Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.DotSetupIo.A

PUP.DotSetupIo.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.DotSetupIo.A
Signature status: Hash Mismatch

Known Samples

MD5: af7cf874d86b0120585a89e3204b87bc
SHA1: 3dc5960072b74fa867276635d170a6a3fcac3f64
File Size: 709.03 KB, 709032 bytes
MD5: 4b915ed7f8be76c86fb302f95b519b77
SHA1: c4efb650602683f7b75704c307e88807393253bb
File Size: 1.38 MB, 1382707 bytes
MD5: 306580b2bb5afd2e6151600cbf084f27
SHA1: dbbd5460cb6e910d460b97ab02bf8a8acbc59c7b
File Size: 660.33 KB, 660328 bytes
MD5: 7c2364131975c8d81ae46e676c216341
SHA1: 7d1aa04088f967572dd202d28fefbd09e9886917
File Size: 1.59 MB, 1586040 bytes
MD5: 6b3dec29998a7585aae38f2134c1a432
SHA1: 66e340431483feddc5a0df8a91bc98f6a2a187a5
File Size: 683.44 KB, 683440 bytes
Show More
MD5: 0dc9a7cb9ad323f5c1b6bd3bd11b71f4
SHA1: 6b1c35d79680857a823c4339ba6f430ef202dffe
File Size: 683.44 KB, 683440 bytes
MD5: 11ad1343d5bc9cb5a6156f156bcf72c8
SHA1: 4dc55fef802737cf05610900e3692d38b16d14ac
File Size: 683.44 KB, 683440 bytes
MD5: 16a0f96fe7b6a11b688591de81121046
SHA1: 74e7ec55d265270064f840c669b4028cad043efe
File Size: 683.44 KB, 683440 bytes
MD5: 10cfe5d5916b6f874baf01becb8da792
SHA1: cbf3167e1bb74813ce8a67fd07fdacf497af05fc
File Size: 1.38 MB, 1380207 bytes
MD5: 36bf20824ea85f9dcbdc90696d97dad6
SHA1: 3229a3d945b2d510dcd8d50a2211cb52c5ff2930
File Size: 1.31 MB, 1307418 bytes
MD5: 57a63d5311ef79e1c6f08871c7b6701c
SHA1: c9c3ea6e456d65dc779f031e41de424229f4107e
SHA256: BF490DF65E85065B3E3B07DC3D07A08DC7B041C6FE76E111508C67686B6E5867
File Size: 1.40 MB, 1401096 bytes
MD5: b52bbd31c6ac8bc71f16662f3688f440
SHA1: 1948d52944748576e315f65645823e334a0502f5
SHA256: B2B1C01CC346627BFE532E47BA26AD185F9ADA8E50FB48D57F837E6264C10180
File Size: 1.51 MB, 1512470 bytes
MD5: fdedc98a335d2ababed0fcd20a3baa65
SHA1: ceaa33c1a22466da46e92b08e26438d533ad95b6
SHA256: B2177EB2B431FBA5A7DD1556EECC4501BF218D4B6138E71C8D6D2EFE88B25117
File Size: 261.12 KB, 261120 bytes
MD5: 8a066184b025a391e1ba5aa5934b3e89
SHA1: d6eec9b2cc2f0b74991ebce81d8e7018fa17d8de
SHA256: 791E8307CC0144541914964A9FC1DC8F8AC1D6DE2BFAD3C0C8F73379A5F0921F
File Size: 1.51 MB, 1512613 bytes
MD5: 621b3f1560dc51237976846b7abf1379
SHA1: 7fc782a3e130ba243fc5a12007d45251e37d8828
SHA256: 5D032C60DA4535E88221A2C8B96A064A5D61B1DBBB5C76617D83F8A3EF4675E7
File Size: 678.15 KB, 678152 bytes
MD5: 1317e0b1eece37ce11b44d910a63fbbd
SHA1: f936bb266660d3c64de4ae3e5c9aed9dac64b925
SHA256: FD0E9704C8DD9620FF4F6C86F8286048377A46ED1BEC89A5AC8722D2ACF52BCC
File Size: 709.03 KB, 709032 bytes
MD5: c32c46a49319e14a363f52812ee459af
SHA1: aec541ac7ea42acee1a2c360693f5c96f9222043
SHA256: EF588B7C698AF045E07863709B0BDCE15C68F9EA5685B31C01B24824FE01B9C6
File Size: 683.44 KB, 683440 bytes
MD5: 2e9311989ea06ccbdc09796febacfefb
SHA1: 36e19d970f9c8f652850ee94339d0952e90fe7b3
SHA256: 423046B7D7B2FE293763CB7D3923BB25758DF169E15D696D0DDA09F5120EAC8F
File Size: 1.07 MB, 1073042 bytes
