Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Keygen.FAC

PUP.Keygen.FAC

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Keygen.FAC
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 7938bb5e7544d818766f2f0aa4969907
SHA1: 501a1be8d46745bbf9452e284f43520418506ce6
File Size: 588.24 KB, 588241 bytes
MD5: 8819973709116c5410b9315504dba2fb
SHA1: b067e91576d3d6c67cd66d541ed209d1a02d9901
SHA256: FF26339AE5328844F3C56B4EA55EB2430FE385845BBF3523237D909A97A5C75C
File Size: 848.09 KB, 848085 bytes
MD5: ccbddbf1f9c7d6e1dcd95aa8ec81bcc1
SHA1: be1b02272953b1c2c29f4f47947623ac91d90eae
SHA256: C2DD62C59324E4C3D9DBD6A170A5C4365DE468E11354450B5C429DDBCACADD40
File Size: 866.63 KB, 866627 bytes
MD5: 507eeabad74921a707044df7b6a604d5
SHA1: 111ab504d77fe862056a6359a775e775a0092f92
SHA256: 996CF239D7989BB1604E636040727D6B41FFAFBFC26450F1D69E7555A38DD358
File Size: 1.14 MB, 1144136 bytes
MD5: 68fbfe1d4eac5caf436b522e4bdc8704
SHA1: 00a774517eeffd576790844972b48bef306cc621
SHA256: F492D3FAE75F95499C00C158D75AAD400A8DD9DB6313BC6EEA9BC6B48C2C90A2
File Size: 578.61 KB, 578610 bytes
Show More
MD5: fd4bef5bb6fbc45a64758f535ce23227
SHA1: 72dafc290761749de5b11b20f07a36e8e002d32e
SHA256: 3708EB087EEBC75906C6D3E710E3E7AE745EB1731244EA90A1A4CD95EC3213C5
File Size: 666.09 KB, 666085 bytes
MD5: f065ed4579d1ca2341e6a663a7c03acd
SHA1: fc5d506e1b7dbf8bfb6db40e68e4d1b8f71b164a
SHA256: 3734AF8FA40F694E5B3B219F60729680BB320CB0AC2F4F447C327D1043BDDC1E
File Size: 538.75 KB, 538745 bytes
MD5: d46adbc06c323d9de3d4cd5e009492d6
SHA1: fa2231ebf0bd826a53317ef7a85d0e0e5e8eb3dc
SHA256: E3438E2BC25CA6EFF0411DFC5FC5AB7F582C408801162E1CF478037BE33F6D9B
File Size: 540.63 KB, 540628 bytes
MD5: 56af4c68967c843c7ee071d062527a7f
SHA1: b4a3f4e0bf2da820345480ceaf1aca3fee2c8b3b
SHA256: C50F5D4A32B346D2378DC9EE8F10CE9A1328EC05E43A8D2CFF85CF3EC766DEDE
File Size: 6.64 MB, 6637530 bytes
MD5: c5c6cb89e5dbf3c65f6f2f4afdc755c3
SHA1: 56eb42c0db0ff86502c94616f8a1445a8171dfa3
SHA256: B91ABE195C0460A2ED98D4F2528D68A1904C331AE436E5199DCAB00CFA0D2D8D
File Size: 522.82 KB, 522816 bytes
MD5: 487e2d84d60cdf51f7508cc8e5fbed4f
SHA1: 3693b80c420e1f172757d691badb25fb60e0a01a
SHA256: 274A3BD0CC7FF456C2407C85A71543AEC9896C17E50513CA57F1812C92A2AD24
File Size: 530.18 KB, 530182 bytes
MD5: 3aa80fc35f49c1e92f92436b227d71d2
SHA1: 69e619c5002d5de05b0cc6deee9103d79cb3a34b
SHA256: 421F1BA0282B1822A9C98F0F8CF9BCD499A3CB7DAC7A8A2F051EE8B168BCA743
File Size: 1.15 MB, 1150327 bytes
MD5: 549a0956e80e581bfbc1dd4e24358de0
SHA1: eac27597d5baea67704b00a921ed1fb7d5ae958d
SHA256: 8B9F444AC4357126FCBF1A1EC73F656E1057CE0BB29B1D4CC2F565EFA4FA9EDA
File Size: 4.39 MB, 4390696 bytes
MD5: 2e040192efa5d2de7009030a5da729b2
