PUP.Keygen.N

By CagedTech in Hacktool, Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.Keygen.N
Signature status:	No Signature

Known Samples

MD5: 0feff9b7c962c44d698e33787e16f43d

SHA1: 215408b378cee52e9450f399a57b6e865f343473

File Size: 1.04 MB, 1039200 bytes

MD5: 3aba47c4943d94a0bbe04efb82b90ae3

SHA1: e6f50d314cc3273aac9f3c1954c92f5320a9e941

File Size: 597.50 KB, 597501 bytes

MD5: 561459b5675ba7a4f32ae404c178333a

SHA1: 796ba69dbc629d74dd851dec397052e0b80e3713

SHA256: A6D07FAC99A2D778F9F99D4256C8A0F3DF6425B97ECB9FD78673B5E17A05664A

File Size: 300.51 KB, 300514 bytes

MD5: 950f693bad8f070baca0d798a5760888

SHA1: 5c5d8a6be27a809c165105e381e22ea64087f808

SHA256: F9A08665B91634C935866836A74B664058B5636FE6A911482A1078185A37441C

File Size: 2.65 MB, 2647076 bytes

MD5: 992950b994991f8d4680bcd754610121

SHA1: 5c24bab12610be15b0c543647fc605439aa2e3dd

SHA256: 31DE0429E382A1A1DED43E3E456FD48215452D9B379CAD1EA4B0E7460E131868

File Size: 191.06 KB, 191057 bytes

MD5: 4308df66e7e1a9163f873801799dd63e

SHA1: 6ff49ee212ecc49e800a2db9bfe9095b8e075dde

SHA256: 505B880056839EF160ABC313772DBEC3299D5059D867BC00E803FB8A6BB693C0

File Size: 177.99 KB, 177988 bytes

MD5: 3cf49efc63355654f2f4bdaba3188dbd

SHA1: d7dd00ee0a6596973df288028440702f994a4694

SHA256: D960798A107DA5CED14780B937DF3ACDB93318B75848B7FB1C17F828D76BD3E7

File Size: 553.04 KB, 553036 bytes

MD5: 3672e02a83e100b567bbf0354d958993

SHA1: 45f17a3d83a16f351d8e6f1bfe772653d20397dd

SHA256: 8062CFE6393670B18F785C2BB4A2F12E07161EDB22D2E875804B53F8BA974207

File Size: 641.95 KB, 641950 bytes

MD5: a3d33e33adbfbfaa9a2a834300fb911f

SHA1: be441b84c8ef64809ae410cf5197df21863fc675

SHA256: 22170F9B443FC80D7974995F8216F560561427F71F18EB82F73FC388DA62ECC6

File Size: 427.78 KB, 427777 bytes

MD5: 3f52b63c2909e62481deaccc3241cf8b

SHA1: 8f41a3c6fb79f5bc5818ef5f07d403beca0fd753

SHA256: A9B242032721FB841E821C65F9A2FAF818233BE1A1AFFE594E7E0DEE91E442A1

File Size: 1.10 MB, 1098324 bytes

MD5: 82fc23016dd4a00fc9c3641f6e160852

SHA1: ed30942cafc403a681c52599e1bc388544bc76a6

SHA256: 064655FC69452BBA29B6880843A694F697098C9CBA450FDE7317BE76CA56A0FC

File Size: 157.62 KB, 157617 bytes

MD5: 82ffbf1132588cd6d5b93b010433cadf

SHA1: cc730d40d86ca3587b41bf92b338944a41765ed4

SHA256: 755FF45527899AB688FCA3AEF974106FC874B3B7896488C0A9E28DF9920595C1

File Size: 595.78 KB, 595776 bytes

MD5: 201921c9e424a5301e2e84007f895e62

SHA1: 549d8eaed64a32c0da0499a6f60bb9639054389f

SHA256: 074ACE5BD42811419D9B55585E11376CA4A7EA3E92486D04117C98DEA3CE12D8

File Size: 838.82 KB, 838821 bytes

MD5: e7fc41783a99a0d5b37a490ce8716c5e

SHA1: 8555f3a9d273b7e3226369049109931ac3d72a5b

SHA256: 13F64BBE8C1DAF89284E285DC31C0715FAFABE004F1BC83AA08369174AB5FBC1

File Size: 476.24 KB, 476240 bytes

MD5: 4d2296f352d52c2481f0f7124b520ea9

SHA1: 773a3163977763b81b62ed71f55badd7625e212c

SHA256: 4D310BA24C0389B4C828919521B9671792C548BBF6EEA606099C7CB9EA705772

File Size: 873.19 KB, 873189 bytes

MD5: 20c92630b4afc8fa27e33990213a26a8

SHA1: 8b6a6b2a715fdf3994640f69660ece224bcb5da5

SHA256: 876344CAE20FCD53F77C693A1E344E27D2D6487796DA37232B8D3494D9E00EFD

File Size: 579.95 KB, 579948 bytes

MD5: 070a157c1e86d1df967bd362d86c826b

SHA1: fe43c47ff88412d28cf9f0940dc1afbbdef4a1c1

SHA256: AB7170C0B8A537E90A7C764C3209A8CC8271CA2A1E1016C1BC0E708808E4528A

File Size: 567.76 KB, 567760 bytes

MD5: 9b66dcd85cc0799cefa6a3b72cdd63a9

SHA1: 58389fb6a97a4ac7bf41e381a0c16757998aae28

SHA256: F440D2DCEED5536DB9EEC00F26B6B116BA24ECE57AC4A427FD07CD6BAFE280D1

File Size: 688.88 KB, 688883 bytes

MD5: bf079a2d765108f71030ab578750de80

SHA1: 784b19ca3370c1dbb3276ae421d3d1be8abbddf3

