Malware.Jeefo

Por Sumo3000 em Minhocas

Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank:	4,996
Nível da Ameaça:	80 % (Alto)
Computadores infectados:	5,059

Visto pela Primeira Vez:	December 28, 2012
Visto pela Última Vez:	February 6, 2026
SO (s) Afetados:	Windows

O Malware.Jeefo é um worm de rede, que se espalha através das redes existentes. O Malware.Jeefo foi projetado para infectar, preceder e substituir determinados arquivos com o seu próprio corpo, a fim de deteriorar o desempenho do sistema e executar rotinas maliciosas. O Malware.Jeefo pode ser detectado e removido por um aplicativo anti-malware de eficiência reconhecida.

Índice

Detalhes Sobre os Arquivos do Sistema

Malware.Jeefo pode criar o(s) seguinte(s) arquivo(s):

Expandir todos | Recolher todos

#	Nome do arquivo	Detecções Detecções: O número de casos confirmados e suspeitos de uma determinada ameaça detectada nos computadores infectados conforme relatado pelo SpyHunter.
1.	%AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\STUBEXE\@SYSTEM@\server.exe
Nome: %AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\STUBEXE\@SYSTEM@\server.exe Tipo: Executable File Grupo: Arquivo de malware
2.	%Windir%\svchost.exe
Nome: %Windir%\svchost.exe Tipo: Executable File Grupo: Arquivo de malware
3.	%AppData%\addons.dat
Nome: %AppData%\addons.dat Tipo: Data file Grupo: Arquivo de malware
4.	%AppData%\Bifrost\logg.dat
Nome: %AppData%\Bifrost\logg.dat Tipo: Data file Grupo: Arquivo de malware
5.	%AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\XRegistry.bin
Nome: %AppData%\Xenocode\Sandbox\1.0.0.0\2010.08.30T00.09\Virtual\XRegistry.bin Tipo: Binary File Grupo: Arquivo de malware

Detalhes sobre o Registro

Malware.Jeefo pode criar a seguinte entrada de registro ou entradas de registro:

HKEY..\..\..\..{RegistryKeys}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

