Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.LoadMoney

PUP.LoadMoney

By JubileeX in Potentially Unwanted Programs

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 441
First Seen: December 23, 2013
Last Seen: August 9, 2025
OS(es) Affected: Windows

PUP.LoadMoney is a potentially unwanted program, which may alter browser settings on the web browser. PUP.LoadMoney may replace the default homepage and search provider with a questionable website, or open it in a new tab window of the web browser whenever the computer user strives to open a blank page. PUP.LoadMoney may be related to adware and, therefore, it may insert a relevant plug-in, add-on or extension, or perform other unwanted and potentially harmful actions on the computer system such as show disturbing pop-up advertisements on the desktop of the computer. PUP.LoadMoney may also be associated with browser hijackers that may hijack the web browser and unwillingly reroute PC users to unreliable websites that were created to possibly boost traffic of a questionable website and make a profit from clicks on ads. PUP.LoadMoney may be distributed and enter the computer through bundled freeware that PC users can download from the Web.

Analysis Report

General information

Family Name: Trojan.Loadmoney
Signature status: Self Signed

Known Samples

MD5: 9d87f4ba9f9b325f4f2e734a8520b5a6
SHA1: f7979ee89ae0315cd9d24006e8cb47081540d2d2
File Size: 967.99 KB, 967992 bytes
MD5: cb31ea647745760a62ae1d91db145e1e
SHA1: 7e7e38eff3cba2e8fe1afe7120544667df2dee8b
SHA256: 0747B2227D36A327D7C38085F7B655CF2779F4045AB91B24FAB194000B7AE085
File Size: 569.51 KB, 569512 bytes
MD5: 065dcc3035789ea3898628d588f7dc50
SHA1: e7b67de35ee426768ddab5b18fb6a3ceaadbc74b
SHA256: 9C6E1C5AFE9600BA0A7B6D7E513FCCAFA6D9701BA6F3A1F7633FB62985904A17
File Size: 569.51 KB, 569512 bytes
MD5: 7c1acce85e03f5adcd9c506264ecfae9
SHA1: a1f5609bd24f50934495321a0e1f683982323391
SHA256: F1E57A8AECBE35BD0CCFAF771132E376AFEC7D3D20C5D8E7F1FDF9AF1E2E596B
File Size: 669.69 KB, 669688 bytes
MD5: 8f42ace18e72e7af672ec8ccc25c488d
SHA1: e359ad5369c2b54122706ebe21fb2402fb08a22b
SHA256: 887276FBAE6E7D259BED94711BD20913CFCB068EACA97AB8219004AB94DF8945
File Size: 569.54 KB, 569536 bytes
Show More
MD5: 9e3a500d0acd67b0db597d7b76fcac98
SHA1: d20b12829bf667ada32f9bd81bdd2a7237072ec8
SHA256: F62A32E5F558321773B371BD1411F6BCFC8A4F81424C1B85130EE0527ACEC3AA
File Size: 569.53 KB, 569528 bytes
MD5: 9324ab6229651794b2372490f9a320da
SHA1: 260b6ea25b22fef68b0f4f8699607ad1b0601f90
SHA256: D9A0F1DCC8F0C15697BFDBE1E765CDECC449D44464B990F7D1C0213BB29FE057
File Size: 569.51 KB, 569512 bytes
MD5: 025642c5d25cab2d905edcbcb6513d46
SHA1: d48a3434a24405d844bdf70dcdb2e34d6ebefaab
SHA256: 737960568BE29A5AA6D9B81553558436F5013FBDF0E04F3A5B75CB8925825478
File Size: 569.51 KB, 569512 bytes
MD5: 2f87614f1ae5390d2ee803629097bc9d
SHA1: be711f046f4147103c98639eba6ab26f90e2405c
SHA256: B07B70CD3A19A56FC6D567E69BB47DE79A210EF728C8058941ADD987688BEFAB
File Size: 569.53 KB, 569528 bytes
MD5: a5f606baaaaca606e6f31d08ca5df39e
SHA1: 58fa8ebfba2c0aa972eb0d8a9594840f75b9ff83
SHA256: 4BADA1D76F116EE7EAE71805E7F7D27BC62CA3343256167EA8CB40DA79BE52E7
File Size: 569.51 KB, 569512 bytes