SHA1: 717db05fac12e1ece5f1d5a8eff8ffb0eecc0b2a
SHA256: 947DDE657D513CEE6216B7AA0FB939DCAD5DBBE71CBE33E4BB3C0C270312A050
File Size: 566.38 KB, 566379 bytes
MD5: 5a35dc3b181c4e3deb0995ca23da312e
SHA1: 00225889d68780fe8b3761e1b80dbcd5d21b77bc
SHA256: 81F139370A2759C71599EC740D4BFEC54DA09A01ABB0E5F80F58E0C56C23537D
File Size: 611.71 KB, 611707 bytes
MD5: dc4fbcdbfb9530bb226cf5625f96a44d
SHA1: 4beda80d8a13a03d58e2c7b3dca7f07e4d5b4587
SHA256: FDE3CA68FAC4ADACC3C82B5BCEFB14E6DB993F4740FB361B22D5CF1F3CF9EC3B
File Size: 1.10 MB, 1097956 bytes
MD5: 37d686f2398881b3f6278ff96d0d26cd
SHA1: acc061434bdffbfaa432a0d201dcccb9cf9cf4fd
SHA256: A621A431FCE7B8511E3032C15A5D728FF5EE5890658E732A944D7F26EBCED7A3
File Size: 1.20 MB, 1196930 bytes
MD5: 9cd5ac78667f3f8068e880a4561a6749
SHA1: fc30de1c16ca1690b370c4e301f2a919458288b0
SHA256: 486AB9A76F78EEBE781A9EFA211B42463A4F424373D0C86FAA647920E330C47F
File Size: 589.83 KB, 589827 bytes
MD5: d2b357fb9f6fe3548181963aeb6fe0fb
SHA1: 1dc008896a2b4e89caf81a93715007dc91756b5d
SHA256: 65EFD356D32094D970801BAAE46C5D775766137D95521AC36BD033C07CC2D0F7
File Size: 730.60 KB, 730598 bytes
MD5: ac24b216a3e842593761f9024322b1c1
SHA1: 32df786ce1e76a3a069757d8644046e1b095a1a0
SHA256: 5A72CB4C0146F31CE1AA7FB50D2010BAD536796907CA93BAAC5E40D3DC5AA32C
File Size: 833.39 KB, 833390 bytes
MD5: b67591fdea517786691c0cb060bf9a98
SHA1: 0b475bf4405ad7e932a68c384b48dec0110d86f5
SHA256: 2D83A98E2CE8A1339B36826ED032875C31C39FE443204ACC415BFA6E136D5584
File Size: 1.83 MB, 1827039 bytes
MD5: f1eb3933c436dfd20259b00a7e6f44e2
SHA1: 76097a2a8bbad657428b7a1eda5153284e6b7003
SHA256: 3A5C446DC4B155DC147F13499977855962A1B619E7FF08BE86D8732BE840CA29
File Size: 1.12 MB, 1118031 bytes
MD5: 935a4cd7dc73bfb71b6f31523309f5b0
SHA1: b9a2b25650a5c5747854016c0d347eb8570b8850
SHA256: D8F18E97E9BBA08DE0A738BA82A4D8F7BB3596CEF68F71DA6225F96A02285E41
File Size: 643.65 KB, 643655 bytes
MD5: 4712a74420a319fac6c4d8c76c3d6136
SHA1: b4f04b861f7a57aa70b3c997327dd4a8a2d6b9cb
SHA256: 43AA694A01A2ED83378185340066C24959F8E7126402D5841DCBB67FC4951C90
File Size: 593.75 KB, 593754 bytes
MD5: bc64d4437e19548ba9bf057d9b90197b
SHA1: 0bb3ad102d09797e464479e7a09a0a4f9d309480
SHA256: CB92B066941E137C877593C93B657FFAC4DF1A7C1D5BFD45F04C6C77AC9822B8
File Size: 641.51 KB, 641506 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • Autostart Kreator
  • Created with Multimedia Builder, version 4.9.8.13
  • Created with Multimedia Builder version 4.9.7.8
  • PooShock
Company Name
  • ABRYS MAciej C. Rezner
  • Antonia Ortega
  • CYCAD Lab.
  • G-MundoSoft by G.M.R
  • INNOVIS - Piotr Gutkowski
  • LastOS
  • NZBoogle.nl
  • PerkinElmer, Inc.
  • PerkinElmer Inc.