MD5: 9348e68530971cea4e54ffec403b93a2
SHA1: 937eb38ceea3e1e3ed3e7cb62428588aa5fde834
SHA256: 6D1C1CD7BA00A998538EE08BA3DB203EF21B076C92B99576E3695C6094D7676B
File Size: 1.79 MB, 1790478 bytes
MD5: af50c0c78c849f8e216b492f9761ce46
SHA1: 6c1eabdc9295e68048b749d5545261c48a911ad5
SHA256: 9FE31D70B9B9BD17B8AEA18CF2EA178D834988F526F87C8AF87DBADFB2BE419D
File Size: 705.45 KB, 705448 bytes
MD5: 5380de13d44b955c500b70c07ab92abe
SHA1: 88c970f8a0bb580079918e7de6b1f4842fa1eaf3
SHA256: A689873EDA3961F2F62547A9255542783981BBE6073B28725F2300079A605212
File Size: 683.44 KB, 683440 bytes
MD5: 2aa9b1e7fe9f6fe56f721037264fae6d
SHA1: cebc08feec7c919c8374da80b67724806a007ebc
SHA256: 731CB28BFA5F9E953C5A3AFA2D89FA9F3E16A4464151FDF4BF03CB4CD9F9B2A8
File Size: 679.86 KB, 679856 bytes
MD5: 0c9abb89f5da5d51adceb1f372ca62dd
SHA1: afcea5c0c3da9307a811fcd04aba4934b39c7a50
SHA256: 0DB3D1B2E5AE494F8B872BCBC59AEAD6EF76D42FECF01D4E5F8E812C4DBA50A5
File Size: 683.44 KB, 683440 bytes
MD5: 2fe27b0330cc1690abfb9d5c685928e5
SHA1: 4a39d7a40810d62b667160ff605f21cd105874df
SHA256: 089A7AED9EA59ABD0583F7E06059918B225FF746F72387C0EE2DB848F3E3674A
File Size: 1.20 MB, 1201405 bytes
MD5: e3840f09f786c433c4799fd28ffee765
SHA1: ae83750ede73f17ae86d51937634d82227f5803c
SHA256: CF3B4138F8D004862E97BFC02B7A27E3F94B630DF728FED4F6D7B9D62F16BFD2
File Size: 1.66 MB, 1658336 bytes
MD5: 66bf3c1fa89320003520b79f9394da8f
SHA1: 52ec22d84bc49f501b219bda8d8c914bd2e46ee6
SHA256: 0B7B9CD63E93F5EAA0080853FFDCF4D155B4B57029BD3BBB1E8A9771D8F2C36D
File Size: 1.65 MB, 1652160 bytes
MD5: b0c498c708c8d4b813ef4a2d49b0eaf0
SHA1: edd2cadecdd87ba0d38d7d0a6632f52cc6672c52
SHA256: DEBD58A920EF3FFBA50A531733B536DE31B288E0F69B13B687062BC1A7108C0F
File Size: 678.15 KB, 678152 bytes
MD5: 923ebe8b7b05a8b6ccde389b2cc709e5
SHA1: 01600b1811822b9c149c08cfb1960c6e9cb118c7
SHA256: 44AC1E25171AD8742DEF64C544A863081C29BA7D21CA6A8B2AB6C115629824FB
File Size: 1.79 MB, 1790457 bytes
MD5: 9b5f978d5dd451181c35a14be2ff35d9
SHA1: 11bc2cdcabd57a177636533971d05d046b8c404f
SHA256: 91E7D0CA6920BC06D1D547AEDEC6B41D94B3BB9E7EA58724985BB44E5E11C498
File Size: 2.08 MB, 2078208 bytes
MD5: a4582f0430d4249b5ee362f4d82135a3
SHA1: e752e298c438a851a7d3220b39b9f880fe0c5698
SHA256: 4F651C88D6113FAC9B239B88DDA2122F32600E54BCA7C7980552237052F0A20C
File Size: 2.09 MB, 2092032 bytes
MD5: a65e4f1acaa77e294b924b7899ee05f3
SHA1: d3f50ba0abcba36b4f276534d6786849d5da1742
SHA256: 9D277BAE59851084E449E29EEDE29F4386DB9DF85F9F37C8F82B253FE2FD641A
File Size: 2.20 MB, 2195968 bytes
MD5: 812d84b1d63b501285e2c6c4d502fed4
SHA1: ff6e6370735e53a3832613e6e4f24b688e90108d
SHA256: 99D6047FD9308E6C59D3A6822FEDD82C7B7C7024D9EADB0B0913C91ED9D333D1
File Size: 1.38 MB, 1383020 bytes
MD5: 55d016107bdfc6cbcee98be062ff90f5
SHA1: 8337988207da69cc47657f853113e72bc83c9c67
SHA256: 8E4680EAEB577ABF4D0830F8D5110DB21589256B2B69F66D3CDE6B71663C519C
File Size: 2.09 MB, 2092032 bytes
MD5: d826158c59a5d9323f03dad29984ffa9
