Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.MSIL.Bundler.CB

PUP.MSIL.Bundler.CB

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.MSIL.Bundler.CB
Signature status: Hash Mismatch

Known Samples

MD5: 9afe4c60829382c912582e7f3a2bfad6
SHA1: deea89e204e1d06a5b619d13bbc50e8a6e53191b
SHA256: 029B9D82B2206F9BEDC54F417EB8F06DA587158E653FDA46D9FEF9AEB7A53E5D
File Size: 2.97 MB, 2970634 bytes
MD5: a159c87a02e6159f68ff9973938594e2
SHA1: 983e93c3cf40a9ca11699bcd28a9bfe0c25f89a9
SHA256: 4011DE4340FB27AC2BA91B642890D0D7693DF244798082E88DAD88354E0B21DD
File Size: 407.88 KB, 407880 bytes
MD5: ce6a5e264236468bbb07352046184d7a
SHA1: f10c274ba3f0f3e06ae70f23dff056a0dbb99d1a
SHA256: 2A47371BFAF850C58F176CBB1056D214C76446DCA22CB40D1EDF68A2B30EBF31
File Size: 298.23 KB, 298232 bytes
MD5: ff115426f6dd7f74e7c329bb06e495a0
SHA1: 42183e03f8a047b3d4f4159cd44e8cf02d227e70
SHA256: 3E251D5E217BB0DBC1F518D1528A58A4E11883E4E7F3F213BDF6F11A3A16E831
File Size: 2.97 MB, 2966564 bytes
MD5: 924328a204676a8584494fb85e8de5fe
SHA1: 45b58d2fc786f4413e45053e84ea830303fe27af
SHA256: 8A5907DCA9934D0F6D8F366FCC0D9A0784868576416A7DA75D30A0752D0323CA
File Size: 87.37 KB, 87368 bytes
Show More
MD5: 9af454ff44759d05bacbc252c0784646
SHA1: 3b235e90a252ea11fd77c9260018b8468e95082b
SHA256: D200DD77E759EB69EDA25F683443148EEDAD1E1D1621C495C741B95A17D8492C
File Size: 511.82 KB, 511816 bytes
MD5: 0c2827d950936d7ae751fbe54dea2b48
SHA1: 2a8ae9d00426ca8bbf543fe17b558c35ec3a0c21
SHA256: F287334F6B917CF9D917815A8911A1790B03EB86A0E6324D4479E111D5ABFA7E
File Size: 3.16 MB, 3163883 bytes
MD5: c478bde24cade0b241bab1f79679016e
SHA1: cb70311f7dd66d74f11f0dc5e3fa36de9380d577
SHA256: ED5293CB643FD9FB74AF4DF8B385250FC58A5C3ED9D88CC91AE59B1F5944B1A3
File Size: 3.16 MB, 3163136 bytes
MD5: 4ac6905995fd53ed09d0f6b2108108cd
SHA1: 95fe68638df3238a2969e23d7fec86204661c3ef
SHA256: 683A33C2FF5983C1A4C5C49263E13877CE52E63B04271811C001876E0A903CA6
File Size: 2.98 MB, 2982880 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 2.8.0.1671
  • 2.7.2.1622
  • 2.5.0.1009
  • 2.0.0.383
Comments adaware installer dll
Company Name
  • adaware
  • BitTorrent Inc.
File Description
  • DevLib
  • WizardPages
  • µTorrent
File Version
  • 3.5.5.45505
  • 3.5.5.45271
  • 3.5.5.44954
  • 3.5.4.44632
  • 2.8.0.1671
  • 2.7.2.1622
  • 2.5.0.1009
  • 2.0.0.383
Internal Name
  • DevLib.dll
  • uTorrent.exe
  • WizardPages.dll
Legal Copyright
  • @ adaware 2017
  • ©2018 BitTorrent, Inc. All Rights Reserved.
  • ©2019 BitTorrent, Inc. All Rights Reserved.
Original Filename
  • DevLib.dll
  • uTorrent.exe
  • WizardPages.dll
Product Name
  • DevLib
  • uTorrent
  • WizardPages
  • µTorrent
Product Version
  • 3.5.5.45505
  • 3.5.5.45271
  • 3.5.5.44954
  • 3.5.4.44632
  • 2.8.0.1671
  • 2.7.2.1622
  • 2.5.0.1009
  • 2.0.0.383

Digital Signatures

Signer Root Status
Lavasoft Software Canada DigiCert Assured ID Code Signing CA-1 Self Signed
Lavasoft Software Canada GlobalSign CodeSigning CA - G3 Self Signed
Bittorrent Inc GlobalSign CodeSigning CA - SHA256 - G3 Hash Mismatch
Bittorrent Inc GlobalSign CodeSigning CA - SHA256 - G3 Hash Mismatch
BitTorrent Inc Symantec Class 3 SHA256 Code Signing CA Hash Mismatch