Relatório de análise

Informação geral

Family Name:	Virus.Jeefo
Signature status:	No Signature

Known Samples

MD5: bac11dd7c72e782d169d059fc21076a7

SHA1: 06f8794b2b5d5b3569b750c3c65ebb1c95c4e091

Tamanho do Arquivo: 2.29 MB, 2288848 bytes

MD5: 01120ff4964934bc53ce7d54b7a94d00

SHA1: 80f2a0bba5a78f6aba3fad98c144c007823a6830

Tamanho do Arquivo: 274.94 KB, 274944 bytes

MD5: 0226e3d8b3cd15539652a0c7d8aed0c8

SHA1: ca0fa51fcaaa5926966fab61d0ce88ceec824783

Tamanho do Arquivo: 242.76 KB, 242760 bytes

MD5: cc324fc58f193cbbe0436727bcab237e

SHA1: aed2466b7c9901becbc0bfafbefce413fa57fabc

SHA256: C9EAA95E1BA3732FCC73081B563FDB2DC9B61C93885DF74026B3A930213E5CC9

Tamanho do Arquivo: 464.80 KB, 464796 bytes

MD5: 9a1e7ec90a6cbfbd687c65dbb591ed9b

SHA1: 85b73b8783649804bafe6e391706fc379479eacd

SHA256: 382E33904B3CFE430FBD9D424DF2B77EAB8CAFE88FFFF6880653B3F5B2C40752

Tamanho do Arquivo: 6.90 MB, 6899712 bytes

MD5: 357e8d634a2431cd5db7251627adc2b0

SHA1: ef457a5ffae1fc4e12e96052ede38c5713c39b65

SHA256: F86D252BA5A618DF88486160DC4EF85B77BD6908D2D19EE10E3E52DA21B2A3C3

Tamanho do Arquivo: 4.95 MB, 4952576 bytes

MD5: 5374401311083121c0d4ff90f3775c46

SHA1: cf5afb055d33848a99c5db198c8ef1c965f86c2c

SHA256: 71BF7B04230062378A2EABF3AB961E6A0A1B9581AF2275E84CECA88DD3B949B5

Tamanho do Arquivo: 2.28 MB, 2278288 bytes

MD5: 7f105a1bb3e6eb7aa0ba77583655ff06

SHA1: 50f44609ba00bd37e81877187fc820d0a1b6d591

SHA256: 5E003295D37496DC63DDD8AB2F086A313030298B77C656EB293A48D759B3AF96

Tamanho do Arquivo: 1.41 MB, 1409536 bytes

MD5: b03805244ab40351887a3c656e53c52b

SHA1: 548da8d648c3ee92ae061610308ec7b6b9927b63

SHA256: 0A016BCBF561A55C532F4BAB7F7BD0F725442695E9EEC9702567D51EBEDEFF21

Tamanho do Arquivo: 986.35 KB, 986352 bytes

MD5: 6a31981c12e447fbfbc1d28b660e0e40

SHA1: c7eeb3e9f5a1131564c7139216cefe11976c69b4

SHA256: 9BD5BED33418F4314D515259BDB726928D21E678BF126469BDF753659DD02192

Tamanho do Arquivo: 668.16 KB, 668160 bytes

MD5: 830c9e9cb43a3e7e0d858fb141bceca1

SHA1: f29c48235765bc56199c89df419245753b26286f

SHA256: 7394C61E4DA9DB7160955AB1669B7B7CDD877ABCF0D2075A49B78ACDDD37FC57

Tamanho do Arquivo: 147.86 KB, 147864 bytes

MD5: 9a65505dfee8db03d5ed580f3b679e7c

SHA1: 60a77c87be0871f43878fe4d2d130aaa6e4ba5e1

SHA256: AEAA2ACA21A1BEB122EB7A826AB24B37629CD4268218F08F305B3BAF370E39F7

Tamanho do Arquivo: 2.43 MB, 2426680 bytes

MD5: 68fd6f6e159d72ecfa05d1aaceebe1ac

SHA1: 8ad9999f76d648f1abd971bf6b1b8c635ffeafad

SHA256: 8DD956EE6C4A1BB5116B26E2610E4B8BC918A03115C48B808C9E599D12B58FE4

Tamanho do Arquivo: 5.18 MB, 5181040 bytes

MD5: b800d6b6179d61a211bd94bf730752d1

SHA1: 339276ecccccad5e59bf757144b8131ac242159a

SHA256: 5FE839752D905B2666C1F13343DE8B3E3BAD279DCB2D1D457D8F786D5083854B

Tamanho do Arquivo: 4.07 MB, 4074320 bytes

MD5: 5331d124e12a0b2fb2a93649d2feb16e

SHA1: 5dae2f3783ef9cf44a58cf9857c8a090aa64ba42

SHA256: 2F75B13438535859CDBD4ACA58FC26DFFD1FF7C43F588D13CA88038DC282F774

Tamanho do Arquivo: 2.47 MB, 2470360 bytes

MD5: 71cd2be796bcffd11fbb38722ae92ebf

SHA1: db547adb9085343aa0c2718eb97138cd30a20733

