Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Gamehack.HRE

PUP.Gamehack.HRE

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Gamehack.HRE
Signature status: No Signature

Known Samples

MD5: 55b03769d1cd10b44f11f533fdf488ba
SHA1: 1c45ff108f1a67f8aebb469b03c2993a79caa556
SHA256: 4E7FF75F97DDAA1085B552EBFB49699975CA6545B48591CB1E8124A42ED8484E
File Size: 4.98 MB, 4979200 bytes
MD5: 28af0571cd3b03709a418c9a12bb02eb
SHA1: 3bab84ec2e8a59b35a12220ebfc23a4422b881f5
SHA256: 7477C2706A0598D0D7D1A84BBA2C401B381853906795AA5A9B04BE38BE41436A
File Size: 4.85 MB, 4853760 bytes
MD5: 78b63f3744e569ae579ece67a613787e
SHA1: 8fe876f827ce4a712b901c83d0f467c7a5b1ea38
SHA256: 75D29674A4E028419D4087F8931806106824F2F165CCB2A173535B6F9BB30C00
File Size: 4.88 MB, 4884480 bytes
MD5: d1184fc1a499a6c86b261c873562656a
SHA1: 5a78b93920e2cc856d780f5b2b8f933acd4faa50
SHA256: 2BB562FA4B744E990C3E76544984D0E3319B7294D4012CA8AB33485C09FA367D
File Size: 1.42 MB, 1415168 bytes
MD5: b6c864cf925b064951f6c94e4f98feb5
SHA1: e1ee907cde45bfb366d85b6f1de97c74a3f3a620
SHA256: 0C7E35C8A8D26BCC44637F4F04B7481F92A209047AFF89EA608A09034282743D
File Size: 5.04 MB, 5039104 bytes
Show More
MD5: 1927e469b77a31c45bc5ea610d088cff
SHA1: fd46d3880907c20b13f9238dab9fc5f07828fab8
SHA256: 0B33AC109F7ED80AF76F37F3F7AF065E0D1EEB913D64170BAA2F83EAFF443E4F
File Size: 4.86 MB, 4857344 bytes
MD5: b7542826c27698da86c660c90e6512e6
SHA1: b5e60ed04f48376e1bf1609f8b99ff5ac847c73a
SHA256: 6A22F67B0A9C2FA814F3D9F183BF85B87188D7C516BB349B919A16976E6B28E0
File Size: 1.93 MB, 1928704 bytes
MD5: 8a5c2390e3a110ec0ae05b7d52be981e
SHA1: cf2153ea6a278fa795478d4625ba5cec00a58918
SHA256: B8A8F6124AACE184703F4428F78B0636CD27A3001FC1ABF20678EF421E380868
File Size: 4.86 MB, 4857344 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • CryptUnprotectData
  • dll
  • imgui
  • packed
  • x64

Block Information

Total Blocks: 10,570
Potentially Malicious Blocks: 2,855
Whitelisted Blocks: 7,667
Unknown Blocks: 48

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 x x x x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 x 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 ? 0 0 0 x 0 0 ? 1 1 0 0 0 0 0 x x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 1 0 x x x 0 0 0 0 1 0 x 0 0 x 0 0 0 x 0 0 0 ? 0 0 0 0 0 0 0 0 1 0 x 0 x 0 0 x ? x x 0 x 0 ? 0 0 0 1 0 0 0 0 0 0 x x x x x 0 x x x x x x 0 x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x x x 0 0 x x 0 0 0 x 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 0 0 0 x 0 x 0 0 x x 0 0 x 0 0 0 0 0 0 1 0 0 0 0 0 0 x x 0 x x x x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x x 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x 0 0 0 0 1 0 0 0 0 x x x x 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 1 0 0 x x 0 0 x x x x 1 x 0 x x x x x 0 x 0 x 0 0 0 0 0 0 0 x x x x 0 0 x 0 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x 0 ? 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 1 0 0 x 0 0 0 0 x 0 x x x x 0 x x x 0 x x x x x x x x x x x 0 0 0 x x x x x x 0 0 0 x x x x x x 0 x x x 0 0 1 0 x 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 x 0 x x x 0 x 0 0 0 0 x 0 0 0 0 0 0 x x x 0 0 0 0 x 0 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x 0 0 x 0 0 x x x 0 x 0 0 0 x 0 x 0 x x x 0 x x x x 0 x x x x x x x x x x x x x x x x x x x x 0 x x x 0 0 0 x x 0 x x x x x x x x x x 0 0 0 x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x 0 0 x x x 0 x x x x x x x 0 x x x x 0 x 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 x x 0 0 x 0 x 1 0 x 0 x x x x x 0 0 x 0 x 0 x 0 0 x 0 0 0 x 0 x x 0 x 0 x x x x x x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 1 0 x x x x 0 0 0 x x 0 x x 0 x 0 x x 0 0 x x 0 x 0 0 0 0 0 x 0 x x x 0 x 0 x 0 x 0 x x x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 0 1 0 0 x 0 x 0 0 x x x ? 0 x x 0 ? 0 0 0 0 ? 0 0 0 x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 x x 0 0 0 x x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 x x x 0 0 0 x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 0 x x 0 0 0 x x x 0 ? 0 0 0 0 ? 0 ? 0 x x x 0 0 0 ? ? 0 ? 0 0 0 0 0 x x x x 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 x x x 0 0 0 0 1 0 0 x 0 x 0 x x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 x x x
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gamehack.HRE