File Traits

  • .NET
  • dll
  • Installer Version
  • RijndaelManaged
  • x86

Block Information

Similar Families

  • MSIL.Bundler.CB

Files Modified

File Attributes
c:\users\user\appdata\local\temp\7zs0456602f Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\00 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\00 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\00\111142ca6f04cef5a96c4632406483ce149617 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\00\111142ca6f04cef5a96c4632406483ce149617 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\09 Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\09 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\09\5a057d4a651ec412d06b59e32e9b02871592d5 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\09\5a057d4a651ec412d06b59e32e9b02871592d5 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\0b Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\0b Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\0b\a0ab35d7324c8a2af63693aa9d22e5165d459f Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\0b\a0ab35d7324c8a2af63693aa9d22e5165d459f Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\30 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\30 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\30\d74d258442c7c65512eafab474568dd706c430 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\30\d74d258442c7c65512eafab474568dd706c430 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\47 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\47 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\47\699e904c1e5076895823b80ff38d0a2e0092b0 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\47\699e904c1e5076895823b80ff38d0a2e0092b0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\a4 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\a4 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\a4\ad5c82f11b179ad7a97182a5aba671b30ef375 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\a4\ad5c82f11b179ad7a97182a5aba671b30ef375 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\b4 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\b4 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\b4\1e4307dd14a38322b6ace5a52df48ab16a428a Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\b4\1e4307dd14a38322b6ace5a52df48ab16a428a Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\bc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\bc Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\bc\daa390fe7a669370c8b86458415976dc156bb3 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\bc\daa390fe7a669370c8b86458415976dc156bb3 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\d1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\d1 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\d1\3aa9fc82cf856082eff7c72b05badbebdd97b8 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\.git\objects\d1\3aa9fc82cf856082eff7c72b05badbebdd97b8 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\2026.03.17_04.13.05.003496_installer_pid=7288.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\2026.03.17_04.13.05.003496_installer_pid=7288.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\bundleconfig.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\bundleconfig.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\carrier.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\carrier.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\de Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\de\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\de\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\devlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\devlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\en Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\en Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\en\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\en\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\es Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\es\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\es\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\fr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\fr\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\fr\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\genericsetup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\genericsetup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\genericsetup.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\genericsetup.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\installer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\it Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\it Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\it\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\it\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\microsoft.win32.taskscheduler.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\microsoft.win32.taskscheduler.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\pt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\pt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\pt\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\pt\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\ru Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\ru\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\ru\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\utorrent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\utorrent.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0456602f\wizardpages.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0456602f\wizardpages.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\2025.09.15_09.02.47.480413_installer_pid=5812.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\2025.09.15_09.02.47.480413_installer_pid=5812.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\bundleconfig.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\bundleconfig.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\carrier.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\carrier.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\de\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\de\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\devlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\devlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\en Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\en\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\en\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\es\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\es\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\fr\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\fr\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\genericsetup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\genericsetup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\genericsetup.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\genericsetup.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\installer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\microsoft.win32.taskscheduler.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\microsoft.win32.taskscheduler.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\ru\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\ru\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\utorrent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\utorrent.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs846b5000\wizardpages.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs846b5000\wizardpages.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\bundleconfig.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\bundleconfig.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\carrier.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\carrier.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\de Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\devlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\devlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\en Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\en Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\es Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\externalresource.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\externalresource.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\fr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\genericsetup.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\genericsetup.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\ru Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc0edaaa0\ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\2025.11.06_21.54.52.065141_installer_pid=5496.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\2025.11.06_21.54.52.065141_installer_pid=5496.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\bundleconfig.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\bundleconfig.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\carrier.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\carrier.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\de Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\de Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\de\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\de\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\devlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\devlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\en Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\en Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\en\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\en\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\es Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\es Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\es\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\es\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\fr Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\fr Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\fr\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\fr\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\genericsetup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\genericsetup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\genericsetup.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\genericsetup.exe.config Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\installer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\it Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\it Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\it\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\it\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\microsoft.win32.taskscheduler.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\microsoft.win32.taskscheduler.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\pt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\pt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\pt\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\pt\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\ru Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\ru Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\ru\devlib.resources.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\ru\devlib.resources.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\utorrent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\utorrent.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\wizardpages.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zsc6b45211\wizardpages.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscf130ffc Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscf130ffc\.git Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscf130ffc\.git Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zscf130ffc\.git\objects Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zscf130ffc\.git\objects Synchronize,Write Attributes

85 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 힦ȁ⻡龡^Ȁ紘ÇȪ獖}Ȋ좟Ê RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xahfhnff\AppData\Local\Temp\7zSC6B45211\de\devlib.resources.dll RegNtPreCreateKey
Show More
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xahfhnff\AppData\Local\Temp\7zSC6B45211\de\devlib.resources.dll\??\C:\Users\Xahfhnff\AppData\Local\Temp\7zSC6B452 RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • setsockopt
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetSecurityObject
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange

63 additional items are not displayed above.

User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
Other Suspicious
  • AdjustTokenPrivileges
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

.\installer.exe
runas C:\Users\Cfjpgnpk\AppData\Local\Temp\7zS846B5000\GenericSetup.exe C:\Users\Cfjpgnpk\AppData\Local\Temp\7zS846B5000\GenericSetup.exe husertype=Admin
runas C:\Users\Xahfhnff\AppData\Local\Temp\7zSC6B45211\GenericSetup.exe C:\Users\Xahfhnff\AppData\Local\Temp\7zSC6B45211\GenericSetup.exe

Related Posts

Trending

Most Viewed

Loading...