SHA256: 54938013AF21A63F40C3A2E9CFE76CD6D5B72B61FBF99BA25A08582EF93955A9

Tamanho do Arquivo: 139.11 KB, 139112 bytes

MD5: 71a8163ae0600a4a972621e629c5bb23

SHA1: 791210d8e4292346b3cb32d80833ddb4cb197310

SHA256: A3A6715797021CCB5432C4AE565BCD6B82E1E464D863034BBC6DEC0F50B425E1

Tamanho do Arquivo: 3.46 MB, 3459456 bytes

MD5: 284de4adace652f1bd8c323a5ba8bbfd

SHA1: 52ca985a38c9dbfb7a2de044ff1d11e3cc143381

SHA256: 1577256F2B7E1BBA24F8FEACB647B86C87DDFDD4AD71CCE6E7C58A14300F9AB6

Tamanho do Arquivo: 3.19 MB, 3189792 bytes

MD5: 99af063622089b7b3d39dae9aff6cfb4

SHA1: cac9620abb2fe038e7f894851bfdfe1e975a7f5b

SHA256: EB98B429776E796176B9256811ACA3C88D722179F6D8C917C093AC6B99A3BCA5

Tamanho do Arquivo: 1.65 MB, 1653248 bytes

MD5: cc081d99b80f0717cd7f66e5bfbfda7c

SHA1: 95e799a26c0a21abbe2528b9b8c4bdc7ded95faf

SHA256: AC1A28E7CEF14F7D6F7B6C470DF006021EDC5C65F4676B9FBD3C5147778DB528

Tamanho do Arquivo: 1.06 MB, 1055520 bytes

MD5: d958642798644d91743cb58909a7160b

SHA1: 1f8ffba5cba276e19c968da5f05a0454e4cd689e

SHA256: F283ACEB49EEBD9AECC6301C2567DEC5AEFCF96FDD03A4CDB08498A75F40FC65

Tamanho do Arquivo: 3.23 MB, 3230192 bytes

MD5: 2ec290d8cae1d64268012aeecb63918f

SHA1: 3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc

SHA256: E5C3963F4EE95BDF51A5C4C8AE3E7AAF2CD5D6535883496F4D127799E783FA70

Tamanho do Arquivo: 1.63 MB, 1632696 bytes

MD5: b49d0df28675dd2bf01809f446f45065

SHA1: 1c830613bb8e7967cb9c8abe80da2eb71d268e23

SHA256: 9FC2FB67E0E3851ECFA2918234C0403FA62845F3A5428BE1286FE8EAF3A8D383

Tamanho do Arquivo: 377.70 KB, 377704 bytes

MD5: 940c3c67fad769578ff2a3587a096c81

SHA1: 5a81eec853f840d42db8c4adc687a5bf1ef59e4d

SHA256: E49E6E2730E8B5BB1E65C8C4F615C339BCBE0871981413753B7F2CAB5DE5DEC7

Tamanho do Arquivo: 8.67 MB, 8668821 bytes

MD5: 2b8e55410a41435dbe95ad825c27fc3d

SHA1: e79528b72787747ed393b85c01cc5e82f6003c7e

SHA256: 2305A93EFB1BD92817259744CCE6DF8F7C402F7A719AF672A15F573898616C47

Tamanho do Arquivo: 147.93 KB, 147928 bytes

MD5: ebf8be76c4cedb714dc8fbebd7e6395b

SHA1: 95af4c2af5c3c860c435476dc59b151abec15ff1

SHA256: 56AF85A0A5110EBAC7063A597EB3607A988132180DAE908D1FC93343729D89AE

Tamanho do Arquivo: 1.63 MB, 1632696 bytes

MD5: a095dfde65ccd5883b5c0ec84e9003cb

SHA1: af2046a570e0d9c199a8f3b72d37d3b2619e7e9c

SHA256: C26FFD840ED04C5C5F9B8BBDA8DD6FBD7A674E1E0FD462B5297465C7FA3D30AD

Tamanho do Arquivo: 1.70 MB, 1702976 bytes

MD5: b746d208a157cd7617749afc4eb2692b

SHA1: 6f29991ff2dcf2af0732681c94a5a76f22374341

SHA256: 7788DC8163CE45FE54E2B166D02C7C27BAA84AED9D66CF4CC9DE5CAF5C62D696

Tamanho do Arquivo: 9.22 MB, 9222312 bytes

MD5: 8005ef2cbd8d84b45ff7bc8528409637

SHA1: a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6

SHA256: EDB3EB991AE5CFB3191ECB7F8C2F048453F5EC7E9CE76EE587B936346B3E2E94

Tamanho do Arquivo: 236.80 KB, 236799 bytes

MD5: 6d970243be6911bdd3804dc1ee6a7e5a

SHA1: e988692d0914211bb1a263bcd4874eace5d0632d

SHA256: 28B7EDF5B4CB7DC24A7C33EA2F0D612055008B12AA472309BB3A2A68BAF0879E

Tamanho do Arquivo: 142.42 KB, 142416 bytes

MD5: c4206b6898495d21f0c347a50dc949d7

SHA1: 179a86a27cd7ef236be955637fde72c4bbd68758

