OfferBox
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 5,704 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 124,871 |
| First Seen: | May 10, 2011 |
| Last Seen: | February 2, 2026 |
| OS(es) Affected: | Windows |
OfferBox is a program that allegedly directs you to coupons and discounts when surfing the Web. OfferBox is a browser helper object that monitors your browsing activities. OfferBox may come bundled with freeware, pirated copies of software, or media codecs from insecure file sharing websites. OfferBox illustrates undesired pop-up alerts and commercial advertisements that irritate the targeted users. OfferBox does not pose as a major threat, but computer users have the option to remove OfferBox if they wish to do so.
Table of Contents
Aliases
1 security vendors flagged this file as malicious.
| Antivirus Vendor | Detection |
|---|---|
| Microsoft | Adware:Win32/OfferBoxBrowser |
SpyHunter Detects & Remove OfferBox
File System Details
OfferBox may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | OfferBox.exe.vir | df45594cbd8fe78c46dfb15c4e134bd0 | 20,404 |
| 2. | OfferBoxHTTPProxy.exe.vir | da8fc3729127b9ed26a023010aee3c07 | 19,125 |
| 3. | OfferBoxUpdateService.exe.vir | aa6143151975ddcd59e5097ec95fa084 | 7,563 |
| 4. | A0312194.exe | b72d100db71b3ee750afb9e1c1b1d4b2 | 1,022 |
| 5. | A0047434.exe | 8ac88dcac5fe730b128beab8d6873a8f | 780 |
| 6. | A0047435.exe | 7dc9799b627ad83caf81732d5d7e7c76 | 653 |
| 7. | OfferBoxBHO.dll.vir | 17731c1a77174801b5bce82109658b51 | 239 |
| 8. | OfferBoxBHO.dll | 2a512fd5e465b4fe04d15899d7d23949 | 214 |
| 9. | OfferBoxUpdateService.exe | 0270e88fa89a49190198a062a99b5b3d | 42 |
| 10. | A0191597.exe | 6041c582215df89c10b61810535db733 | 40 |
| 11. | OfferBox.lnk | bef6c7c703c260214ec410658b0d44c1 | 14 |
| 12. | OfferBoxHTTPProxy.exe | 19e3f9fd4ea2a617cf3aaeca627f47ec | 6 |
Registry Details
OfferBox may create the following registry entry or registry entries:
CLSID
{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}
{AF0C0AA7-AFBA-46a0-A394-B1E1345FD936}
{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
File name without path
OfferBox.lnk
SOFTWARE\Classes\Applications\OfferBox.exe
SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl
SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl.1
Software\OfferBox
SOFTWARE\Wow6432Node\OfferBox
SYSTEM\ControlSet001\services\OfferBox update service
SYSTEM\ControlSet002\services\OfferBox update service
SYSTEM\CurrentControlSet\services\OfferBox update service
Directories
OfferBox may create the following directory or directories:
| %AppData%\OfferBox |
| %PROGRAMFILES%\OfferBox |
| %PROGRAMFILES(x86)%\OfferBox |
Analysis Report
General information
| Family Name: | Adware.OfferBox |
|---|---|
| Signature status: | Self Signed |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
94bdd6335355894f72ef264c0b6d24b5
SHA1:
394236ed1a00e3eb5e5c3260a9ec6d3874f916b9
File Size:
1.05 MB, 1046888 bytes
|
|
MD5:
7738b542b1152449b2455caf9e070908
SHA1:
79892ef52a6889cb4b1e9a79cde8fb24e779adde
SHA256:
128A02F0E297DF1A425121EFC49132D2AF9BC5CB3DBDE7F1B529453FD551296C
File Size:
1.49 MB, 1489464 bytes
|
|
MD5:
5779f7e020d09e45fb8e570b8a986a27
SHA1:
6c7a0e7b17232fd6c1b2efc5cc994dd46d9ed68a
SHA256:
AB020B40C3B7F2EF8EBAB7BA05013BDABA40F24F9333CDC09F582DBAF34D7FC4
File Size:
1.49 MB, 1493328 bytes
|
|
MD5:
b673f944bdf40d222f1eda4733ae0fe2
SHA1:
6de177acd5ccc3810d2b73adb70ddf3b88519c6d
SHA256:
883E3851FED5900C77F88BA2B124A5EC727B71A1DA553307C51329CA10FD2D81
File Size:
1.50 MB, 1495464 bytes
|
|
MD5:
7dbfdc78e5923d7656d9447b1874974e
SHA1:
1dde0530feb6df28d4965a0eb9e7c6b9731cfb01
SHA256:
584048CBA441B8B649ECC92D32EB37DA4983EC4BD19A610D15EE505ED3A4FA7A
File Size:
1.05 MB, 1045768 bytes
|
Show More
|
MD5:
81ada6459ad15c519d069378f58ace9b
SHA1:
a2bf9aba3e051abe7683ee909f8feed6509d90ac
SHA256:
7C28D7F650F80522D42B51D7DB30C076B2D82E655E012C0F82D5BE0AA4E9AF9E
File Size:
1.50 MB, 1499088 bytes
|
|
MD5:
274b980d54202c0d80a8f005175437b9
SHA1:
92a3b5d7dc02c2b03462fb84d347bdaac4ce0cce
SHA256:
85704682BB9D52C7447E4DB7CE8E269B29E6A73B7A9062A4442963634CE0B799
File Size:
110.24 KB, 110240 bytes
|
|
MD5:
9184162e04ffc75ad89832bb1ac12984
SHA1:
f8e1c440e46e1153df712b43e9d6c0a4df1f5aad
SHA256:
B46047C0625F65C2C0B1607E80CB1438725B0EE17B49C203E00FDB5BFC5A1FC2
File Size:
1.50 MB, 1498160 bytes
|
|
MD5:
61fe7335818da7cd2076c47ba0bf0404
SHA1:
c24420656c9dcf406cca05971d0c10543d3bc5cb
SHA256:
7BD0319DF808AC963D3212FE0994994E1C7F60AE23C12310A94BD2F0ACD402A1
File Size:
1.06 MB, 1056176 bytes
|
|
MD5:
b8567defdd4ffa7ebc58bf97cde86baa
SHA1:
c1dee4fb7bd9fc09f7394e5f87df2ca443c7c2fb
SHA256:
AC0F3EFAEB45E9170254CAABE4923088349F11C1D670EC44202B9F88A73018D7
File Size:
3.44 MB, 3436816 bytes
|
|
MD5:
5a571f80731b3196eaee91dbf59b12e7
SHA1:
cfd721bbaed830356eab26292802ce49a601387d
SHA256:
2FB49DF3C560362EE999A2769DD9A0B7264A2588BBAFC22AC663C32BD1BD06FD
File Size:
1.49 MB, 1494888 bytes
|
|
MD5:
616c7b0dcc4d991b75b877fcab4f84d1
SHA1:
37863dcbf1f381e0df85c0cd3ba004c8e6b1d154
SHA256:
4866D218F9BC78A392953E8B5758A13164101D75C35C276272D23C7082B49B96
File Size:
1.05 MB, 1045856 bytes
|
|
MD5:
0ec340dd7742bf42688f5104e7428c6f
SHA1:
2c2b232fccdb0c14912f588a493d422cf1446710
SHA256:
B59E2540587C1D5804F6EC77FD2CA04C100E7F60693C2CBB541C288F1394059E
File Size:
1.05 MB, 1048096 bytes
|
|
MD5:
8f47cdd0c76132d9c0046da52babe000
SHA1:
fa7be389011a050f286007cb542f995b597823c1
SHA256:
E7CEFCE12CC26377797E04E11FCF7F1AF66D4CD797487BDB0D28DEA99B0E0196
File Size:
1.50 MB, 1497024 bytes
|
|
MD5:
fbe41d1c2b3b8bdc7d4071a208208dac
SHA1:
8b5199e7681429d0b5a338b611f33944e606ece1
SHA256:
E3C425758A83D951F327E8021C3FF18F35282B50FCDDCE7BB1B8661AF1CC813E
File Size:
1.49 MB, 1489600 bytes
|
|
MD5:
54e28ce7c33aca98767ac602f1cf5b52
SHA1:
69e334451ceea483826b537f551673ae125a2106
SHA256:
72250E734F312FA01A99353BC390B5B537D7897CACA5DD8C2D0F1EAB08DADF34