SHA256: ED7D5454B69D07E50036C879CB06B47E41FC54D452B60EC0BFE5A44BA1B7469A

File Size: 553.04 KB, 553036 bytes

MD5: eb5b4b2cd825da89fa05d2d224068832

SHA1: 6f732c19f3a2a0aa7a7d3df539a5aeaa9b9a1c14

SHA256: 5E7BBABD92E1260BA76167FE99961C0C29BC18BB81BEF6647C763D7DBCB6DBBF

File Size: 707.91 KB, 707906 bytes

MD5: 85516d861e0c341ed658208e47bc7b30

SHA1: b7d9ea5430340dd73f962d0dc796ac5d58384476

SHA256: FFE04967644350DF23C909387259F54F8472147E68568AD8765B29C202AF3C30

File Size: 860.73 KB, 860728 bytes

MD5: 62ea9c3cbd61599e3f8233d372132723

SHA1: 4e85c1a64666722556e0fa4f996bad1c8bf4dc4a

SHA256: 0013900752355B1284CA468DC1838C4E911B740EBE340EE16733AEAD725819A2

File Size: 1.31 MB, 1306209 bytes

MD5: e702f67485de5a6e2c02e78bc32fb3a6

SHA1: b243c37f0fa7a55a27cb981bc746a49482e6c076

SHA256: 803C6835F8D5D921C840AFC85BFE22E42DD87931FC3FBDE204E9553F433FC397

File Size: 1.04 MB, 1035418 bytes

MD5: 2a1af1418029d80911e91ae28d10b830

SHA1: 336d002cb04cd20c20d743a5707d7157a26c67e0

SHA256: 9FDB2F96C920AF4DC0C13584E9E50CEEE98A5E9591B917EE3115D0E511E7D95E

File Size: 1.28 MB, 1278471 bytes

MD5: dd28a535e2d662a7ddff2c1bd0211de2

SHA1: 7cc7ba342bce3e47dbcb2dd3392f07ec687ef552

SHA256: C9045285F334CEEA375246FC2C29FE7D164F9E7538FACC8D7A49F1652A5374DB

File Size: 1.31 MB, 1306209 bytes

MD5: 1677e9fbc327fd934453ff8926acc1cf

SHA1: 940f33328a7073a500f8e71d50c1bce0509ada62

SHA256: ED96618C5F729A3244F44CDF0F19DC0CDEF95F181846620840BEC49314381215

File Size: 911.11 KB, 911113 bytes

MD5: 6fcb45f0965d2e14accd797c02d55962

SHA1: f3c05c2b7c0e98a62bef0146fe5e80413bdb2a01

SHA256: FDF53BA6309DCA2C76D41867335A136EBB74346216E80664DE136E46581B27D9

File Size: 529.88 KB, 529877 bytes

MD5: d9c518b78b2801a8047cda2705434ea9

SHA1: 4bcafd23fdf48ed89bbafc7b4d79296eae020b60

SHA256: 6A2FE7AC09C3A11C951755A8E5F53830B8BC9B03A5CC1566C48942CA925B8D88

File Size: 162.76 KB, 162760 bytes

MD5: d1d1f079c8ba6746f515053300116694

SHA1: 4ed0d671695eb7435f3fc7aa46b91367d88b3ddd

SHA256: 8277C530A736AD208C9FE655B20C3E74F3CECDC67CDBB6775E4CBA3CFB98ED24

File Size: 616.94 KB, 616940 bytes

MD5: e1c77538fa1f139fed5f3d1eeebacfbb

SHA1: 71390cd795d7c2331d60fda3ec9d125a62ed825f

SHA256: A44155874511528F49966E26307B96C455DCEF3798749E7EC1BDBE0F79AD57B8

File Size: 1.32 MB, 1318821 bytes

MD5: d2a20a4ee058412228ed95bc1f4ab162

SHA1: 943d0a34586589a114d4124a3fcbcb949d29b58c

SHA256: 0DD1905296533000DD6C096052C581738ECFE24166E0E4512DCCDB25F2211A25

File Size: 784.41 KB, 784413 bytes

MD5: b3227ffec1e50aeeac4c507c233d5cb3

SHA1: a45e95c335268c5d3fc174fb0702a61f0d654fa3

SHA256: 59D95AD55EFA0DA95E118B781D414DF35345CAF5144905185F82657E010AACD6

File Size: 894.04 KB, 894039 bytes

MD5: 53e437edc1b3c23bd6bebbf522f511f0

SHA1: 0568136478c377ffcd6be9073cb6221e475b2eb2

SHA256: E2424C00FD4B87499F006F4E5AF325ED85DDA2222CA7C6720CED7D17F4D80B35

File Size: 546.43 KB, 546432 bytes

MD5: 13927b40db6742a0fbb6e7dc17a704c6

SHA1: 478c2990c7a0a45df6211224a5285469b35f95f0

SHA256: ED3ADAB73EEDCF286D65356B14A8FEB9B101765B9B5BE63A50E442C9F2C59378

File Size: 997.26 KB, 997265 bytes

MD5: f5355fbebeac2f206b3ea8bb6e631c8f

SHA1: 9afd6f6dcbc2223287a5a8abaee8ab988686fe4f

SHA256: 8CFCA7D537EB8627F309CC046FCD3AD13376886656EECD5638BFC536B7DB8728

File Size: 994.05 KB, 994054 bytes

MD5: 5fb87801833151c28ac7d366ed13a4dd

SHA1: b5a4fd55986ac97a9345223e23ffd414f6797291

SHA256: 699300BEB44BC6D8A444C3E1739BEECD4EE14BF493645040225B4D9A7368C21D

File Size: 572.14 KB, 572139 bytes

MD5: 844d122fdf05393dd8ea7940fc78ccfe

SHA1: 9a3ff0286e2643ae30f3daebc777858265b3990d

SHA256: 650C8895167EBE83DBA68255811BF75CF90417D41B87564C2FE00CC29E87430F