SHA256: C6B3238133B600DC9E2B84177B7AD3AA6AD85F56AF927755ACB77F740E3B9863

Tamanho do Arquivo: 901.88 KB, 901880 bytes

MD5: 1161ffaea5d09d2410872b4ab7c205b4

SHA1: 6fbbd5d1fef672523420cf299db8776f690a0487

SHA256: A987B785B82C013A51479B6569840CB454AC890A1103257D9162D96FC261D1C7

Tamanho do Arquivo: 363.91 KB, 363912 bytes

MD5: ccee59dd9926f17279931100475ceb05

SHA1: 136e81e67d1ab0b524d6cb72e963842c2fbbec8f

SHA256: FC50FD64B492BA146F3E525229CDC435020921679DCE86973049DB38F7BC3141

Tamanho do Arquivo: 236.05 KB, 236048 bytes

MD5: ed063aa0c259e3e041b78b718cef2eea

SHA1: f851287d5bb1354f8a1445ee2232a660c9665a57

SHA256: B49F2AA03B8798303055E83DDD395F40EEC374F257418A98621025AD056F3015

Tamanho do Arquivo: 242.27 KB, 242272 bytes

MD5: eec6931f731360d1286caf1006435cad

SHA1: c2790efb9d35b8e4d2c74657a9abdfe154896be2

SHA256: 8305A3752788014B56C68C36C06817BE52938C17248711EB9933315F4B6BCEB7

Tamanho do Arquivo: 715.96 KB, 715960 bytes

MD5: 8808f0c0e39952c06b986434ca101b03

SHA1: b9d62c1d98626cc9c67883ba59c3327f2d2bbc49

SHA256: 9B17784C22CE0F1AD2447F87B88E088EA28F18FBC2C8795F084FB46D5049D879

Tamanho do Arquivo: 289.79 KB, 289792 bytes

MD5: 89e7bc29ca87e07c47bd2984750faf92

SHA1: 38e415555a00e46b9a4863f9d94b22e4a7de2076

SHA256: 000E5CD2A6726684C4BBF60ADA6BA6D56C9B897DA3FE53A506AFD8B326CAC376

Tamanho do Arquivo: 1.56 MB, 1561368 bytes

MD5: 3efcb1d280d9116e685b4feae701820c

SHA1: 5981cb56136386c70e604d7e0e588902399f170b

SHA256: 9502DC5E1BD5756FDFD1268075D94E4BBF2322DA55B3EEED1D67680BA43CF52F

Tamanho do Arquivo: 6.66 MB, 6662024 bytes

MD5: 69b9401cc41914e5b0672ddcaea8df64

SHA1: 4c4ed7856320d27a2b698f51933dd81753788df2

SHA256: 08ED8CD0608008EC2DCD91F8124B1B8E4CDD2C4EC386281E8246980FB7978C45

Tamanho do Arquivo: 627.91 KB, 627912 bytes

MD5: d25e8fd53b23b6acb8dfc04d66942e8f

SHA1: a2bf44d61a79b39b406be327135a4ea0243aa67f

SHA256: D146B0DD16FC099B13125DBF895C21722876E760E9E669FF0BC2745F18E653FE

Tamanho do Arquivo: 2.60 MB, 2601665 bytes

MD5: c2dfe2dadba9332faeb3600c0542863b

SHA1: 67a96a4eeae51a9c0a64d929ec20d73030f75753

SHA256: 89A1666B49D312354B4C689FF6E35B0D01C9C7BBB5EAE14324156F6A3076D90A

Tamanho do Arquivo: 5.38 MB, 5378568 bytes

MD5: 440ebd4eb68dab20fa00ca519b3f7882

SHA1: 284487b2a36b36c9214b12ce15d8d98af0776567

SHA256: D6D56163D59C9D799E3C63838E66BDD20C99506A5233709971829351CA6BEB9F

Tamanho do Arquivo: 1.07 MB, 1065624 bytes

MD5: 83b4da0c5e91e676c355a34ad0fe73da

SHA1: 09322303503ed0a70613110ca72e1bc790348882

SHA256: 5AD575DCCFE237328DE529EA01D57917C5D639ED0D8454A01AF98AAEA9724110

Tamanho do Arquivo: 36.35 KB, 36352 bytes

MD5: 27956f9d183b80dd80e050c704ec6ea3

SHA1: d1393b53bb6f5e97e95c682477198ad7920a07a0

SHA256: FDD929E7C83B3829D7F57B64B8A4CA1F1210C241B7039C14BA99E11925F6B1A5

Tamanho do Arquivo: 210.51 KB, 210515 bytes

MD5: d8f0313dadd468470ee2bd5247e2d868

SHA1: 75a9252469eb363974e72385814c5e189b0af47a

SHA256: 88B1A42516F52391C9F7BFDD897DBD803045BBF5584F31B6C3920D75EF491DBB

Tamanho do Arquivo: 3.03 MB, 3025408 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

92 additional icons are not displayed above.