  • PooShock
Show More
  • ptah media
  • Saya®
  • Sistema 10
  • Thermco, Products Inc.
  • Tracermm Soft Solutions
  • www.guitar-online.com
  • www.Win2Farsi.com
File Description
  • AutoRun Program For Thermco
  • CYCAD FANTASMO
  • Educativo
  • Ejercicios de Audición y Memoria
  • Informacje o programie
  • LinkMakerProgramma
  • Menu to Access LastXP Appz DVD
  • Nero 11.2.00700 Platinum HD
  • Software catolico
  • www.tsoft.aplus.pl
Show More
  • www.Win2Farsi.com
File Version
  • 84.1.7.1
  • 25.00.000.0
  • 16.1.7.0
  • 4.2.5.0
  • 2.5.0.0
  • 1.1.9.1
  • 1.1.0.0
  • 1.0.0.65
  • 1.0.0.0
Internal Name
  • AutoRun
  • Autostart Kreator
  • CYCAD FANTASMO
  • Desinstalador Automatico V2005
  • Dictado & Memoria Musical [DEMO]
  • ExpeBen Software pc V1.1
  • Fusion
  • ICP WinLab
  • Informacje o programie
  • LastXP Appz Autorun Menu
Show More
  • Los Animales
  • Moorche Team
  • Nero 11.2.00700 Platinum HD
  • NZBoogleLinkMaker.exe
  • Photoshop - Techniki pracy IV
  • Runner
  • WinLab32 for AA
Legal Copyright
  • 2011
  • CDAG
  • CYCAD Lab.
  • ExpeBen v1.1 2015 by G-MundoSoft
  • LastOS
  • Modified:1995-2016 Moorche www.win2
  • Piotr Gutkowski © 2007
  • PooShock
  • www.saya.ir
  • www.tsoft.aplus.pl
Show More
  • © Amar Guerfi 2005/2006
  • © by Dick NZBoogle 2013
Legal Trademarks
  • Antonia Ortega
  • CYCAD FANTASMO
  • Gratis Programma
  • Moorche Team
  • Piotr Gutkowski
  • PooShock
  • SAYA®
  • www.tsoft.aplus.pl
Original Filename
  • AA_START.exe
  • AK.exe
  • autorun.exe
  • AUTORUN.exe
  • AutoStart.exe
  • cy_path.exe
  • Desinstalador Automatico V2005.exe
  • DICT_MUS.EXE
  • ebook.exe
  • Edari.exe
Show More
  • ExpeBen v1.1.exe
  • ICP_START.exe
  • info.exe
  • Los Animales.exe
  • Menu.exe
  • NZBoogleLinkMaker.exe
  • runner.exe
  • SABAT.exe
  • Setup.exe
  • start.exe
  • starter.exe
Private Build
  • 1.0.0.0
  • 1.0.0.65
  • 1.1.0.0
  • 1.1.9.1
  • 2.5.0.0
  • 4.2.5.0
  • 16.1.7.0
  • 25.00.000.0
  • 84.1.7.1
Product Name
  • AutoRun
  • Autostart Kreator
  • CYCAD FANTASMO
  • Desinstalador Automatico V2005
  • Dictado & Memoria Musical [DEMO]
  • ExpeBen Software pc V1.1
  • Fusion
  • ICP WinLab
  • Informacje o programie
  • LastXP Appz Autorun Menu
Show More
  • Los Animales
  • Moorche Team
  • Nero 11.2.00700 Platinum HD
  • NZBoogleLinkMaker.exe
  • Photoshop - Techniki pracy IV
  • Runner
  • WinLab32 for AA
Product Version
  • 84.1.7.1
  • 25.00.000.0
  • 16.1.7.0
  • 4.2.5.0
  • 2.5.0.0
  • 1.1.9.1
  • 1.1.0.0
  • 1.0.0.65
  • 1.0.0.0
Special Build
  • 1.0.0.0
  • 1.0.0.65
  • 1.1.0.0
  • 1.1.9.1
  • 2.5.0.0
  • 4.2.5.0
  • 16.1.7.0
  • 25.00.000.0
  • 84.1.7.1