File Size: 416.37 KB, 416374 bytes

MD5: 675691ff7a885c80e352150c3d06ca78

SHA1: 1fc1a086c9a85c6e1bf95f4d2444fd788f701409

SHA256: 48901BD74975043ED46B10A2E7CDAB00144F8B912634867D6F68A207E6DC1E13

File Size: 421.67 KB, 421666 bytes

MD5: 0a07b7ea90456c025685094fac5da4c1

SHA1: a031a664fe0ef0f2aa6c94b808c8d373d8cb023c

SHA256: A64F0C46C265C9E22DD5C1A4EFD87457850AEBE2B5EFD44E053296AA76E60CB9

File Size: 546.20 KB, 546203 bytes

MD5: e0dbfc89ca96b174f67fc0415f450489

SHA1: cb13d9cefe34dd076a84b5950aec6998af23ab01

SHA256: 5F210FBCDF4ED9C134EC1A56FF6CD288E0B111D291B994A50C9F056C67A063E1

File Size: 1.04 MB, 1036231 bytes

MD5: f36b4702d917c1da391844f4b7ad72f3

SHA1: 7ebf1acd2ff28565d5a6f0e8a2d81322762103d5

SHA256: BFE0A21C1BF736669A948A013F91C2FFEE36A54010CAD3A2B439CB08156E0659

File Size: 758.88 KB, 758881 bytes

MD5: c747269d84be0704d354adffdc7a3592

SHA1: 4e91a7a388cd9f8cb3493399c1abeb42ca93572d

SHA256: 77E6E7C8841A9FE532F0568E89C74CAFE208AA411FAE2DA5ECA3CD57D81B04FF

File Size: 1.29 MB, 1289318 bytes

MD5: c54090d78a6eeea06e3572ac53b430cc

SHA1: db31c1aa6235a139009be43fb54f145925e77385

SHA256: 3B82AD534D224A716DCA4977129FB76EFAB1C5B46388F6E9DABD1A88A4E30DAB

File Size: 873.12 KB, 873117 bytes

MD5: 1867135a841351a55d5960179b88508b

SHA1: fdad5187854bc75b17dd8704e41e11430138a78f

SHA256: 4CB3C98B7780624F47A58981F01E3812E41C15FF3AF1BE23C33ED174E0F051BE

File Size: 1.66 MB, 1662813 bytes

MD5: 1b93240ccefad3a6c4b2c79bee7212a9

SHA1: bd14ce92a576b9247c5d2735458a6c9ec951bd07

SHA256: FD25A9E58CDDE6C4330531CA2BAC54BBE6A6F6B9BAC62D7FC0D23E0CCB42B568

File Size: 1.31 MB, 1306209 bytes

MD5: 31213bd5514e008fe15dd4d81ce26810

SHA1: 99cdfb797dad3be5330a5779bab78a06ec8bbaeb

SHA256: B870CFFD5AC3F9755C509CC2AA03FB5612B682AC2BD14BDE6BE924437E94C695

File Size: 440.30 KB, 440299 bytes

MD5: 99b909c0e7f9ba424594d3c0e196108f

SHA1: 96a322d69e4b8c110ac9e29a737a046b5b44f231

SHA256: E29A4640D21ABDBE46BD6DBD66F2D272F1AA1E6AEDD6A5F7F82657BB253B144F

File Size: 568.10 KB, 568103 bytes

MD5: 35347277cd1eb873be4e52e9cdfad009

SHA1: bf188c94042637ef558f021d1a2f1e2632fb36cd

SHA256: 1709415AD57A5BC7038762D7F1882289F1D56E228AFEC63177BEBAE0B9E2738B

File Size: 758.37 KB, 758372 bytes

MD5: 98ef716478cde5265439fb09b1823a67

SHA1: c08802546cdf2e9dcb5ffa4e3e40b525c9308ceb

SHA256: C41D7142A6D459D2ABA3C6ABF67A3FD1D11CAEB8E2BF2426C7F63FB3DB59B1B9

File Size: 163.86 KB, 163856 bytes

MD5: 0714ed65bb807b6d237f909e76270453

SHA1: 192a41ef0aa46d5b8bb3bcdb3a5abf809b4f9388

SHA256: 395DBB969B86CC126B2FF6B3B852A44B3DF2B0BCE775E1FF43F5277FEC2CBD55

File Size: 641.96 KB, 641958 bytes

MD5: 3139ace16dc16238fd5931dd39e20ac6

SHA1: 2943fc37fc320d3d1b85114ca12be88f36995e8c

SHA256: 56DFC6748E6B5C236D75EB2EF83D97677745EFEE43CEFFCEFB9691580A970B7E

File Size: 524.73 KB, 524734 bytes

MD5: 9af0ead8cd4461d98b5ff1750bf4b3ae

SHA1: 9fdd85719b31adb9260cfba5998a91c2ad146cc0

SHA256: A03A5D7FFB6F520317D6BA03ECFD5BED7E3F7339C7BE1F34B3B088AFCD16EF91

File Size: 859.96 KB, 859962 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	DirectXを使ってるゲームの縦横サイズ変更ソフトパソコンを高速化/快適化します。
Company Name	Microsoft PC-ZERO YOSINAC
File Description	Windows 環境変更ソフト WinSizeChanger2
File Version	2.10 2.6.3 1.00
Internal Name	TJprojMain Win wsc
Legal Copyright	A.C Copyright (C) 2008 佐藤悠
Original Filename	Comfortable PC TJprojMain.exe Win.exe WinSizeChanger2
Product Name	Comfortable PC Version 2.6.3 Project1 Win WinSizeChanger2
Product Version	2.10 2.6 1.00

File Traits

big overlay
HighEntropy
No Version Info
packed
x86

Block Information

Similar Families

Agent.LA
Chapak.HBX
CobaltStrike.GI
CobaltStrike.GIA
Keygen.N

MSILZilla.TC