MD5: 6b71ec6a81fd1a7ef7b2dbaf94f0040f
SHA1: 008b39d6e0582c5c3124e681b0b80278e22507c3
SHA256: D9551B450630BB73C160B106299C479536CBF31B32100528D2D03ECDB119DFE2
File Size: 1.90 MB, 1898928 bytes
MD5: 984101bc191e4f3eabec4fd8fb7cee0e
SHA1: eb929bca37f2b878477bef383ec105f2c26f5ec6
SHA256: 0F42C24AA06A47CCE1A954350F03E20B4C7A16B2F5AACC98DC23D2D7D8F17674
File Size: 569.51 KB, 569512 bytes
MD5: 3b59c935806c1268c2c6d8ee3cc437e7
SHA1: 05a274457603c2b3dd01bc898ed8be4b632b9ea2
SHA256: CBD6C783C2F92285D9295B5F2CEADA1918157AF5C4E5829E7C5804A9E760C8E2
File Size: 569.51 KB, 569512 bytes
MD5: 6994b362f51110eb7f9ebad3a0079242
SHA1: 044ba09e9850166be95f684f9f7428e58644cb15
SHA256: AE1FA9ECF4E799D3F24DFFBB89CAD35C096B6EEAA3D8980E3FE890B45304E224
File Size: 569.52 KB, 569520 bytes
MD5: 58506d450989ffded3b991813edf0656
SHA1: 9036e616733abc7817950e8530b39643558db71f
SHA256: 89323C7FFF881CB29798D7FE5BA90C30E8D01041D44B531D888817339EF17370
File Size: 569.51 KB, 569512 bytes
MD5: 2281daabd24d51a13755ed0e8e7d95c8
SHA1: 76821f8692d9d89fae852de23b293addb3a207ab
SHA256: 5F27EF4BF1D1150CF7D438CF7D11A71021923487ADD44055C25728AEA5954FC1
File Size: 569.53 KB, 569528 bytes
MD5: 7468b9edb84d19695c32bf0a5d7684a3
SHA1: 15badc58652d059fbe675ef50602bf9da3ccd0d8
SHA256: 3137FE0F45DED4DB2EBDBAF3C8374C4C9EE7813CAD2930083F7AF9953DED84F8
File Size: 569.54 KB, 569536 bytes
MD5: 95c098191b68b25e0cfccfa928ff0d8f
SHA1: 204fc419ecc39fc95a608b398098955ed7a5035f
SHA256: 7A69EB1B856F8FAED971E7010A542EB6DE03106CC7278DE308C82EAEC6AB4745
File Size: 569.54 KB, 569536 bytes
MD5: bd721aa1d88de053c0d6f6bb8ee0a444
SHA1: facc420902eff98e6ae2e27fcfd8c3286634b9ed
SHA256: 920284ADB181735947BDD07EDC0A1DCF8C838E041CC8B90924EEF6FEF940C4B6
File Size: 569.50 KB, 569504 bytes
MD5: f1a88084bf82eb1dff251a81ea33c9b0
SHA1: e53f94b132dfb2a4bdc10e14bc4ad7b1449a972f
SHA256: A80AEF92D64C17D3CCC32AEF66ED04D7934FCCF5224130AEB8D5FE83CF6B4611
File Size: 2.21 MB, 2209824 bytes
MD5: 5630a147acd8d60ff2ae15eed54dfb0e
SHA1: d952b879fb0598ac7a8e24356cb483f1dffac334
SHA256: 718E6CB4597C97683E3F063A27B3D17FF43981B61522D72B36BE910AB31BFCBF
File Size: 2.21 MB, 2209840 bytes
MD5: b295c27d813ba2ccf5d8e0a4106cc238
SHA1: c7dccdcd5cd6a14023372cf800149320982c78f6
SHA256: C6657C58DDCD4EE8CDEB8E084F24B7DEFEC47B6FAD77BD5643CFB1BAC38D8DFF
File Size: 2.21 MB, 2209800 bytes
MD5: 5d3c34ba57a214239c45df847dd7473e
SHA1: 1884b58975206fed358c02ee977ade6efd1c9c7f
SHA256: A64A67BDD92357A575C1EA08018734B1E8E9EE32452C577AD648AF316E9F37E1
File Size: 2.21 MB, 2209824 bytes
MD5: 5dd4a1655106b233a21027243fc04106
SHA1: f4ad35e7635fca9bdd85be9eb4bd870191de2469
SHA256: 72F1BEE877AB4473F1FD7AA9F95404034090E2A055A39796C07993B2EFDCA983
File Size: 2.21 MB, 2209832 bytes
MD5: 7ab63043c2c05e0e77dc46025cc16abe
SHA1: a6e3e19b27239aba0e66662d858c408b129e23eb
SHA256: 22B08FFFDD0F86552CD0F05387CD5D2A4B76058CCF84D5AEE4E1DEB10AE6E7A2
File Size: 569.50 KB, 569504 bytes
MD5: 466d5ce09ea420b6d32ef0f2eec48e42
SHA1: 8d8daf295f60de294cd03ab373dece19a7698301
SHA256: 9A82550F3DA6B25E656641D58F5BD02047E3C6674F4EC1C0BB0742A89F43E953
File Size: 569.50 KB, 569504 bytes
MD5: b6c3dcaa57a7d73092015d6d7a85f78a
SHA1: fc65be00fa3632a070f004a8bdb8be2399ffb867