Files Modified

File Attributes
c:\repos\spyhunter5\sandboxtool\builds\releasenologencrypt-x64\injected-x64.pdb Read Attributes,Synchronize,Write Attributes
c:\users\user\appdata\roaming\axis menu\cout.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\axis menu\settings.json Generic Write,Read Attributes
c:\windows\system32\1c45ff108f1a67f8aebb469b03c2993a79caa556_0004979200.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\3bab84ec2e8a59b35a12220ebfc23a4422b881f5_0004853760.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\5a78b93920e2cc856d780f5b2b8f933acd4faa50_0001415168.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\8fe876f827ce4a712b901c83d0f467c7a5b1ea38_0004884480.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\bcrypt.pdb Read Attributes,Synchronize,Write Attributes
Show More
c:\windows\system32\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\cf2153ea6a278fa795478d4625ba5cec00a58918_0004857344.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\d3dcompiler_47.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\bcrypt.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\d3dcompiler_47.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\gdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\gdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\imm32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\injected-x64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\kernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\kernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\msvcp140.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\netapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\netjoin.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\netprovfw.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\netutils.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\ntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\rpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\samcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\schedcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\srvcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\user32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\vcruntime140.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\vcruntime140_1.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\win32u.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\wininet.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\wkscli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\dll\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\e1ee907cde45bfb366d85b6f1de97c74a3f3a620_0005039104.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\1c45ff108f1a67f8aebb469b03c2993a79caa556_0004979200.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\3bab84ec2e8a59b35a12220ebfc23a4422b881f5_0004853760.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\5a78b93920e2cc856d780f5b2b8f933acd4faa50_0001415168.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\8fe876f827ce4a712b901c83d0f467c7a5b1ea38_0004884480.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\cf2153ea6a278fa795478d4625ba5cec00a58918_0004857344.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\e1ee907cde45bfb366d85b6f1de97c74a3f3a620_0005039104.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\fd46d3880907c20b13f9238dab9fc5f07828fab8_0004857344.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\exe\rundll32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\fd46d3880907c20b13f9238dab9fc5f07828fab8_0004857344.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\gdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\gdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\imm32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\injected-x64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\kernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\kernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\msvcp140.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\netapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\netjoin.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\netprovfw.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\netutils.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\ntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\rpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\rundll32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\samcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\schedcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\srvcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\advapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\apphelp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\bcrypt.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\bcryptprimitives.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\combase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\crypt32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\cryptsp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\d3dcompiler_47.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\dbghelp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\gdi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\gdi32full.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\imagehlp.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\imm32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\injected-x64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\kernel32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\kernelbase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\msvcp140.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\msvcp_win.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\msvcrt.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\netapi32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\netjoin.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\netprovfw.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\netutils.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\ntdll.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\ole32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\oleaut32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\rpcrt4.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\samcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\schedcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\sechost.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\shcore.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\shell32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\srvcli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\user32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\vcruntime140.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\vcruntime140_1.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\win32u.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\wininet.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\wkscli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\dll\ws2_32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\1c45ff108f1a67f8aebb469b03c2993a79caa556_0004979200.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\3bab84ec2e8a59b35a12220ebfc23a4422b881f5_0004853760.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\5a78b93920e2cc856d780f5b2b8f933acd4faa50_0001415168.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\8fe876f827ce4a712b901c83d0f467c7a5b1ea38_0004884480.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\cf2153ea6a278fa795478d4625ba5cec00a58918_0004857344.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\e1ee907cde45bfb366d85b6f1de97c74a3f3a620_0005039104.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\fd46d3880907c20b13f9238dab9fc5f07828fab8_0004857344.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\symbols\exe\rundll32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\ucrtbase.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\user32.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\vcruntime140.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\vcruntime140_1.amd64.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\win32u.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\wininet.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\wkscli.pdb Read Attributes,Synchronize,Write Attributes
c:\windows\system32\ws2_32.pdb Read Attributes,Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䃷롯檒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ୖ삜氣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鐓瑢ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⁱ汒糞ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쫒侩鯻ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 遙紿쒦ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 儏た왛ǜ RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueryWnfStateNameInformation
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUpdateWnfStateData
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetIconInfo
  • win32u.dll!NtUserGetIconSize
  • win32u.dll!NtUserGetKeyboardLayout

10 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Trending

Most Viewed

Loading...