Rozena.XC

Files Modified

File	Attributes
\device\namedpipe\dav rpc service	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.211.7\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_256.db	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\a1d26e2\db5e5e82294.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bassmod.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bgm.it	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bgm.mod	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bgm.s3m	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bgm.xm	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\keygen.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa2066.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsa5a66.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsa7b24.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb239f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsc51fa.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd5b23.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd64f5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nseea6c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf2849.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsfdb7f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsha803.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsia8a0.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nslb22d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nso580c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq4032.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqbcce.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqd7c6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nssa842.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nssb44a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsu639e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsyb6e8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsz7b5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nszb915.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\r2radspkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rapkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2ratlaskg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rblbkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rcrumarkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rctmkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rfalkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rikm3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rjuce.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rkeyzykg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rkorgkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rkuassakg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rmnkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rnmkg2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2ropenssl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rpinvkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rplmdkg3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rpvrykg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rreslkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rrprkg2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2rtrkkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\r2ryumkg.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df0687b99d24ecc1e2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df06e035783ab0249e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df0e02ff871ced2922.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df14be20a434b01c9f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df18edbdf8d874aaee.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df210c166b0fad4dd5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df22183a0c33d622c6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df3aa7dceec2537328.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df414af6a6813b114f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df42d3618e1cb446e5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df47cba45a018497cb.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df4f09678f07f7a7a2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df516a33d4d0736ea0.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df5494cc163c854eeb.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df68c48d3aef514861.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df79d745d36ea6c76d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df80ebb8e487e03518.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df948eba8726dd1678.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfa889e84627a8a31e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfafe883964ac11e50.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfb0de28a573c216a4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfb5e639eb67e72207.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfb6a7fc5db9624c08.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfceca22113dfe2cd5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfd59586a8064638b9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfe0f2c377e4f81340.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfe9a25b629475f321.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dfed49f9e064ca8ffe.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dff9149159771caeab.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~dffeeec5480fec02de.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\template\1.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\10.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\11.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\12.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\13.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\14.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\15.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\16.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\17.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\18.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\19.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\2.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\20.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\3.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\4.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\5.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\6.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\7.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\8.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\9.txt	Generic Write,Read Attributes
c:\users\user\downloads\template\mailtemp.ini	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots	ȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂȂ	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::1	Z1汄牦浢扳B 뻯.Dlfrbmsb	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::0	\1坛㰨佄啃䕍ㅾD 뻯啫嬯嬄窵.敢샒documents	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1::mrulistex		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru::nodeslots		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::nodeslot	±	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\bagmru\2\1\0\1\0::mrulistex		RegNtPreCreateKey