SHA256: F990CD5370013ABB8CCD82473D9B161E18FD072BBE717535FCBDC13BC7427CD4
File Size: 569.51 KB, 569512 bytes
MD5: 77e1775cb334db55413bac672ac19b17
SHA1: 23ac683f6a82cb5a55f9211f068520632e6cdc5e
SHA256: 496F85E7A52AC9C64ADB096033040FEBEB86798B4A397F710EFDE8DFEC9568B6
File Size: 783.42 KB, 783416 bytes
MD5: 7e7a66d49ce61a0e138301c3a43c977b
SHA1: 78d2c909a73c6d6b916c419f41ed1d9c58d85f65
SHA256: FE2EAD4471D52A66B25208D7F494944A72283204EFED17913C1F5851BD87DFAF
File Size: 569.53 KB, 569528 bytes
MD5: 986eb7a59f405d2fad1eb6020e6b04b6
SHA1: 3c9b585f74537ba2badacb90919bfdc1e2da8d73
SHA256: 2BE98EDEB6F3121757867467B1EC2DAD72E6D0331242AD42BEA983D2802205D7
File Size: 2.21 MB, 2209800 bytes
MD5: 67053bcc02bcfb3a8a830e54dfec1f77
SHA1: 17f3c634b77c11a3f7bacf8b5a9c033e5cf3e565
SHA256: 6CC40F78EB42326363F9949CCF091C60D315F1C98E324009FFF327821DFD36C7
File Size: 2.21 MB, 2209832 bytes
MD5: f48850909fbf50c9f812cde249bf7288
SHA1: 09aacce66d43341bf4f6cd90d9e3e32c97ee9726
SHA256: AD21079E40F994FEB36CB251BDAF85D95E242CFD2CBF7F873809BFA821070A81
File Size: 9.20 MB, 9201216 bytes
MD5: 1c11ad2560e4b26015b28120ad14b350
SHA1: f81c8123b91033f6a6957baadbffa7310a848be7
SHA256: 1470163FAAC659007E20152B3F2125D7A5EF6F231F52F78F085522E7979595A2
File Size: 2.21 MB, 2209816 bytes
MD5: 00cbeff396732b24df6693f3f29924e9
SHA1: 5c6f3ab17b43786bf2dc26a225bec9c42f45220d
SHA256: 904A3C6CA04C284E6C45A365BB5AA6600C3840F562F4FF06012693ED92BEF358
File Size: 569.54 KB, 569536 bytes
MD5: f9a7695effaffde9a5d1653b924a1511
SHA1: d1a9bb42fb64ea080478c88b586bb36628c3c86b
SHA256: 18707C9D28CBFF1974D5E1DCF019F30DF8D66D9D6C10EA0DD5EF40EE6A2781B3
File Size: 569.50 KB, 569504 bytes
MD5: 6c5fc18b3930f9bab8ab70df81ad29a3
SHA1: db9a1847ee23e036f7f073b364cd1919a837548f
SHA256: 92FBB48D2436177103557B1A15034845EA46AAAE2C7E95D17246F01397E38BDE
File Size: 569.51 KB, 569512 bytes
MD5: 0dd44d5e6895762b994d2e6958600968
SHA1: 2eb1e0c56f10ce960253e67489aa955c737fc1f3
SHA256: 6758448E0C463B02B4D1296FF35B17B91D11AE7D5E131E84FAD704EBDCD985EA
File Size: 569.52 KB, 569520 bytes
MD5: cf90a6bd3b07e840235f69077fa28e3b
SHA1: 1828ef0f3e4e273e7eb8054805d286776fee1ae3
SHA256: 6248A452668D27A44B15E6FF8C93C7D4C730482312A8CF4E8E6C31B3B3C94FD5
File Size: 569.52 KB, 569520 bytes
MD5: 7656869d5ac1911af238f458e977a053
SHA1: d9161cfa85b9858ccc5b1a792caafd01e5768220
SHA256: 172277FC132CCC93E31E14EBF0DBB1C0F8091130C7BAEC494E4BE29BA7030B02
File Size: 392.22 KB, 392216 bytes
MD5: 9921b24b2826f1866372d10be38edb3e
SHA1: 41eba339444fd9a127a5cce791a485bce1afdb0d
SHA256: 142396225B1AC5E91A23105A30A8F1267D677FA10112E8450FA1CA0F41720552
File Size: 569.52 KB, 569520 bytes
MD5: 399af13ec2295011c51f5a8372cea6e0
SHA1: 0113b03b60dff5432d28fb0554217b9687d9306b
SHA256: E7E7D2E0656FC9F2338A47F89E1FB4F158C2CFED8A5A1088586B3F470EA09A2D
File Size: 569.52 KB, 569520 bytes
MD5: 59832844d7cfba4296b832b8064ad5b4
SHA1: 31eb0aaa071c5b02a13583f8a855f22f4f456826
SHA256: D8C9401AA133532A9D18167BB0C2DF6C797E3E4A2DA3BE837C282FA2E48B80DD
File Size: 569.53 KB, 569528 bytes
MD5: c2bd997452434bcf4d5f9c2582a17025
SHA1: 21b540b09cace01a1af983c0ec70ef13de04445d
SHA256: 8B7CF70093F2C9706B8CEA11F5F155D13B8F56C1D673A1C7A6E0718ED2282C26
File Size: 569.52 KB, 569520 bytes