File Size:
1.05 MB, 1048088 bytes
|
|
MD5:
3b42a2e795773bb4372b546929263c66
SHA1:
9c14857cd52f1baccbdfcddcedc5b38f2d5c1045
SHA256:
F70F88E4A1E6C8440CFB341D1C491A1C1613B1D08272CB7DED46630C9B3FDB7B
File Size:
1.50 MB, 1497928 bytes
|
|
MD5:
39e3d219b8c346fc47c9c4d8cb340695
SHA1:
71d019c015310b05235eacc84b7446a8b7c09eee
SHA256:
2FC03D3F0502D5269C08E48011D9F71595B63C67146EDF0626AA58AB4A558F7A
File Size:
1.05 MB, 1048056 bytes
|
|
MD5:
75c3a16db50216dfea73d36e021f1274
SHA1:
1daa0e920127a3c48656eea49c3023c548f8002b
SHA256:
BA247697C91E3C5DB0649F24392DBF1F72AA65E3949278097C82D8D00EED040E
File Size:
1.05 MB, 1047160 bytes
|
|
MD5:
85a077203407362cbea50b7ea8375c42
SHA1:
91ae6733b4b3e3be8d1f8ab1a05ef68747765fe8
SHA256:
00E564056FDFB886268045FC197149DC1FAC8A00253A2520A4B73E327E34FFA9
File Size:
1.05 MB, 1045784 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File has exports table
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Comments | http://www.offerbox.com |
| Company Name |
|
| File Description |
Show More
|
| File Version |
Show More
|
| I S Internal Description | Setup Launcher Unicode |
| I S Internal Version | 17.0.717 |
| Internal Build Number |
|
| Internal Name |
|
| Legal Copyright |
|
| M I M E Type | application/x-freetvradio-chrome-plugin |
| Original Filename |
|
| Product Name |
Show More
|
| Product Version |
Show More
|
Digital Signatures
Digital Signatures
This section lists digital signatures that are attached to samples within this family. When analyzing and verifying digital signatures, it is important to confirm that the signature’s root authority is a well-known and trustworthy entity and that the status of the signature is good. Malware is often signed with non-trustworthy “Self Signed” digital signatures (which can be easily created by a malware author with no verification). Malware may also be signed by legitimate signatures that have an invalid status, and by signatures from questionable root authorities with fake or misleading “Signer” names.| Signer | Root | Status |
|---|---|---|
| Aedge Performance BCN SLU | Thawte Code Signing CA | Self Signed |
| Aedge Performance BCN SL | Thawte Code Signing CA - G2 | Self Signed |
| Secure Digital Services Limited | VeriSign Class 3 Code Signing 2009-2 CA | Self Signed |
| Aedge Performance BCN, S.L.U. | VeriSign Class 3 Code Signing 2010 CA | Self Signed |
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,219 |
|---|---|
| Potentially Malicious Blocks: | 0 |
| Whitelisted Blocks: | 2,042 |
| Unknown Blocks: | 177 |
Visual Map
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
?
?
0
0
0
0
0
0
0
0
0
0
?
0
?
0
?
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
?
0
0
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
?
0
?
?
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
?
0
?
?
?
?
?
?
?
?
?
0
?
?
?
?
?
?
?
?
0
?
?
0
0
0
0
?
?
0
?
?
?
0
?
?
?
?
?
?
?
?
?
0
0
?