SHA1: f42e9943bad0c3f62062c6c8ca27b823812ec8af
SHA256: 2B886A44A6B58D0836DA5EBD5F8B9D2E6502644918DC86AC97EAD2E2D4A34587
File Size: 1.12 MB, 1122304 bytes
MD5: 0ffb0495b3c9f47233d8f5cd51f90634
SHA1: 819faaa2110a14bfb05d38aae310bb97580ae6cf
SHA256: 492CFF875B8CD897A7C37B0EBBA2E9AF5D9D174EA4923B8A3109D92DCE572050
File Size: 1.12 MB, 1122304 bytes
MD5: 2d4dfc4133eee767f73fcf937ef96639
SHA1: 16a77de58caa3081183e3f91dcb208839c9dcd85
SHA256: 659E84405D4159EA3ADD81C598247D69C990E81679F6D2F790669614376CCB84
File Size: 1.79 MB, 1786076 bytes
MD5: 787dfef5a76d6b98247ca4e2c3d20416
SHA1: cb43d7b7847144558f6d56e0190cafe657444570
SHA256: 31282A2DE3F951F4AC6E49480AF86383904B0E11FEF316E81852B2ADC364199D
File Size: 1.52 MB, 1517184 bytes
MD5: ec303ebfe6cd3bd02990cddf0b6abec3
SHA1: c22a7fd7cd11c337495f310f753401143ee2b83f
SHA256: 2EE39A705A3462BB34FB96B223B66A8377FEA5FF498D9F720E1511C4D5E0E8EE
File Size: 1.20 MB, 1196098 bytes
MD5: 1f0a4b9b146b41aabb7a7029f1b6c6d3
SHA1: 1eb9dbb42450423caf1f824dcda68175f514386e
SHA256: 38C1042956CB1C347475C0BBDBFAD4B9910EB4E84D9FDDA9ADC2C992A2BDC819
File Size: 1.07 MB, 1068218 bytes
MD5: 87de75bc9681ad75e43cf9099f4b4cf7
SHA1: 5acfa0a6a4c49f1f2b68c868336d88ffe31c8388
SHA256: B52840D5E73C33287D7ACAC8805FF8D26D9468A69F390C7ABF9ABC73DCFB48A0
File Size: 1.20 MB, 1196206 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 11.1.0.52543
  • 5.0.0.111
  • 4.0.1.0
  • 1.92.5.9159
  • 1.92.4.8949
  • 1.92.3.8643
  • 1.92.2.8615
  • 1.91.3.8006
Comments
  • aTube Installer
  • Foxit PDF Reader Setup
  • Motus Software
  • Product
  • Wirtualna Polska Media SA
Company Name
  • Foxit Software Inc.
  • Microsoft
  • Synaptics
File Description
  • aTube Installer
  • Foxit PDF Reader Setup
  • Pivot Animator
  • Product Installer
  • Synaptics Pointing Device Driver
  • Wirtualna Polska Media SA
File Version
  • 11.1.0.52543
  • 5.0.0.111
  • 4.0.1.0
  • 1.92.5.9159
  • 1.92.4.8949
  • 1.92.3.8643
  • 1.92.2.8615
  • 1.91.3.8006
  • 1.00
  • 1.0.0.4
Internal Name
  • aTube.exe
  • Baixaki.exe
  • dobreprogramy.pl.exe
  • DotSetup.dll
  • Foxit.exe
  • Pivot.exe
  • pivotstick.exe
  • TJprojMain
  • Win
Legal Copyright
  • Copyright
  • Copyright aTube 2022
  • Copyright dotSetup.io Open Source Project
  • Copyright Pіvotstick
  • Copyright Pіvotstіck
  • Copyright © 2004-2021 Foxit Software Inc. All Rights Reserved
  • No Zebra
  • Wirtualna Polska Media SA
Original Filename
  • aTube.exe
  • Baixaki.exe
  • dobreprogramy.pl.exe
  • DotSetup.dll
  • Foxit.exe
  • Pivot.exe
  • pivotstick.exe
  • TJprojMain.exe
  • Win.exe
Product Name
  • aTube Installer
  • DotSetup
  • Foxit PDF Reader Setup
  • Product Software
  • Project1
  • Pіvotstick
  • Pіvotstіck
  • Synaptics Pointing Device Driver
  • Win
  • Wirtualna Polska Media SA
Product Version
  • 11.1.0.52543
  • 5.0.0.111
  • 4.0.1.0
  • 1.92.5.9159
  • 1.92.4.8949
  • 1.92.3.8643
  • 1.92.2.8615
  • 1.91.3.8006
  • 1.00
  • 1.0.0.0