Windows PE Version Information

Nome	Valor
Assembly Version	4.5.0.0 2.0.0.0 1.1.1.0 1.0.4022.27203 1.0.0.0
Build	2008-11-30
Build Date	02/26/2025 11:09:07
Build Num	27(run 1)
Coder	By BlueLife
Comments	ASUS WebStorage Panel Command Line Interface application for all ACE Components Crystal Launcher Environmental Systems Research Institute, Inc. This installation was built with Inno Setup. Update UpLauncher Windows Update Blocker v1.6
Company Name	Adaware Adobe Systems Incorporated Advanced Micro Devices, Inc. Advanced Micro Devices Inc. ASUS Cloud Corporation ASUSTek Computer Inc. BraveSoftware Inc. Discord Inc. Eden Games Electronic Arts Show More Environmental Systems Research Institute, Inc. Freedom Scientific, Inc. GitHub https://crystal-launcher.net Igor Pavlov Intel Corporation KLCP Microsoft Corporation MyCache now.gg, Inc. Python Software Foundation Tencent TODO: <Company name> Wlodzimierz Grabowski, info@extranslator.com www.sordum.org Ymir Entertainment
File Description	7z Setup SFX Adaware Privacy Adobe Acrobat 32BitMAPIBroker Adobe Bootstrapper for Single Installation AMD Software ASUS WebStorage Panel BlueStacks Setup BraveSoftware Update Client Activator CrashReporter Show More Crystal Launcher EA app GameLoop Generic Host Process for Win32 Services Intel(R) Graphics Installer KMPLoading Metin2Client Microsoft Edge Update MyCache 1.0.0.0 NXTWEAKER Opera installer SFX Python Radeon Additional Settings: Command Line Interface Sample Converter, Browser, Player & Editor Setup/Uninstall Setup application Simulate Store App Execution Application TODO: <File description> Tower of Fantacy Downloader Update UpLauncher Windows Update Blocker v1.6
File Version	117.0.5408.162 51.1052.0.0 25.1.20630.0 24.5.20320.0 23.01 13.575.0.6088 11.2.25.0 11.1.0.0 9.0.000.4 5.1.0.0 Show More 5.0 4.57 4.5.0.0 4.0.0.1 3.91.5299.81 3.21.4873.80 3.13.1 3.5.9.1543 2.9.2.4809 2.0.0.0 1.6.0.0 1.3.361.151 1.3.215.9 1.3.185.27 1.1.1.0 1.0.28249.1 1.0.85.3 1.0.1.0 1.0.0.1 1.0.0.0 1, 7, 49, 0 0.0.6.120
Internal Name	7zS.sfx Adaware Privacy AndroidEmulator AsusWSPanel.exe BlueStacks Installer BraveSoftware Update CLI.exe CrashReporter.exe CrystalLauncherInstaller.exe EXSC Show More fsClientActivator.exe GFX Metin2Client Microsoft Edge Update Minidown NXTWEAKER.exe P1.exe Python Application setup Setup.exe SimAppExec.exe svchost.exe Update.exe UpLauncher.exe
Language Id	sr-Cyrl-RS
Legal Copyright	2002-2015 2024 (c) MyCache Adaware Software Canada. All Rights Reserved. ASUSTek Computer Inc. Copyright (C) Copyright (C), Intel Corporation. All rights reserved. Copyright (c) 1999-2007 Igor Pavlov Copyright (c) 1999-2023 Igor Pavlov Copyright (c) 2007 - 2018, Advanced Micro Devices, Inc. Copyright (c) 2010-2021 Bluestacks from Now.gg, Inc. Show More Copyright (C) 2011 Copyright (C) 2022 Pixel. All Rights Reserved. Copyright (c) 2025 Discord Inc. All rights reserved. Copyright (c) Electronic Arts. All rights reserved. Copyright 1984-2024 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 1984-2025 Adobe Systems Incorporated and its licensors. All rights reserved. Copyright 2025, Freedom Scientific, Inc. Copyright Microsoft Corporation Copyright © 2001-2024 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC. Copyright © 2008 Adobe Systems Incorporated. All rights reserved. Copyright © 2008 Wlodzimierz Grabowski Copyright © 2016-2020 www.sordum.org All Rights Reserved. Copyright © 2018 Copyright © 2020 Tencent. All Rights Reserved. Copyright © 2025 Copyright © Crystal Launcher 2021 Copyright © Eden Games 2010 Copyright © GitHub 2013-2015 Esri, Inc.Copyright ©1999-2023 ESRI Inc. All Rights Reserved Opera Software 2025 TODO: (c) <Company name>. All rights reserved. © Microsoft Corporation. All rights reserved.
Legal Trademarks	ASUS Cloud Corporation Extreme Sample Converter Intel Corporation
Original Filename	7zS.sfx.exe 32BitMAPIBroker.exe Adaware Privacy AndroidEmulator.exe AsusWSPanel.exe BlueStacksInstaller.exe BraveUpdate.exe CLI.exe CrashReporter.exe CrystalLauncherInstaller.NX.exe Show More EAappInstaller.exe EXSC.EXE fsClientActivator.exe goopdate.dll igxpin.exe Metin2Client.exe Minidown.exe msedgeupdate.dll NXTWEAKER.exe P1.exe pythonw.exe setup-win32-bundle.exe Setup.exe SimAppExec.exe svchost.exe Update.exe UpLauncher.exe Wub.exe
Product Name	7-Zip Adaware Privacy Adobe Acrobat 32BitMAPIBroker AMD Software ASUS WebStorage Panel ATK Hotkey BlueStacks 5 Bootstrapper Small BraveSoftware Update Client Activator Show More CrashReporter CrystalLauncherInstaller.NX EA app Extreme Sample Converter GameLoop Intel(R) Graphics K-Lite Mega Codec Pack KMPLoading Metin2Client Microsoft Edge Update Microsoft® Windows® Operating System MyCache 1.0.0.0 NXTWEAKER Python Radeon Additional Settings Setup TODO: <Product name> Tower of Fantacy Downloader Update UpLauncher
Product Version	117.0.5408.162 25.1.20630.0 24.5.20320.0 23.01 19.3.5 13.575.0.6088 11.2.25.400 11.1.0.0 9.0.000.4 5.1.0.0 Show More 5.0 4.57 4.5.0.0 4.0.0.1 3.13.1 3,91,5299,81 3,21,4873,80 2.9.2.4809 2.0.0.0 1.6.0.0 1.3.361.151 1.3.215.9 1.3.185.27 1.1.1.0 1.0.85.0 1.0.1.0 1.0.0.1 1.0.0.0 1, 7, 49, 0 1, 0, 0, 1 0.0.6.120
Program I D	com.embarcadero.KMPLoading
Upstream Version	1.3.99.0
Productname	Opera installer
Stream	Stable

