
  • Multiplug.J
  • Parite.F
  • Parite.P

Files Modified

File Attributes
c:\users\user\appdata\local\temp\033200d6edfd9f591dc0043f2b21fc42bebde5e9_0006510592.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\040489136a795e4b20360b49ad47642ba0fb44a1_0000266224.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\08966b1d.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\08966b1d.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\21b5e3c6534f3cc2d14fa97726fdf5353e3b5732_0000276272.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2281cb1e8cc93ae1c9e254884dcd07c313c447fe_0000247352.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\27bcb425.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\27bcb425.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2d2876a678952f449aade97a6aad276b21a1d41f_0000323856.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2daf2823.dat Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\2daf2823.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2e24a27b4a4cbb8a4750e5600aedd26a1d2774a7_0000322928.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2fd5ff1e9ae7c47b483b0ea0a3bfae1cbee08042_0000321224.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3d8518e9.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3d8518e9.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\420e9d67.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\420e9d67.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\53a639fa6191fda333bfa37022b58ca7305133db_0000293432.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\60210c452b7de2c41ba403047bb30df7d3bce51e_0000331280.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8031c8fa.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8031c8fa.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8c5c9013.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\8c5c9013.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\922ff1d8e3a82b1248c5db6e889d180474e2d736_0000322720.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\956ce1c1.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\956ce1c1.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\9d58563335ecc08ef7db812f04865617272bea25_0000226360.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_tin7cba.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_tinbc94.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a10c5a0e\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\af5f7648\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4af78354fbd4e40496ae11ffd293890c6bc0595_0000304144.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b4cf0bbb\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\c49727cf0b784ad67e2bfa1e3665ddf0c2f12326_0000203320.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c58306db5cd4a768a79c0854a0ef831bdcf3c2ac_0000290984.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d0f30b33\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\e65a7844.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e65a7844.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\fc369657.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fc369657.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-0fc8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-0fc8.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-1134.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-1134.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-14dc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-14dc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-1704.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-1704.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-17e4.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-17e4.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu-1aa4.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu-1aa4.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu4c13f529.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu4c13f529.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu561a3731.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu561a3731.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu5cf91ea2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu5cf91ea2.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu6a3c0825.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu6a3c0825.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu83c3bc4e.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu83c3bc4e.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsu9bfb70d6.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsu9bfb70d6.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsua350e718.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsua350e718.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tsub2310cdf.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tsub2310cdf.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\custom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\custom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{08b00d5a-d57b-4fd1-ad3a-9d59d3532fac}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\custom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\custom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{1d3ccde2-dff5-4fbb-ad50-97d7c6dfef14}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{2cc224bc-6034-f6d7-143c-2816f721064a}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\custom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\custom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{490a5ae2-6ba8-4650-a4bb-238a92e97814}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{4e46c6d2-8906-c2eb-f412-8d3b4a6a37af}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\custom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\custom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{86c7db4a-8e8d-4c6f-ae84-c6af5d24f9bc}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\custom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\custom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{9ff2038e-b6bd-4b34-a9df-fe9f44112178}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\custom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\custom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{b464ece3-54d4-4132-a3d9-1cf66f87ce15}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{c2005ce0-9b7a-23a6-c14d-d35819e37e16}\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setupx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\_setupx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\{f5eae64f-2a43-b3cc-8535-2e7ef1c61732}\setup.ico Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings::receivetimeout RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쉓኷᠌ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 弼⥌絳ǜ RegNtPreCreateKey

Windows API Usage

Category API
Service Control
  • OpenSCManager
User Data Access
  • GetUserName
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
Network Info Queried
  • GetAdaptersInfo
Process Shell Execute
  • CreateProcess
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout

62 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
Process Terminate
  • TerminateProcess
Network Winhttp
  • WinHttpOpen
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\WINDOWS\system32\cmd.exe "C:\WINDOWS\system32\cmd.exe" /c "C:\Users\Nrpocdbq\AppData\Local\Temp\_tin7CBA.bat"
WriteConsole:
WriteConsole: C:\WINDOWS\syste
WriteConsole: md
WriteConsole: "C:\ProgramData
Show More
C:\WINDOWS\system32\cmd.exe "C:\WINDOWS\system32\cmd.exe" /c "C:\Users\Wlpteims\AppData\Local\Temp\_tinBC94.bat"

Related Posts

Trending

Most Viewed

Loading...