File Traits

  • big overlay
  • HighEntropy
  • Installer Version
  • packed
  • x86

Block Information

Total Blocks: 2,833
Potentially Malicious Blocks: 754
Whitelisted Blocks: 2,079
Unknown Blocks: 0

Visual Map

x x x x 0 x x x x 0 x x x 0 0 0 0 0 0 x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x 0 x x x x x x x x x x 0 0 x x x x x 0 0 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x x x x x x x x 0 x 0 x x x 0 x 0 x x x x 0 0 x x x x x x x x x x 0 0 x 0 0 x x x 0 x x x 0 x x x 0 x x x x x x x x 0 0 x 0 0 0 x x x 0 x x x x x 0 x x x x 0 x x x x x x x x x x x x x x x x x x x x x 0 x x 0 0 x x 0 0 x 0 x 0 x x 0 x 0 x 0 0 x 0 x x x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x 0 0 0 x x x x x 0 x 0 0 x x x 0 x x x x x x x x x x x x x x 0 x x x x x x x x x x 0 x x x x x x x x 0 0 x x 0 x x x 0 x x x x 0 0 0 0 0 x 0 x 0 x x x x x 0 x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x 0 x x 0 0 0 x x x x x x x x x x x x x x x x x x x x x 0 0 x 0 0 x x x x x x x x x x x x x x 0 x x 0 0 x 0 0 x x x x 0 0 x x x 0 x 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 x x x x x x x x x x x 0 0 x x x x x x x x x x x x x x x 0 0 0 x x x x x x 0 0 x x x x x 0 x x x x x x x 0 x x x x x x x x x x 0 x x x x x x x x x 0 x x x x 0 x x x x x x x x x x x x 0 0 0 0 0 x x 0 0 x x x 0 0 x 0 0 0 0 x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x 0 0 x x x x x x x 0 x x x x x x 0 x x x x 0 0 x 0 0 x 0 x 0 x 0 x x 0 x x 0 0 x 0 x 0 x 0 x 0 x x x x x x x 0 x x x 0 0 0 0 0 0 0 0 x x 0 x 0 x 0 0 0 x x x 0 0 x x x 0 x x x x x x x x 0 x x x x 0 x 0 0 0 x 0 x x 0 0 x x x x x x x x x 0 x x x x x 0 0 x 0 0 x x 0 x x 0 0 x x x 0 x 0 0 x x x 0 x x x 0 0 0 0 x x x x x 0 x x x x x x x x x 0 x x 0 x 0 0 x x x x 0 0 x x x x 0 x x x 0 0 x x 0 x x x 0 0 x x x x x 0 x x x x x 0 0 x 0 0 x 0 0 0 0 0 x x 0 x x 0 x x 0 x 0 0 0 0 x x 0 0 0 0 x 0 x x x 0 x x x x x x x x 0 0 0 0 x 0 0 x x x x 0 x x x x x x x x 0 x x 0 0 x x 0 0 x x x x x x x x 0 x x x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 0 0 x x x 0 0 0 x x x x 0 0 0 0 0 x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x x 0 0 0 0 x x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x 0 x 0 0 0 0 x x x x x 0 x x x x 0 0 0 0 0 x 0 1 0 0 0 0 0 0 x x x x x x x x 0 x x x x x x x x 0 x 0 x x x x x x 0 x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Keygen.FAC
  • Keygen.FH

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 501a1be8d46745bbf9452e284f43520418506ce6_0000588241.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id ∌䜻 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name b067e91576d3d6c67cd66d541ed209d1a02d9901_0000848085 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name be1b02272953b1c2c29f4f47947623ac91d90eae_0000866627 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 111ab504d77fe862056a6359a775e775a0092f92_0001144136 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id ⓤ䜻 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 00a774517eeffd576790844972b48bef306cc621_0000578610 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::id 剄䍯 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 72dafc290761749de5b11b20f07a36e8e002d32e_0000666085 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name fc5d506e1b7dbf8bfb6db40e68e4d1b8f71b164a_0000538745 RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name fa2231ebf0bd826a53317ef7a85d0e0e5e8eb3dc_0000540628 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 56eb42c0db0ff86502c94616f8a1445a8171dfa3_0000522816 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 3693b80c420e1f172757d691badb25fb60e0a01a_0000530182 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 717db05fac12e1ece5f1d5a8eff8ffb0eecc0b2a_0000566379 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 00225889d68780fe8b3761e1b80dbcd5d21b77bc_0000611707 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 4beda80d8a13a03d58e2c7b3dca7f07e4d5b4587_0001097956 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name acc061434bdffbfaa432a0d201dcccb9cf9cf4fd_0001196930 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name fc30de1c16ca1690b370c4e301f2a919458288b0_0000589827 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 1dc008896a2b4e89caf81a93715007dc91756b5d_0000730598 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 32df786ce1e76a3a069757d8644046e1b095a1a0_0000833390 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 76097a2a8bbad657428b7a1eda5153284e6b7003_0001118031 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name b9a2b25650a5c5747854016c0d347eb8570b8850_0000643655 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name b4f04b861f7a57aa70b3c997327dd4a8a2d6b9cb_0000593754 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\directdraw\mostrecentapplication::name 0bb3ad102d09797e464479e7a09a0a4f9d309480_0000641506 RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • OutputDebugString
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...