Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.HidCon.A

PUP.HidCon.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.HidCon.A
Signature status: No Signature

Known Samples

MD5: 7a901d1e6ab9a205ea96589ca356353a
SHA1: 6bf37d33c0685cb9b905235f53c0da93e06c6332
SHA256: 63487B67B08BA2A686B9A325EC8250A62555C48D020D9E2A2DA2470357D90901
File Size: 465.46 KB, 465463 bytes
MD5: f5cec3430767e5e6b6b5afd68b249b0b
SHA1: 2ec0246252be92f1cae2c5c2dc0aefb9861ea87d
SHA256: 2587C45A5A622A750C81BB728945BC4A9CAA8C23519E29C1E703F792D1AEE6E9
File Size: 465.64 KB, 465639 bytes
MD5: 259eba58f34cb26effd4d0a6a4bfafc3
SHA1: dee209168db1c0bace6b554b2ff6a017a65b3e10
SHA256: 930036D57545A20AA4A63A940AE9A50BC79D6CBC3B1ADDFBD0C26FD0697F51BD
File Size: 5.04 MB, 5039183 bytes
MD5: 280550b23cb4a36c338d5b297fb3b5de
SHA1: fb07e0aaa4ffa8d2cd98868eb402d2b28bfb0427
SHA256: 3C30612545923B23C7CF03AB8A4E4D1BBE52713299BC5A00C4A69FB8D887D54A
File Size: 488.55 KB, 488551 bytes
MD5: b2feaeeae868ed94aa8aa78ee91c0ce7
SHA1: da4e1355d004db3529d931d3a20d37c930afc841
SHA256: 214EB5BE30C38F448C9AD2D85EB1523CC23ACE5EEB075A1D7F2FF37B70C0AE7B
File Size: 1.40 MB, 1396075 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name iSoft
Compiled By Compiled by SFXMaker
File Description Compiled by SFXMaker
File Version 3.4.5.6
Legal Copyright Copyright (c) 2006-2009 Iuli
Product Name SFXMaker
Product Version 3.4.5.6

File Traits

  • No Version Info
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.dat Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.tmp Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\evoactivacion office2010.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zipsfx.000\evoactivacion office2010.exe Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\a1d26e2\bccc11e01e04.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_12858296 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2145765 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926812 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_4670875 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_6682531 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\_setup.msi Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\_setup.msi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\act.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\act.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\activar.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\activar.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autorun.apm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autorun.apm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\autorun.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\autorun.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\chk.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\chk.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\choice.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\choice.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\cscript.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\cscript.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\delrunonce.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\delrunonce.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\help.txt Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\help.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\hidcon.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\hidcon.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\hidcon.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\hs_message.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\hs_message.vbs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\instsrv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\instsrv.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\keymng.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\keymng.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\kmservice.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\kmservice.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\kmsins.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\kmsins.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ospp.vbs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\ospp.vbs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\osppc.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\osppc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\ospprearm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\ospprearm.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\portqry.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\portqry.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\rearm.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\rearm.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\reg.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\reg.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\rest.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\rest.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\run.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\run.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\runme.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\runme.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\second.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\second.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\service.inf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\service.inf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\setup.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\setup.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\slerror.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\slerror.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\srvany.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\srvany.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\start.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\start.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\uiso9.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\uiso9.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\xxmklink.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\xxmklink.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx1\__tmp_rar_sfx_access_check_2147328 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx1\uiso9_pe.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx1\uiso9_pe.exe Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\classes\.esd::browserflags RegNtPreCreateKey
HKLM\software\classes\.esd::editflags RegNtPreCreateKey
Show More
HKLM\software\classes\.esd:: Файл сжатого машинного образа Windows RegNtPreCreateKey
HKLM\software\classes\.esd\defaulticon:: C:\Windows\appcompat\esd.ico,0 RegNtPreCreateKey
HKLM\software\classes\.tib::browserflags RegNtPreCreateKey
HKLM\software\classes\.tib::editflags RegNtPreCreateKey
HKLM\software\classes\.tib:: Файл резервной копии Acronis True Image RegNtPreCreateKey
HKLM\software\classes\.tib\defaulticon:: C:\Windows\appcompat\tib.ico,0 RegNtPreCreateKey
HKLM\software\classes\.tibx::browserflags RegNtPreCreateKey
HKLM\software\classes\.tibx::editflags RegNtPreCreateKey
HKLM\software\classes\.tibx:: Файл резервной копии Acronis True Image RegNtPreCreateKey
HKLM\software\classes\.tibx\defaulticon:: C:\Windows\appcompat\tibx.ico,0 RegNtPreCreateKey
HKLM\software\classes\.wim::browserflags RegNtPreCreateKey
HKLM\software\classes\.wim::editflags RegNtPreCreateKey
HKLM\software\classes\.wim:: Файл машинного образа Windows RegNtPreCreateKey
HKLM\software\classes\.wim\defaulticon:: C:\Windows\appcompat\wim.ico,0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion::registeredowner Hawksoft RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main::window title System RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\explorer\driveicons\c\defaultlabel:: System RegNtPreCreateKey
HKCU\control panel\international::slongdate d MMMM yyyy 'г.' RegNtPreCreateKey
HKCU\control panel\international::sshortdate ddd dd.MM.yyyy RegNtPreCreateKey
HKCU\control panel\international::stimeformat H:mm:ss RegNtPreCreateKey
HKCU\control panel\international::sshorttime H:mm RegNtPreCreateKey
HKCU\control panel\international::syearmonth MMMM yyyy RegNtPreCreateKey
HKLM\software\policies\microsoft\windows\system::disableacrylicbackgroundonlogon  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᴨ渎泚ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion::registeredowner KDFX RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main::window title 24H2 IoT by KDFX RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\explorer\driveicons\c\defaultlabel:: 24H2 IoT by KDFX RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::mrulist alekjihgbcdf RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::b regedit\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::c msconfig\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::d gpedit.msc\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::e calc\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::f ping\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::g cmd\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::h devmgmt.msc\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::i secpol.msc\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::j firewall.cpl\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::k explorer\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::l winver\1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\runmru::a mspaint\1 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 녳眐蘏ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 튓뉣訥ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 黍㱄ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Process Manipulation Evasion
  • NtUnmapViewOfSection
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserCallNoParam
  • win32u.dll!NtUserConsoleControl
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetThreadState
  • win32u.dll!NtUserReleaseDC
  • win32u.dll!NtUserSelectPalette
  • win32u.dll!NtUserSetCursorIconData
  • win32u.dll!NtUserSetProcessDpiAwarenessContext