File Traits

2+ executable sections
big overlay
Default Version Info
HighEntropy
Inno
InnoSetup Installer
Installer Manifest
Installer Version
No Version Info
x86

Block Information

Total Blocks:	276
Potentially Malicious Blocks:	114
Whitelisted Blocks:	162
Unknown Blocks:	0

Visual Map

0 0 0 0 0 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x 0 x x x x 0 x 0 x x 0 x x x 0 0 0 0 x 0 x x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 0 x 0 0 x 0 x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x x x 0 0 x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 x 0 0 x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Jeefo.A
MSIL.SnakeLogger.RF
Parite.F
Parite.FA
Parite.W

Files Modified

File	Attributes
\device\namedpipe\crashpad_5800_ihqiytrtgkgnrvvk	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_5800_ihqiytrtgkgnrvvk	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\intel\logs\intelgfx.log	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\programdata\adaware\adaware privacy\options\statistics.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\crystallauncherinstallernx\launchlog.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.opera	Synchronize,Append data

c:\users\user\appdata\local\temp\.opera\opera gx installer temp\setup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.opera\opera gx installer\opera_installer_20251111014647502.log	Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\002ca840_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca840_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\002ca8ad_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca8ad_rar\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\3feb7684702249987556e8d60973c0f3\sqlite.interop.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3feb7684702249987556e8d60973c0f3\sqlite.interop.dll.lock	Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\5800_584333888	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\bios.fd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\bios.fd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\biosimageproc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\biosimageproc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\ding.wav	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\ding.wav	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\flshook.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\flshook.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\fwupdlcl.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\fwupdlcl.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt-w.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt-w.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.cat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.cat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.inf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt.inf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt32.sys	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt32.sys	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt64.sys	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\h2offt64.sys	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\mfc90u.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\mfc90u.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.crt.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.crt.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.mfc.manifest	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\microsoft.vc90.mfc.manifest	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcp90.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcp90.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcr90.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\msvcr90.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\platform.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\platform.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\wdfinst.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs4f0.tmp\wdfinst.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscd517f96\setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscd517f96\setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\apinstaller.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\apresources\app.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946465645800.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946473615896.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_2511110946484551264.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\opera_installer_ui.lck	Generic Write,Read Attributes,Delete
c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports\metadata	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports\settings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe	Generic Write,Read Attributes
c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe	Synchronize,Write Attributes
c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048	Generic Write,Read Attributes
c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048	Synchronize,Write Attributes
c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Generic Write,Read Attributes
c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880	Synchronize,Write Attributes
c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704	Generic Write,Read Attributes
c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704	Synchronize,Write Attributes
c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192	Generic Write,Read Attributes
c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192	Synchronize,Write Attributes
c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624	Generic Write,Read Attributes
c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624	Synchronize,Write Attributes
c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320	Generic Write,Read Attributes
c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320	Synchronize,Write Attributes
c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368	Generic Write,Read Attributes
c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368	Synchronize,Write Attributes
c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696	Generic Write,Read Attributes
c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696	Synchronize,Write Attributes
c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912	Generic Write,Read Attributes
c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912	Synchronize,Write Attributes
c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352	Generic Write,Read Attributes
c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352	Synchronize,Write Attributes
c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024	Generic Write,Read Attributes
c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024	Synchronize,Write Attributes
c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821	Generic Write,Read Attributes
c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821	Synchronize,Write Attributes
c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360	Generic Write,Read Attributes
c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360	Synchronize,Write Attributes
c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680	Generic Write,Read Attributes
c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680	Synchronize,Write Attributes
c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568	Generic Write,Read Attributes
c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568	Synchronize,Write Attributes
c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312	Generic Write,Read Attributes
c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312	Synchronize,Write Attributes
c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912	Generic Write,Read Attributes
c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912	Synchronize,Write Attributes
c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408	Generic Write,Read Attributes
c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408	Synchronize,Write Attributes
c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456	Generic Write,Read Attributes
c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456	Synchronize,Write Attributes
c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe	Generic Write,Read Attributes
c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe	Synchronize,Write Attributes
c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040	Generic Write,Read Attributes
c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040	Synchronize,Write Attributes
c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696	Generic Write,Read Attributes
c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696	Synchronize,Write Attributes
c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520	Generic Write,Read Attributes
c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520	Synchronize,Write Attributes
c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665	Generic Write,Read Attributes
c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665	Synchronize,Write Attributes
c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799	Generic Write,Read Attributes
c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799	Synchronize,Write Attributes
c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796	Generic Write,Read Attributes
c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796	Synchronize,Write Attributes
c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792	Generic Write,Read Attributes
c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792	Synchronize,Write Attributes
c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960	Generic Write,Read Attributes
c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960	Synchronize,Write Attributes
c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160	Generic Write,Read Attributes
c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160	Synchronize,Write Attributes
c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe	Generic Write,Read Attributes
c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe	Synchronize,Write Attributes
c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248	Generic Write,Read Attributes
c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248	Synchronize,Write Attributes
c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288	Generic Write,Read Attributes
c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288	Synchronize,Write Attributes
c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515	Generic Write,Read Attributes
c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515	Synchronize,Write Attributes
c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112	Generic Write,Read Attributes
c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112	Synchronize,Write Attributes
c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928	Generic Write,Read Attributes
c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928	Synchronize,Write Attributes
c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416	Generic Write,Read Attributes
c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416	Synchronize,Write Attributes
c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576	Generic Write,Read Attributes
c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576	Synchronize,Write Attributes
c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864	Generic Write,Read Attributes
c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864	Synchronize,Write Attributes
c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272	Generic Write,Read Attributes
c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272	Synchronize,Write Attributes
c:\users\user\downloads\squirrelsetup.log	Generic Write,Read Attributes
c:\windows\svchost.exe	Generic Write,Read Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Dados	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey

HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1	RegNtPreCreateKey
HKLM\software\wow6432node\adaware\adaware privacy::machineid	268ddfeb-393b-01ab-2937-4e66db5d0964	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㻇糆攢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ﯢ沎ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ǜ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://www.ledyazilim.com/logo.gifhttp://ksandrafashion.com/l	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	䡴⬋	RegNtPreCreateKey
HKCU\software\apcr::u2_0	ᩣ	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::append	0	RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::file	C:/Program Files (x86)/AMD/CIM/Log/Installer.log	RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::level	3	RegNtPreCreateKey
HKLM\software\wow6432node\ati technologies\log::maxsize	$	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess
Service Control	OpenSCManager StartServiceCtrlDispatcher
Process Manipulation Evasion	NtUnmapViewOfSection
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation Show More ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetCurrentProcessorNumber ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThread ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationObject ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 17 additional items are not displayed above.
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Network Info Queried	GetAdaptersAddresses GetAdaptersInfo GetNetworkParams
Network Winsock2	WSAConnect WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	bind closesocket freeaddrinfo getaddrinfo gethostname inet_addr recv send setsockopt
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Network Wininet	HttpOpenRequest HttpSendRequest InternetConnect InternetOpen
Network Winhttp	WinHttpOpen
Process Terminate	TerminateProcess

Shell Command Execution


							"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe"


							"c:\users\user\downloads\06f8794b2b5d5b3569b750c3c65ebb1c95c4e091_0002288848.exe"


							"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe"


							"c:\users\user\downloads\80f2a0bba5a78f6aba3fad98c144c007823a6830_0000274944.exe"


							"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe"


									"c:\users\user\downloads\ca0fa51fcaaa5926966fab61d0ce88ceec824783_0000242760.exe"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796"


									"c:\users\user\downloads\aed2466b7c9901becbc0bfafbefce413fa57fabc_0000464796"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\85b73b8783649804bafe6e391706fc379479eacd_0006899712"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576"


									"c:\users\user\downloads\ef457a5ffae1fc4e12e96052ede38c5713c39b65_0004952576"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288"


									"c:\users\user\downloads\cf5afb055d33848a99c5db198c8ef1c965f86c2c_0002278288"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\50f44609ba00bd37e81877187fc820d0a1b6d591_0001409536"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352"


									"c:\users\user\downloads\548da8d648c3ee92ae061610308ec7b6b9927b63_0000986352"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160"


									"c:\users\user\downloads\c7eeb3e9f5a1131564c7139216cefe11976c69b4_0000668160"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864"


									"c:\users\user\downloads\f29c48235765bc56199c89df419245753b26286f_0000147864"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680"


									"c:\users\user\downloads\60a77c87be0871f43878fe4d2d130aaa6e4ba5e1_0002426680"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040"


									"c:\users\user\downloads\8ad9999f76d648f1abd971bf6b1b8c635ffeafad_0005181040"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320"


									"c:\users\user\downloads\339276ecccccad5e59bf757144b8131ac242159a_0004074320"