Digital Signatures

Signer Root Status
FOXIT SOFTWARE INC. DigiCert EV Code Signing CA (SHA2) Hash Mismatch
DS NET CORP SA DE CV DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Motusoft GmbH GlobalSign Code Signing Root R45 Root Not Trusted
Wirtualna Polska Media S A SSL.com Code Signing Enterprise Intermediate CA RSA R1 Root Not Trusted
Wirtualna Polska Media SA SSL.com Root Certification Authority RSA Hash Mismatch
Show More
DS NET CORP SA DE CV Sectigo Public Code Signing Root R46 Hash Mismatch
Motusoft GmbH Sectigo Public Code Signing Root R46 Root Not Trusted
No Zebra Network Ltda Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • .NET
  • dll
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • ntdll
  • RijndaelManaged
  • x86

Block Information

Similar Families

  • DotSetupIo.A
  • FakeAlert.X
  • Injector.FHBB
  • Kasperagent.A
  • Trojan.Downloader.Gen.HP

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcx427f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\rcx5128.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\2envewr.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l1\10\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\downloads\._cache_8337988207da69cc47657f853113e72bc83c9c67_0002092032 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_8337988207da69cc47657f853113e72bc83c9c67_0002092032 Synchronize,Write Attributes
c:\users\user\downloads\._cache_e752e298c438a851a7d3220b39b9f880fe0c5698_0002092032 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_e752e298c438a851a7d3220b39b9f880fe0c5698_0002092032 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\3dc5960072b74fa867276635d170a6a3fcac3f64_0000709032.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\3dc5960072b74fa867276635d170a6a3fcac3f64_0000709032.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\c4efb650602683f7b75704c307e88807393253bb_0001382707.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\dbbd5460cb6e910d460b97ab02bf8a8acbc59c7b_0000660328.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\66e340431483feddc5a0df8a91bc98f6a2a187a5_0000683440.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\6b1c35d79680857a823c4339ba6f430ef202dffe_0000683440.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\4dc55fef802737cf05610900e3692d38b16d14ac_0000683440.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\74e7ec55d265270064f840c669b4028cad043efe_0000683440.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\cbf3167e1bb74813ce8a67fd07fdacf497af05fc_0001380207.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\3229a3d945b2d510dcd8d50a2211cb52c5ff2930_0001307418.exe::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\c9c3ea6e456d65dc779f031e41de424229f4107e_0001401096::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\7fc782a3e130ba243fc5a12007d45251e37d8828_0000678152::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\f936bb266660d3c64de4ae3e5c9aed9dac64b925_0000709032::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\aec541ac7ea42acee1a2c360693f5c96f9222043_0000683440::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\6c1eabdc9295e68048b749d5545261c48a911ad5_0000705448::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\88c970f8a0bb580079918e7de6b1f4842fa1eaf3_0000683440::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\cebc08feec7c919c8374da80b67724806a007ebc_0000679856::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\afcea5c0c3da9307a811fcd04aba4934b39c7a50_0000683440::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\ae83750ede73f17ae86d51937634d82227f5803c_0001658336::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\edd2cadecdd87ba0d38d7d0a6632f52cc6672c52_0000678152::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\ff6e6370735e53a3832613e6e4f24b688e90108d_0001383020::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鲚ȁ龡^O獖} 偫~ 엦1dᵂċᵆċeꙥžఆ엦1!¶iꙥžr֢vꙥž RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\f42e9943bad0c3f62062c6c8ca27b823812ec8af_0001122304::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\819faaa2110a14bfb05d38aae310bb97580ae6cf_0001122304::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\1eb9dbb42450423caf1f824dcda68175f514386e_0001068218::eventmessagefile C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
Show More
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResetWriteWatch
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection

14 additional items are not displayed above.

User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock2
  • WSAConnect
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • getsockname
  • setsockopt
  • socket
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Service Control
  • OpenSCManager
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ceaa33c1a22466da46e92b08e26438d533ad95b6_0000261120.,LiQMAxHB
runas c:\users\user\downloads\._cache_e752e298c438a851a7d3220b39b9f880fe0c5698_0002092032
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate
runas c:\users\user\downloads\._cache_8337988207da69cc47657f853113e72bc83c9c67_0002092032

Trending

Most Viewed

Loading...