Shell Command Execution

(NULL) C:\Users\Diamyius\AppData\Local\Temp\RarSFX0\hidcon.exe run.cmd
run.cmd
WriteConsole:
WriteConsole: C:\Users\Diamyiu
WriteConsole: REGEDIT
Show More
WriteConsole: /S delrunonce.r
WriteConsole:
C:\WINDOWS\system32\regedit.exe REGEDIT /S delrunonce.reg
WriteConsole:
WriteConsole: C:\Users\Diamyiu
WriteConsole: REGEDIT
WriteConsole: /S second.reg
WriteConsole:
C:\WINDOWS\system32\regedit.exe REGEDIT /S second.reg
WriteConsole:
WriteConsole: C:\Users\Diamyiu
WriteConsole: RMDIR
WriteConsole: /S /Q C:\$WINDO
WriteConsole:
WriteConsole: The system canno
WriteConsole:
WriteConsole: C:\Users\Diamyiu
WriteConsole: RMDIR
WriteConsole: /S /Q C:\$WINDO
WriteConsole:
WriteConsole: The system canno
WriteConsole:
WriteConsole: C:\Users\Diamyiu
WriteConsole: RMDIR
WriteConsole: /S /Q C:\$Windo
WriteConsole:
WriteConsole: The system canno
WriteConsole:
WriteConsole: C:\Users\Diamyiu
WriteConsole: DEL
WriteConsole: /F /S /Q /A "C:
WriteConsole:
(NULL) C:\Users\Dijfcglg\AppData\Local\Temp\RarSFX0\hidcon.exe run.cmd
WriteConsole: C:\Users\Dijfcgl
(NULL) C:\Users\Bumnwflt\AppData\Local\Temp\RarSFX0\hidcon.exe Setup.cmd
Setup.cmd
WriteConsole: ECHO is off.
WriteConsole: Installing Ultra
C:\Users\Bumnwflt\AppData\Local\Temp\RarSFX0\uiso9.exe uiso9.exe
(NULL) C:\Users\Bumnwflt\AppData\Local\Temp\RarSFX1\uiso9_pe.exe /VERYSILENT /NORESTART
(NULL) C:\Users\Gtivhbcj\AppData\Local\Temp\RarSFX0\hidcon.exe runme.bat
runme.bat
C:\Users\Gtivhbcj\AppData\Local\Temp\RarSFX0\_setup.msi _setup.msi /qb
(NULL) EvoActivacion Office2010.exe
(NULL) C:\Users\Ywawvqvi\AppData\Local\Temp\RarSFX0\Activar.cmd
WriteConsole: EvoActivacion De
WriteConsole: ================
WriteConsole: There are no ins
WriteConsole: This activator a

Trending

Most Viewed

Loading...