MD5: 5248ce43435c0222e9f3fc573a617405
SHA1: 19c63bf9f4b2fe6d40d4aeda6aae1bfeddb1bf0b
SHA256: F73D7F722E94091B75D111359A2E716B5E51A2B124CAF69BB644457AC424DABD
File Size: 569.51 KB, 569512 bytes
MD5: faa3d54f403ac4606004953c2663017b
SHA1: 6b8885e2a839a67e9755b329a9e1e2025e1ae410
SHA256: 52E3CBECF541698C75FED6B7F755C81D3824E960890A227A9C9B6992FEF3BEB0
File Size: 569.52 KB, 569520 bytes
MD5: b8a62bb2fa10a1e1608cb32c63cca2a9
SHA1: c85aa585b772232b84c47316bc085b8ecd81290b
SHA256: A0B400637F77B791FDAAFBB9EDE0E07C5EEEF877AE1B02A0840ACF263DC4741B
File Size: 569.51 KB, 569512 bytes
MD5: 071107fef90320d1d8f15ea1e702e890
SHA1: e48c5dcbd53c14e70fb312e012810c34a02bbb4e
SHA256: E335BD784689BEDA8E7AFF06A831450046057D58B54FC25367D2B4232E66313B
File Size: 569.52 KB, 569520 bytes
MD5: ce42af83ba116281cec92f0f66aae5c3
SHA1: 6b20828b8f3637435e2cc066b11778a92d13b153
SHA256: C7DAC10E595B757FEBB559D14C641FA57F5414BD5096B693955611E5851BC039
File Size: 569.51 KB, 569512 bytes
MD5: 9cf9e397198360db4692cdcc3f55399b
SHA1: caa49e4d330b764e7b664aafcc8b50cd8c5c6456
SHA256: 6D90EDFD1D8662B9E617DD2E30BF2FE5F19E50C7FC48C828C4753AEA5011B45A
File Size: 414.48 KB, 414475 bytes
MD5: 8474bc2746d81c7ffa2b99c1bc492f36
SHA1: 3c4c3f048760f6583adbbe59eebb95fb63313c36
SHA256: E8491516D6CE1D2476E59BF1546CBE2F98287E9D8626A88E82BE9DF7F68F7E8D
File Size: 569.51 KB, 569512 bytes
MD5: fcfd48c270ac3d2a17b1f1fcb59aa850
SHA1: 996ad70fcfe49607dc3ee3f70ef2f1bf44ad5e16
SHA256: 5D6592B1DF4F122C933312916BD0EAB945FE9C631CD779386674E908375259EB
File Size: 569.50 KB, 569496 bytes
MD5: 2f8d8fdc593bf0b47a15af21b2daa3ce
SHA1: 0e4d024f49ec1e426a47ff3bfe1d21e3b46095d8
SHA256: 89DF25378E1D2560FD4221C84CE20385C17AB797FC13142DF8C1FD867386162D
File Size: 569.51 KB, 569512 bytes
MD5: a6f766d0808b3c7c0ee2015b0e64bd7f
SHA1: 0001775aa9a2dec975ca049dbf38e9cf6fe3f6a5
SHA256: 9C6FC726BE0BEC6EA8C4392920B38A8A3BD9A7FC3D7D11188C24CA975E9B888D
File Size: 7.41 MB, 7414704 bytes
MD5: 862970a63983eb267cb7e99b3207bbfc
SHA1: 85d16bbe7a45f00e1bd765cca4f38bebced955ff
SHA256: 715986BFD4C86CDC6423110D7A171A081D3F3A4C940032E138F0E10DCF956437
File Size: 1.62 MB, 1618872 bytes
MD5: c655e7766d49baedd644e7ec6d2caa54
SHA1: 4cc0fa8746bdeaf965b8a3410232ac20d0bb36aa
SHA256: E4B1F0DD8AA7B9DD1005C9385C2E9A19B52B2B653E1A5BB0BF7AC8ED409269DB
File Size: 569.51 KB, 569512 bytes
MD5: 2d1e30b1bdb8a51435d5dab167dd981a
SHA1: 096cf1cb881ecfa5ff7b78c44e4273fbeb3257c4
SHA256: 88511DE931A95F017E6F41E8361977E4D535FFD455F67264642BDECBB937D099
File Size: 569.52 KB, 569520 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • free installer
  • This installation was built with Inno Setup.
Company Name
  • Chun Sejin
  • intent-performance
  • leaf-plane
  • linger-mock
  • link-peril
  • list-teacher
  • maintain-potion
  • meanwhile-property
  • midst-shallow
  • minister-league
Show More
  • myrtle-owner
  • nameless-owner
  • nasty-shelve
  • nick-separate
  • okay-nightmare
  • pavement-unable
  • pirate-mankind
  • plunge-peeve
  • port-pavement
  • possess-motor
  • powers-port
  • protect-uncertain
  • rapid-type
  • rattle-southward
  • recollect-skirt
  • recollect-temple
  • relation-refer
  • relax-twelve
  • render-remind
  • russian-supper
  • sailor-store
  • seldom-wary
  • snort-slant
  • statue-specter
  • steam-motor
  • suppress-solitary
  • thrust-sympathy
  • tool-mail
  • tough-watson
  • tray-solution
  • trickle-prevent
  • troop-younger
  • tumble-obtain
  • union-valentine
  • vein-ireland
  • visitor-scratch
  • winter-quill
  • wisdom-vault
  • wreck-steep
File Description
  • Framework 3.1 Setup
  • Image & Animation Viewer
  • interview-whenever Setup
  • ireland-trifle Setup
  • justice-soil Setup
  • maid-league Setup
  • majesty-mock Setup
  • mass-successful Setup
  • merchant-skill Setup
  • method-pillow Setup
Show More
  • monday-item Setup
  • My Program Setup
  • mysterious-photograph Setup
  • nigger-reader Setup
  • park-steam Setup
  • perch-prey Setup
  • practical-prescribed Setup
  • program-mission Setup
  • progress-rusty Setup
  • prompt-interrupt Setup
  • reality-quiver Setup
  • rear-satisfy Setup
  • reserve-mild Setup
  • rifle-mumble Setup
  • screw-monday Setup
  • sensation-merchant Setup
  • september-wisdom Setup
  • shatter-marvellous Setup
  • shelf-justice Setup
  • skill-lore Setup
  • slap-passe Setup
  • sleepy-possibility Setup
  • soar-intelligence Setup
  • social-sunlight Setup
  • soften-perceive Setup
  • soften-thorough Setup
  • solution-recognize Setup
  • somewhat-marvellous Setup
  • southern-superior Setup
  • sparkle-warrior Setup
  • stagger-shame Setup
  • stare-tick Setup
  • starve-sparkle Setup
  • stomach-stain Setup
  • strain-tradition Setup
  • strap-wealth Setup
  • sunday-midst Setup
  • swear-stable Setup
  • system-member Setup
  • TcpView Setup (r2305081802)
  • teach-tray Setup
  • troll-melt Setup
  • VKDJ, Player, setup
File Version
  • 111
  • 14.2.1076.22
  • 3.05
  • 3.01.012
  • 2.22.48
  • 1.7.1.1
  • 1.2.03.3
  • 1.0.8
  • 1.0.0.1
Internal Name
  • Imagine
  • PRepair.exe
Legal Copyright
  • Copyright (c) 2003-2010 Chun Sejin
  • Copyright © 2008-2018. All rights reserved.
Original Filename
  • PRepair.exe
  • Setup.exe
Product Name
  • Framework 3.1 Setup
  • Imagine
  • interview-whenever
  • ireland-trifle
  • justice-soil
  • maid-league
  • majesty-mock
  • mass-successful
  • merchant-skill
  • method-pillow
Show More
  • monday-item
  • My Program
  • mysterious-photograph
  • nigger-reader
  • park-steam
  • perch-prey
  • practical-prescribed
  • program-mission
  • progress-rusty
  • prompt-interrupt
  • reality-quiver
  • rear-satisfy
  • reserve-mild
  • rifle-mumble
  • screw-monday
  • sensation-merchant
  • september-wisdom
  • shatter-marvellous
  • shelf-justice
  • skill-lore
  • slap-passe
  • sleepy-possibility
  • soar-intelligence
  • social-sunlight
  • soften-perceive
  • soften-thorough
  • solution-recognize
  • somewhat-marvellous
  • southern-superior
  • sparkle-warrior
  • stagger-shame
  • stare-tick
  • starve-sparkle
  • stomach-stain
  • strain-tradition
  • strap-wealth
  • sunday-midst
  • swear-stable
  • system-member
  • TcpView
  • teach-tray
  • troll-melt
  • VKontakte DJ Setup
  • ____
Product Version
  • 11111
  • 14.2.1076.22
  • 3.05
  • 3.01.012
  • 2.22.48
  • 1.9
  • 1.7.1.1
  • 1.5
  • 1.2
  • 1.070622
Show More
  • 1.0.8

Digital Signatures

Signer Root Status
Voskhod, OOO AAA Certificate Services Root Not Trusted
OOO,MERED COMODO RSA Certification Authority Root Not Trusted
Veb Optima COMODO RSA Certification Authority Root Not Trusted
YABLOKO,LLC COMODO RSA Certification Authority Root Not Trusted
Monitor INC COMODO RSA Code Signing CA Self Signed
Show More
Monitor LLC GlobalSign Code Signing Root R45 Root Not Trusted
Monitor LLC GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed
OOO Gross Mauntin UTN-USERFirst-Object Root Not Trusted
E-KANOPI VeriSign Class 3 Code Signing 2009-2 CA Self Signed

Block Information

Similar Families

  • Cerber.IE
  • Kasperagent.A
  • Sofacy.B

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\programdata\mankind-local\is-nqpuh.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\mankind-local\unins000.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\mankind-local\unins000.exe Synchronize,Write Data
c:\programdata\microsoft\windows\start menu\programs\screw-monday\uninstall visitor-scratch.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\microsoft\windows\start menu\programs\screw-monday\visitor-scratch.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\microsoft\windows\start menu\programs\stagger-shame\tray-solution.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\microsoft\windows\start menu\programs\stagger-shame\uninstall tray-solution.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\programdata\terrify-tempt\is-7fpp9.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\terrify-tempt\unins000.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\terrify-tempt\unins000.exe Synchronize,Write Data
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\52f3.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-0c899.tmp\096cf1cb881ecfa5ff7b78c44e4273fbeb3257c4_0000569520.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1k17i.tmp\eb929bca37f2b878477bef383ec105f2c26f5ec6_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-2gjok.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-3t9mf.tmp\17f3c634b77c11a3f7bacf8b5a9c033e5cf3e565_0002209832.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4bf5e.tmp\e7b67de35ee426768ddab5b18fb6a3ceaadbc74b_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4mpaq.tmp\260b6ea25b22fef68b0f4f8699607ad1b0601f90_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4u1qp.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-5qefo.tmp\d48a3434a24405d844bdf70dcdb2e34d6ebefaab_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-723vk.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-76rej.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-7rpsl.tmp\e53f94b132dfb2a4bdc10e14bc4ad7b1449a972f_0002209824.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-9g0ta.tmp\d952b879fb0598ac7a8e24356cb483f1dffac334_0002209840.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-bl0s4.tmp\c7dccdcd5cd6a14023372cf800149320982c78f6_0002209800.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-bpacm.tmp\f81c8123b91033f6a6957baadbffa7310a848be7_0002209816.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-c3jve.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-cu7g5.tmp\204fc419ecc39fc95a608b398098955ed7a5035f_0000569536.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dcs4v.tmp\05a274457603c2b3dd01bc898ed8be4b632b9ea2_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-eehdc.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-fgqoj.tmp\e359ad5369c2b54122706ebe21fb2402fb08a22b_0000569536.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fspd9.tmp\7e7e38eff3cba2e8fe1afe7120544667df2dee8b_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-gdqt8.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-gkkar.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h2toc.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-h2toc.tmp\botva2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h2toc.tmp\callbackctrl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h2toc.tmp\idp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h9qhs.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-i15oh.tmp\15badc58652d059fbe675ef50602bf9da3ccd0d8_0000569536.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ij0ce.tmp\58fa8ebfba2c0aa972eb0d8a9594840f75b9ff83_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-kf180.tmp\facc420902eff98e6ae2e27fcfd8c3286634b9ed_0000569504.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ki424.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-kmari.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-l69m4.tmp\d20b12829bf667ada32f9bd81bdd2a7237072ec8_0000569528.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-loqng.tmp\1884b58975206fed358c02ee977ade6efd1c9c7f_0002209824.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-m7r6e.tmp\09aacce66d43341bf4f6cd90d9e3e32c97ee9726_0009201216.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mp273.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-nqnlf.tmp\be711f046f4147103c98639eba6ab26f90e2405c_0000569528.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-oknd3.tmp\76821f8692d9d89fae852de23b293addb3a207ab_0000569528.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-ou7pv.tmp\044ba09e9850166be95f684f9f7428e58644cb15_0000569520.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qf5mc.tmp\f4ad35e7635fca9bdd85be9eb4bd870191de2469_0002209832.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-r4p7p.tmp\008b39d6e0582c5c3124e681b0b80278e22507c3_0001898928.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-srdb5.tmp\9036e616733abc7817950e8530b39643558db71f_0000569512.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-tkndp.tmp\7za.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\is-tkndp.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-tkndp.tmp\is-7scd4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-tkndp.tmp\is-qnjji.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-tkndp.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-tkndp.tmp\logo y.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\is-tm28a.tmp\7za.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\is-tm28a.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-tm28a.tmp\is-spf9q.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-tm28a.tmp\is-vpsfg.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-tm28a.tmp\logo y.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-tm28a.tmp\logo y.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\is-u8hoc.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-v7avn.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-v8n9m.tmp\3c9b585f74537ba2badacb90919bfdc1e2da8d73_0002209800.tmp Generic Write,Read Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\103621de9cd5414cc2538780b4b75751 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b69b1ed437cd0bbd5e1573d663b2ae19 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\cbef87a3d34bacfa2b8c73f1a894923f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\103621de9cd5414cc2538780b4b75751 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b69b1ed437cd0bbd5e1573d663b2ae19 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\cbef87a3d34bacfa2b8c73f1a894923f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\internet explorer\quick launch\tray-solution.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microsoft\internet explorer\quick launch\visitor-scratch.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\desktop\tray-solution.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\desktop\visitor-scratch.lnk Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKCU\software\tgmacro::clid 0 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 븓뎏ᓧǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::inno setup: setup version 5.6.1 (a) RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::inno setup: app path C:\ProgramData\mankind-local RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::installlocation C:\ProgramData\mankind-local\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::inno setup: icon group screw-monday RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::inno setup: user Tdjwelwm RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::inno setup: language english RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::displayname visitor-scratch RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::uninstallstring "C:\ProgramData\mankind-local\unins000.exe" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::quietuninstallstring "C:\ProgramData\mankind-local\unins000.exe" /SILENT RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::displayversion 1.2 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::publisher visitor-scratch RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::norepair  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::installdate %$ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::majorversion  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::minorversion  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::versionminor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\screw-monday_is1::estimatedsize ʾ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ڇ╛៝ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::inno setup: setup version 5.6.1 (a) RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::inno setup: app path C:\ProgramData\terrify-tempt RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::installlocation C:\ProgramData\terrify-tempt\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::inno setup: icon group stagger-shame RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::inno setup: user Ugimoroz RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::inno setup: language english RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::displayname tray-solution RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::uninstallstring "C:\ProgramData\terrify-tempt\unins000.exe" RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::quietuninstallstring "C:\ProgramData\terrify-tempt\unins000.exe" /SILENT RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::displayversion 1.2 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::publisher tray-solution RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::norepair  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::installdate %' RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::majorversion  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::minorversion  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::versionminor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\stagger-shame_is1::estimatedsize ʾ RegNtPreCreateKey
HKCU\software\newcon_figdj::clid 0 RegNtPreCreateKey
HKCU\software\newcon_figdj::clids 11285,502,11285,2350450,2350451,2350452,2350453,2350454,2350455,2350456,2350457,2350458,2350459,2350460,2350461,2350462,2350463, RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 똑癃᧴ǜ RegNtPreCreateKey
HKCU:: 0 RegNtPreCreateKey
HKCU\software\vkontakte.dj::setupuid 74A44FE0-A3B5-4D05-A8E8-2D9E92CCD214-8E2A660CF9B03BB4AEA33C0017333A2A RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserName
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Network Winhttp
  • WinHttpOpen
Process Shell Execute
  • CreateProcess
  • WriteConsole
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • VirtualAllocEx
Encryption Used
  • BCryptOpenAlgorithmProvider
Network Urlomon
  • URLDownloadToFile
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo

93 additional items are not displayed above.

Process Terminate
  • TerminateProcess
Network Wininet
  • InternetConnect
  • InternetOpen
Network Winsock2
  • WSAStartup
Network Winsock
  • bind
  • connect
  • gethostbyname
  • getpeername
  • getsockname
  • send
  • setsockopt
  • socket

Shell Command Execution

"C:\Users\Mbivewyt\AppData\Local\Temp\is-FSPD9.tmp\7e7e38eff3cba2e8fe1afe7120544667df2dee8b_0000569512.tmp" /SL5="$2021A,301866,58368,c:\users\user\downloads\7e7e38eff3cba2e8fe1afe7120544667df2dee8b_0000569512"
"C:\Users\Fxqhlahu\AppData\Local\Temp\is-4BF5E.tmp\e7b67de35ee426768ddab5b18fb6a3ceaadbc74b_0000569512.tmp" /SL5="$A004A,301866,58368,c:\users\user\downloads\e7b67de35ee426768ddab5b18fb6a3ceaadbc74b_0000569512"
"C:\Users\Bsrwxzkv\AppData\Local\Temp\is-FGQOJ.tmp\e359ad5369c2b54122706ebe21fb2402fb08a22b_0000569536.tmp" /SL5="$20232,301866,58368,c:\users\user\downloads\e359ad5369c2b54122706ebe21fb2402fb08a22b_0000569536"
"C:\Users\Tdjwelwm\AppData\Local\Temp\is-L69M4.tmp\d20b12829bf667ada32f9bd81bdd2a7237072ec8_0000569528.tmp" /SL5="$40028,301866,58368,c:\users\user\downloads\d20b12829bf667ada32f9bd81bdd2a7237072ec8_0000569528"
"taskkill" https://setstat.ru/api/savePostback?chid=%s&guid=%s&type=spTGMacro.exe
Show More
"schtasks.exe" /Create /TN visitor-scratch /SC ONLOGON /TR "C:\ProgramData\mankind-local\TGMacro.exe /trayMode" /F /DELAY 0001:00 /RL HIGHEST
WriteConsole: ERROR: CoInitial
"C:\Users\Oqpdylop\AppData\Local\Temp\is-4MPAQ.tmp\260b6ea25b22fef68b0f4f8699607ad1b0601f90_0000569512.tmp" /SL5="$501F8,301866,58368,c:\users\user\downloads\260b6ea25b22fef68b0f4f8699607ad1b0601f90_0000569512"
"C:\Users\Ugimoroz\AppData\Local\Temp\is-5QEFO.tmp\d48a3434a24405d844bdf70dcdb2e34d6ebefaab_0000569512.tmp" /SL5="$3005C,301866,58368,c:\users\user\downloads\d48a3434a24405d844bdf70dcdb2e34d6ebefaab_0000569512"
"schtasks.exe" /Create /TN tray-solution /SC ONLOGON /TR "C:\ProgramData\terrify-tempt\TGMacro.exe /trayMode" /F /DELAY 0001:00 /RL HIGHEST
"C:\Users\Dsaekeot\AppData\Local\Temp\is-NQNLF.tmp\be711f046f4147103c98639eba6ab26f90e2405c_0000569528.tmp" /SL5="$30142,301866,58368,c:\users\user\downloads\be711f046f4147103c98639eba6ab26f90e2405c_0000569528"
"C:\Users\Vtkclnit\AppData\Local\Temp\is-IJ0CE.tmp\58fa8ebfba2c0aa972eb0d8a9594840f75b9ff83_0000569512.tmp" /SL5="$10254,301866,58368,c:\users\user\downloads\58fa8ebfba2c0aa972eb0d8a9594840f75b9ff83_0000569512"
"C:\Users\Iftqxeqm\AppData\Local\Temp\is-R4P7P.tmp\008b39d6e0582c5c3124e681b0b80278e22507c3_0001898928.tmp" /SL5="$40188,1043242,799744,c:\users\user\downloads\008b39d6e0582c5c3124e681b0b80278e22507c3_0001898928"
"taskkill" https://setstat.ru/api/savePostback?chid=%s&guid=%s&type=vkdjbin.exe
"C:\Users\Dqzntwew\AppData\Local\Temp\is-1K17I.tmp\eb929bca37f2b878477bef383ec105f2c26f5ec6_0000569512.tmp" /SL5="$2013A,301866,58368,c:\users\user\downloads\eb929bca37f2b878477bef383ec105f2c26f5ec6_0000569512"
"C:\Users\Molezbqc\AppData\Local\Temp\is-DCS4V.tmp\05a274457603c2b3dd01bc898ed8be4b632b9ea2_0000569512.tmp" /SL5="$30220,301866,58368,c:\users\user\downloads\05a274457603c2b3dd01bc898ed8be4b632b9ea2_0000569512"
"C:\Users\Kfutunms\AppData\Local\Temp\is-OU7PV.tmp\044ba09e9850166be95f684f9f7428e58644cb15_0000569520.tmp" /SL5="$10240,301866,58368,c:\users\user\downloads\044ba09e9850166be95f684f9f7428e58644cb15_0000569520"
"C:\Users\Mkltlsvw\AppData\Local\Temp\is-SRDB5.tmp\9036e616733abc7817950e8530b39643558db71f_0000569512.tmp" /SL5="$2013E,301866,58368,c:\users\user\downloads\9036e616733abc7817950e8530b39643558db71f_0000569512"
"C:\Users\Vtlemxyu\AppData\Local\Temp\is-OKND3.tmp\76821f8692d9d89fae852de23b293addb3a207ab_0000569528.tmp" /SL5="$1027A,301866,58368,c:\users\user\downloads\76821f8692d9d89fae852de23b293addb3a207ab_0000569528"
"C:\Users\Olpuqdru\AppData\Local\Temp\is-I15OH.tmp\15badc58652d059fbe675ef50602bf9da3ccd0d8_0000569536.tmp" /SL5="$10242,301866,58368,c:\users\user\downloads\15badc58652d059fbe675ef50602bf9da3ccd0d8_0000569536"
"C:\Users\Suusemnw\AppData\Local\Temp\is-CU7G5.tmp\204fc419ecc39fc95a608b398098955ed7a5035f_0000569536.tmp" /SL5="$20138,301866,58368,c:\users\user\downloads\204fc419ecc39fc95a608b398098955ed7a5035f_0000569536"
"" TGMacro.exe
"C:\Users\Qhgpmdjq\AppData\Local\Temp\is-KF180.tmp\facc420902eff98e6ae2e27fcfd8c3286634b9ed_0000569504.tmp" /SL5="$20138,301866,58368,c:\users\user\downloads\facc420902eff98e6ae2e27fcfd8c3286634b9ed_0000569504"
"C:\Users\Mgygjaxz\AppData\Local\Temp\is-7RPSL.tmp\e53f94b132dfb2a4bdc10e14bc4ad7b1449a972f_0002209824.tmp" /SL5="$401FE,1125611,882176,c:\users\user\downloads\e53f94b132dfb2a4bdc10e14bc4ad7b1449a972f_0002209824"
"C:\Users\Ldrriqbf\AppData\Local\Temp\is-9G0TA.tmp\d952b879fb0598ac7a8e24356cb483f1dffac334_0002209840.tmp" /SL5="$40040,1125611,882176,c:\users\user\downloads\d952b879fb0598ac7a8e24356cb483f1dffac334_0002209840"
"C:\Users\Vzvtxpzh\AppData\Local\Temp\is-BL0S4.tmp\c7dccdcd5cd6a14023372cf800149320982c78f6_0002209800.tmp" /SL5="$60068,1125611,882176,c:\users\user\downloads\c7dccdcd5cd6a14023372cf800149320982c78f6_0002209800"
"C:\Users\Dbzpkajj\AppData\Local\Temp\is-LOQNG.tmp\1884b58975206fed358c02ee977ade6efd1c9c7f_0002209824.tmp" /SL5="$401F0,1125611,882176,c:\users\user\downloads\1884b58975206fed358c02ee977ade6efd1c9c7f_0002209824"
"C:\Users\Galuolqt\AppData\Local\Temp\is-QF5MC.tmp\f4ad35e7635fca9bdd85be9eb4bd870191de2469_0002209832.tmp" /SL5="$301E8,1125611,882176,c:\users\user\downloads\f4ad35e7635fca9bdd85be9eb4bd870191de2469_0002209832"
"C:\Users\Kvkglrsa\AppData\Local\Temp\is-V8N9M.tmp\3c9b585f74537ba2badacb90919bfdc1e2da8d73_0002209800.tmp" /SL5="$300FA,1125611,882176,c:\users\user\downloads\3c9b585f74537ba2badacb90919bfdc1e2da8d73_0002209800"
"C:\Users\Jpktcncc\AppData\Local\Temp\is-3T9MF.tmp\17f3c634b77c11a3f7bacf8b5a9c033e5cf3e565_0002209832.tmp" /SL5="$702A4,1125611,882176,c:\users\user\downloads\17f3c634b77c11a3f7bacf8b5a9c033e5cf3e565_0002209832"
"C:\Users\Kjkpopxo\AppData\Local\Temp\is-M7R6E.tmp\09aacce66d43341bf4f6cd90d9e3e32c97ee9726_0009201216.tmp" /SL5="$160348,8251553,121344,c:\users\user\downloads\09aacce66d43341bf4f6cd90d9e3e32c97ee9726_0009201216"
"C:\Users\Lytbdeqp\AppData\Local\Temp\is-BPACM.tmp\f81c8123b91033f6a6957baadbffa7310a848be7_0002209816.tmp" /SL5="$80398,1125611,882176,c:\users\user\downloads\f81c8123b91033f6a6957baadbffa7310a848be7_0002209816"
"C:\Users\Iqerfwsn\AppData\Local\Temp\is-0C899.tmp\096cf1cb881ecfa5ff7b78c44e4273fbeb3257c4_0000569520.tmp" /SL5="$20322,301866,58368,c:\users\user\downloads\096cf1cb881ecfa5ff7b78c44e4273fbeb3257c4_0000569520"

Trending

Most Viewed

Loading...