									C:\Users\Uqrnhdiw\AppData\Local\Temp\7zSCD517F96\setup.exe C:\Users\Uqrnhdiw\AppData\Local\Temp\7zSCD517F96\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Uqrnhdiw\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Uqrnhdiw\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=117.0.5408.162 --initial-client-data=0x384,0x388,0x38c,0x360,0x390,0x73dcd2e4,0x73dcd2f0,0x73dcd2fc


									"C:\Users\Uqrnhdiw\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360"


									"c:\users\user\downloads\5dae2f3783ef9cf44a58cf9857c8a090aa64ba42_0002470360"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112"


									"c:\users\user\downloads\db547adb9085343aa0c2718eb97138cd30a20733_0000139112"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456"


									"c:\users\user\downloads\791210d8e4292346b3cb32d80833ddb4cb197310_0003459456"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248"


									"c:\users\user\downloads\cac9620abb2fe038e7f894851bfdfe1e975a7f5b_0001653248"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520"


									"c:\users\user\downloads\95e799a26c0a21abbe2528b9b8c4bdc7ded95faf_0001055520"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192"


									"c:\users\user\downloads\1f8ffba5cba276e19c968da5f05a0454e4cd689e_0003230192"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696"


									"c:\users\user\downloads\3db4cabf2e9451bc15a6c59a61f6cef5f6ff29fc_0001632696"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704"


									"c:\users\user\downloads\1c830613bb8e7967cb9c8abe80da2eb71d268e23_0000377704"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821"


									"c:\users\user\downloads\5a81eec853f840d42db8c4adc687a5bf1ef59e4d_0008668821"


									.\H2OFFT-W.exe -sfx7z "c:\users\user\downloads" execApp


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928"


									"c:\users\user\downloads\e79528b72787747ed393b85c01cc5e82f6003c7e_0000147928"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696"


									"c:\users\user\downloads\95af4c2af5c3c860c435476dc59b151abec15ff1_0001632696"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\af2046a570e0d9c199a8f3b72d37d3b2619e7e9c_0001702976"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312"


									"c:\users\user\downloads\6f29991ff2dcf2af0732681c94a5a76f22374341_0009222312"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799"


									"c:\users\user\downloads\a2e2b9fcccdd97aa1e9c8d4dfd5243f5dc8a89c6_0000236799"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416"


									"c:\users\user\downloads\e988692d0914211bb1a263bcd4874eace5d0632d_0000142416"


									"c:\users\user\BraveUpdate.exe" /ondemand


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880"


									"c:\users\user\downloads\179a86a27cd7ef236be955637fde72c4bbd68758_0000901880"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912"


									"c:\users\user\downloads\6fbbd5d1fef672523420cf299db8776f690a0487_0000363912"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048"


									"c:\users\user\downloads\136e81e67d1ab0b524d6cb72e963842c2fbbec8f_0000236048"


									"C:\Users\Odhrwpre\AppData\Local\BraveSoftware\Update\BraveUpdate.exe" /c


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272"


									"c:\users\user\downloads\f851287d5bb1354f8a1445ee2232a660c9665a57_0000242272"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960"


									"c:\users\user\downloads\c2790efb9d35b8e4d2c74657a9abdfe154896be2_0000715960"


									"c:\users\user\downloads\RadeonInstaller.exe"  /IGNORE_UPGRADE


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792"


									"c:\users\user\downloads\b9d62c1d98626cc9c67883ba59c3327f2d2bbc49_0000289792"


									"C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368"


									"c:\users\user\downloads\38e415555a00e46b9a4863f9d94b22e4a7de2076_0001561368"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024"


									"c:\users\user\downloads\5981cb56136386c70e604d7e0e588902399f170b_0006662024"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912"


									"c:\users\user\downloads\4c4ed7856320d27a2b698f51933dd81753788df2_0000627912"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665"


									"c:\users\user\downloads\a2bf44d61a79b39b406be327135a4ea0243aa67f_0002601665"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568"


									"c:\users\user\downloads\67a96a4eeae51a9c0a64d929ec20d73030f75753_0005378568"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624"


									"c:\users\user\downloads\284487b2a36b36c9214b12ce15d8d98af0776567_0001065624"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\d1393b53bb6f5e97e95c682477198ad7920a07a0_0000210515"


									"C:\WINDOWS\svchost.exe" "c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408"


									"c:\users\user\downloads\75a9252469eb363974e72385814c5e189b0af47a_0003025408"

Malware.Jeefo

Cartão de pontuação de ameaças

EnigmaSoft Threat Scorecard

Detalhes Sobre os Arquivos do Sistema

Detalhes sobre o Registro

Relatório de análise

Informação geral

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Enviar o Comentário

Tendendo

Mais visto