0
?
0
0
?
?
?
?
0
0
0
0
?
?
?
?
0
0
0
?
0
?
0
0
?
?
?
0
?
?
?
0
?
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
?
0
?
0
0
?
?
?
0
?
0
?
0
0
?
?
?
?
0
0
0
1
0
0
0
0
?
0
?
?
0
?
?
?
?
?
?
0
0
?
0
0
0
0
0
?
?
?
?
?
0
?
?
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
?
?
0
0
?
0
0
0
0
?
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
?
?
?
0
0
?
?
?
0
0
0
?
0
?
?
0
0
?
?
?
?
?
?
?
?
0
?
0
?
?
0
0
0
0
?
?
?
0
0
0
0
0
0
0
0
0
?
0
?
0
?
?
?
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
?
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\_is3197.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is335d.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is3a64.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is3b8e.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is3cf6.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is3d83.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is45de.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is468d.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is4812.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is4929.tmp | Generic Write,Read Attributes |
Show More
| c:\users\user\appdata\local\temp\_is49bc.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is49d5.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is4a22.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is4a26.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is4c75.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5024.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is509f.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is50a4.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is50b2.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5140.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is527a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5301.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5313.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5316.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5317..dll | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\appdata\local\temp\_is5317..dll | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\_is53de.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is55dd.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is596a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5982.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is59b3.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5a46.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5c9d.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is5d06.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is6039.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is738a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is759e.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is7f35.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is8218.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is8274.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is82b5.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is8315.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is89be.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_is89cf.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isaa44.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isaad2.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isab22.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isad0d.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isaf40.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb19c.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb1ae.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb75.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb7ed.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb829.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb8a6.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb8a7.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb8f8.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb934.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isb994.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isbb1c.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isbf91.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isbfa3.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc118.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc129.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc1bd.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc24b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc29b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc953.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isc965.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_iscb74.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_iscd2b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isce65.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isce9c.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_iscf1a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_iscf7a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isd567.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isd579.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isd770.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isd7b0.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_isd8a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\_msi5166._is | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nsd952b.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nsp982a.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsp982a.tmp\modern-wizard.bmp | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\nsp982a.tmp\nsdialogs.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nsp982a.tmp\system.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{1f088cdb-06e4-49bd-ab05-6aee926adeba}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{1f088cdb-06e4-49bd-ab05-6aee926adeba}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{1f088cdb-06e4-49bd-ab05-6aee926adeba}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{20d0243f-7d24-484a-aa01-f2f268ffad20}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{20d0243f-7d24-484a-aa01-f2f268ffad20}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{20d0243f-7d24-484a-aa01-f2f268ffad20}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{298a2af6-7c6d-4bb3-ae61-f6c41f74e9cc}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{298a2af6-7c6d-4bb3-ae61-f6c41f74e9cc}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{298a2af6-7c6d-4bb3-ae61-f6c41f74e9cc}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{2d30905e-fe79-41c1-9487-0c853a028377}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{2d30905e-fe79-41c1-9487-0c853a028377}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{2d30905e-fe79-41c1-9487-0c853a028377}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{318ba8f3-9085-4954-abb5-7ab65e9a6cc2}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{318ba8f3-9085-4954-abb5-7ab65e9a6cc2}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{318ba8f3-9085-4954-abb5-7ab65e9a6cc2}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{3d836be1-61c6-4d9d-bf55-832251d375f2}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{3d836be1-61c6-4d9d-bf55-832251d375f2}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{3d836be1-61c6-4d9d-bf55-832251d375f2}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{471e04f3-d6f6-4e22-be4f-bc2580e41c4b}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{471e04f3-d6f6-4e22-be4f-bc2580e41c4b}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{471e04f3-d6f6-4e22-be4f-bc2580e41c4b}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{492b63c6-6bb3-4261-a6ad-95088c68b747}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{492b63c6-6bb3-4261-a6ad-95088c68b747}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{492b63c6-6bb3-4261-a6ad-95088c68b747}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{492b63c6-6bb3-4261-a6ad-95088c68b747}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{492b63c6-6bb3-4261-a6ad-95088c68b747}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{4c72756f-969a-45a9-a241-2446328459d7}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{4c72756f-969a-45a9-a241-2446328459d7}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{4c72756f-969a-45a9-a241-2446328459d7}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{57b5b0da-f9ab-4be8-a2f6-63e0a4ea3074}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{57b5b0da-f9ab-4be8-a2f6-63e0a4ea3074}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{57b5b0da-f9ab-4be8-a2f6-63e0a4ea3074}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{57b5b0da-f9ab-4be8-a2f6-63e0a4ea3074}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{57b5b0da-f9ab-4be8-a2f6-63e0a4ea3074}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{61c037fd-a1f0-434d-ba27-0583b926be05}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{61c037fd-a1f0-434d-ba27-0583b926be05}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{61c037fd-a1f0-434d-ba27-0583b926be05}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{656baa54-1b97-4ddd-ad63-49db70145889}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{656baa54-1b97-4ddd-ad63-49db70145889}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{656baa54-1b97-4ddd-ad63-49db70145889}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{656baa54-1b97-4ddd-ad63-49db70145889}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{656baa54-1b97-4ddd-ad63-49db70145889}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{7411a3c0-e029-4aa6-b8f5-4df52241c0a4}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{7411a3c0-e029-4aa6-b8f5-4df52241c0a4}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{7411a3c0-e029-4aa6-b8f5-4df52241c0a4}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{7411a3c0-e029-4aa6-b8f5-4df52241c0a4}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{7411a3c0-e029-4aa6-b8f5-4df52241c0a4}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{8ed96635-48d0-4675-a4f6-904502499354}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{8ed96635-48d0-4675-a4f6-904502499354}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{8ed96635-48d0-4675-a4f6-904502499354}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{91e84b81-96ec-4ac8-b00e-793b4a7fd605}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{91e84b81-96ec-4ac8-b00e-793b4a7fd605}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{91e84b81-96ec-4ac8-b00e-793b4a7fd605}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b581bc08-834d-4d7a-9141-e4611a2343a0}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b581bc08-834d-4d7a-9141-e4611a2343a0}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{b581bc08-834d-4d7a-9141-e4611a2343a0}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b581bc08-834d-4d7a-9141-e4611a2343a0}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b581bc08-834d-4d7a-9141-e4611a2343a0}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{b80b957e-230b-4b28-8bc5-1232bb0d1f11}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b80b957e-230b-4b28-8bc5-1232bb0d1f11}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{b80b957e-230b-4b28-8bc5-1232bb0d1f11}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b80b957e-230b-4b28-8bc5-1232bb0d1f11}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{b80b957e-230b-4b28-8bc5-1232bb0d1f11}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\0x0409.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\0x0409.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\_ismsidel.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\setup.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\setup.ini | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\windows installer 3.1 (x86).prq | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\{c8a9efad-6182-488d-94b8-46133ad706c4}\windows installer 3.1 (x86).prq | Synchronize,Write Attributes |
| c:\users\user\appdata\local\temp\~3a63.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~3cf5.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~467d.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~49bb.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~4a25.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~509e.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~513f.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~5300.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~5312.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~53cd.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~55dc.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~5969.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~5981.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~59b2.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~5c9c.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~6038.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~7f25.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~8273.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~8314.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~89bd.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~89ce.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~ab21.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~b19b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~b1ad.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~b7ae.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~b8f7.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~b993.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~bb1b.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~bf80.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~bfa2.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~c107.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~c128.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~c29a.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~c952.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~c964.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~ce55.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~cf79.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~d566.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~d578.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~d76f.tmp | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\~d7a0.tmp | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
| Network Wininet |
|
| Network Winhttp |
|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\92a3b5d7dc02c2b03462fb84d347bdaac4ce0cce_0000110240.,LiQMAxHB
|