HKCU\local settings\software\microsoft\windows\shell\bags\177\shell::sniffedfoldertype	Documents	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini		RegNtPreCreateKey
HKCU\system\currentcontrolset\control\mediaproperties\privateproperties\directinput\vid_0627&pid_0001\calibration\0::guid	茰䪁駾ᇰƀ䕄呓	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::version	Ԋ	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::name	ED30942CAFC403A681C52599E1BC388544BC76A6_0000157617	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::id	ED30942CAFC403A681C52599E1BC388544BC76A6_000015761746AAE3D1000267B1	RegNtPreCreateKey
HKCU\software\microsoft\directinput\mostrecentapplication::mostrecentstart	鑁뤸⹅ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent
User Data Access	GetUserName GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory ZwMapViewOfSection
Process Shell Execute	CreateProcess
Other Suspicious	SetWindowsHookEx
Keyboard Access	GetAsyncKeyState
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							C:\Users\Lchgyotq\AppData\Local\Temp\keygen.exe


							C:\Users\Htssxdej\AppData\Local\Temp\keygen.exe


							C:\Users\Ekrlbjpf\AppData\Local\Temp\keygen.exe


							C:\Users\Rfnznxjp\AppData\Local\Temp\keygen.exe


							C:\Users\Jkvyhyjr\AppData\Local\Temp\keygen.exe


									C:\Users\Mvfrxitx\AppData\Local\Temp\keygen.exe


									C:\Users\Mdnbexzp\AppData\Local\Temp\keygen.exe


									C:\Users\Ojaidquy\AppData\Local\Temp\keygen.exe


									C:\Users\Sifaqcjb\AppData\Local\Temp\keygen.exe


									C:\Users\Bddwhyep\AppData\Local\Temp\keygen.exe


									C:\Users\Etqfgdcw\AppData\Local\Temp\keygen.exe


									C:\Users\Lcywdzip\AppData\Local\Temp\keygen.exe


									C:\Users\Ukmoqblh\AppData\Local\Temp\keygen.exe


									C:\Users\Rgmxqxhh\AppData\Local\Temp\keygen.exe


									C:\Users\Fuuvfhnf\AppData\Local\Temp\keygen.exe


									C:\Users\Watdityj\AppData\Local\Temp\keygen.exe


									C:\Users\Gyahkkoz\AppData\Local\Temp\keygen.exe


									C:\Users\Cpezcroc\AppData\Local\Temp\keygen.exe


									C:\Users\Evluozyu\AppData\Local\Temp\keygen.exe


									C:\Users\Ziatrsaf\AppData\Local\Temp\keygen.exe


									C:\Users\Zepzccja\AppData\Local\Temp\keygen.exe


									C:\Users\Igzgiuso\AppData\Local\Temp\keygen.exe


									C:\Users\Waiospha\AppData\Local\Temp\keygen.exe


									C:\Users\Vdpkhceu\AppData\Local\Temp\keygen.exe


									C:\Users\Lrynavvq\AppData\Local\Temp\keygen.exe


									C:\Users\Papmdxhm\AppData\Local\Temp\keygen.exe


									C:\Users\Nheldixm\AppData\Local\Temp\keygen.exe


									C:\Users\Qwnssiet\AppData\Local\Temp\keygen.exe


									C:\Users\Tcmrljrx\AppData\Local\Temp\keygen.exe


									C:\Users\Bphuqmkg\AppData\Local\Temp\keygen.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Keygen.N

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

PUP.Keygen.NA

Trending

Trojan.Kryptik.JUD

Trojan.Agent.MBD

PUP.Baidu.A

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen