Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.MSIL.Gamehack.O

PUP.MSIL.Gamehack.O

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.MSIL.Gamehack.O
Signature status: No Signature

Known Samples

MD5: 7cbee7e66403c4e02a739c639ee2a5c5
SHA1: 58c4c8754a0cd92b2430333c8024656b0689432c
File Size: 296.45 KB, 296448 bytes
MD5: 38ef4ee67e0430567477fbf88120d1f6
SHA1: 0f56da503e0177875878c04ef496070126436a59
File Size: 69.63 KB, 69632 bytes
MD5: c636248449b825f188efae247466fc5e
SHA1: 026fc4c0973f267808bbbec0b1fb3752380684b0
File Size: 45.57 KB, 45568 bytes
MD5: e121187649f1e472f5656d2087689231
SHA1: f1e041d3b5ca0b34ebc699d3d7e6a226973d84d3
File Size: 3.29 MB, 3289737 bytes
MD5: e24093138b03f0aebc1e8b0830785b3b
SHA1: f47b806057f945d89396a09552ec2376ead8730c
File Size: 102.40 KB, 102400 bytes
Show More
MD5: 899c51e7d03792562ecf05d6f7ecfc3d
SHA1: eaa839534f442366c8d40d2be2a26159c3b78fd8
SHA256: 6B81A16E869D14FBBEB3CFB83487B7181B1206B2E111209FF196AD040A5F312B
File Size: 138.24 KB, 138240 bytes
MD5: 84aa4478535deaeb6f1aa5db5775f404
SHA1: d3d087e2f0563a0e81ee4e1be4f55f5259f668e8
SHA256: 4814033D71CC1096BD9E04EC4A54F79111978FCBB182EC46E15EB5781AEF3239
File Size: 34.30 KB, 34304 bytes
MD5: 665d37c04e5d66e7c53ac2cf518d8fc7
SHA1: 9eb1c73a8b7102be59c315b4e79f7953364b8bd5
SHA256: 578773699002EEF5360ADA61C361A32105F5EDF84FEF429966121AE5F2AC6D13
File Size: 34.82 KB, 34816 bytes
MD5: 77d7acf7ce8b0627008e800c24e4aade
SHA1: c8bcbe06a72c6512b4fc65258c7e6b16600a3667
SHA256: 15CC08C599CA7761C37F926B5D95B7F801E6C5D7511BF64799A99997DBE8B474
File Size: 152.06 KB, 152064 bytes
MD5: b2a373b38d04676cc1d69c99c5ecf8a9
SHA1: d344980e3d6a0005a4b2567170246e471ac1b1f1
SHA256: 7D39B03D1B2E0EABEB0EF989667FE333E611D65F29348E539DE7936DF6FBE72F
File Size: 34.82 KB, 34816 bytes
MD5: 87f6ae41b630e32b0d50ad16f2e9da8a
SHA1: 7a580699de053ea2df06197db6c57cb3d80d4fcf
SHA256: 8DAD583A6A57AFE20F0EE0D8E48998257ED54A656971D580F17E6A0227302D0A
File Size: 36.35 KB, 36352 bytes
MD5: eb10dd03127b09ee4b6a4812779b9671
SHA1: b5e841f2c82e78d76bd4768ef08812d3a3e6c109
SHA256: D029797B4179DE8BA30F1D5CB552CBBE8965A50B1E9A96EADE82EDC61079B356
File Size: 36.86 KB, 36864 bytes
MD5: eb65935d2edb8fb3fdca54064ac91c25
SHA1: 1f4cd61a6f1c39fe6f21e630abe110e6e0ef01d3
SHA256: AFFDF4EE3353DEBE4413000087DC63514D7260187E48B89AB489B6E6B45A8F86
File Size: 121.86 KB, 121856 bytes
MD5: 586d316955b38dd8595c4cd428c0dc53
SHA1: ee423bb280e1b8f90b2364d9ed5c9f91e54af014
SHA256: 69617EA96B5E95F8A36659BA06708367C32CE1F24EC86A909FD88316CE35E6DC
File Size: 37.89 KB, 37888 bytes
MD5: aaf1953e85c3819bf32a3074ade63e61
SHA1: d873d908ad19f57b2f7b6da034f00a677a9bc37d
SHA256: 281D1B1B38354F5D553ED62EC00E9826D7E09D61414FEF41FD9D404700326C79
File Size: 135.68 KB, 135680 bytes
MD5: 5767be225db0240eb96274fdfb7d0c81
SHA1: 6eae1b808adf6730b129363b7fc0de9dd1965954
SHA256: 15585CEF571C11F12903A6BD6961037DBB09DFEDDF6CB92103772950CF06D033
File Size: 39.94 KB, 39936 bytes
MD5: 86e923a5ee3baa1e843d1eeda186ce4b
SHA1: adadf486f5761a014f2c6913bfed82a746dbcf32
SHA256: AC268025932C4E7BBD1C35B3D2255F7810D9AE5BAA1387C10DC63DAEFECE0EC3
File Size: 42.50 KB, 42496 bytes
MD5: 417709ffea74558eb2eb4839d05759f0
SHA1: 2e33714691c972c4b222074e2057735bd0504b10
SHA256: 8AA6842C690BB9BEF6E02625E5BE25FD23C32A3530FEEE58611C826E53F6C478
File Size: 36.86 KB, 36864 bytes
MD5: e70545161e0684f3fb340850f2b92c33
SHA1: 3c6d1366d581cb5f9483ea065f5528bb5aa47bfc
SHA256: 69D45CF31D58E1CB09648BF087A57CB41E6F166C70BFB2E9A5BD815200806812
File Size: 86.02 KB, 86016 bytes
MD5: 209225f55f3833ae439cb74dd15adf84
SHA1: d1ca9a26de42be6387289c8338196b3e554d7b9b
SHA256: 3080166FAB3F2EDDE8D81427AE7D4FF954BB5DD3CEFAFBEB772EE70EF82BA5DC
File Size: 45.06 KB, 45056 bytes
MD5: a1879c79bb0cd3159ed11bfc8a28e411
SHA1: 4c752cf488e316aa8bf4954bcb56089061edb18c
SHA256: BDB901BA22E4F6DF2E72E798199D650BBAFFC5A6C258CA54A4BF137ED12000ED
File Size: 66.56 KB, 66560 bytes
MD5: 79018d53943154cda5061ed9a6ed581f
SHA1: f10411ae8f014b60001e2ff60e5be352b7ece73b
SHA256: 8BE35062195038E135DD146DB9E2CF8C07FE4404AB32A0712BAC9AD4CF54597E
File Size: 129.02 KB, 129024 bytes
MD5: 3f1af616caf25e4a9e2ab34ff3406f9d
SHA1: 829b347d4063146d2c1d5d7997bc2eb345fd50ca
SHA256: B7F15B9EC1B0098CF55D0ECCCBFC9228371419A8133A84CC54CF28556087F1A5
File Size: 235.70 KB, 235704 bytes
MD5: 77d092730bc5e0258945f7bc40a9b0ae
SHA1: 70eff82bc85f7b0d775b3a76545529216669c5d6
SHA256: 952D87B6B5279E8135E37B3AD68AD69EACFD5110DD06BB4BDB0BF6DD0B96B8E0
File Size: 126.98 KB, 126976 bytes
MD5: 261f8beafc8340759d355c163e4b73e6
SHA1: 2a1d5460b83c1f110350b5a89d8cc68b2d96a052
SHA256: 2751023E3EBE89C0B1E4E132A043E85228B3236C374DB1CCFE5769A6870818F6
File Size: 71.17 KB, 71168 bytes
MD5: b7afa876ed79f3511f97ade40c899d96
SHA1: d2392b9a6bed50bf9351fcb533e17828db23c6d5
SHA256: CA8329A3417FE828AA6F60BA98A192C5A982DD5C676F241BD571D27625117751
File Size: 49.66 KB, 49664 bytes
MD5: f87f3ca652352f7c249528d7544e331e
SHA1: 7915bca862fea0759d3741f5acdc51d8c5b3ebf2
SHA256: 66A574A6906E0703A81092344BA7CD6DDA8115496D001CFF37937B433943D47D
File Size: 33.79 KB, 33792 bytes
MD5: 4c251359ffb84f2962f03eaa2fa69ddf
SHA1: cd726681ab07a57b308569e86c7c0cb397db28c6
SHA256: 73AA24505A5D76AEE8FCEDFA5E0D98FD7B4B5768529C3945FA9D9B793DCEC48B
File Size: 99.84 KB, 99840 bytes
MD5: 9a1bd5039a955204b6b0c74f46c80725
SHA1: eea038d48040b3ad1e1d58582720e92bfbd80e74
SHA256: C6C570A553D17FC441E857F501EBD88CEC36DAB593AB3C3A7EFCAE20563E673C
File Size: 101.38 KB, 101376 bytes
MD5: e347f09ffe592d87dbef85d2fbfcf0b2
SHA1: 171f1e0629eb2ea3054d3c75ffe4b8a6c251265e
SHA256: 6A93C104E056397EFF8CA49BF18202A7C2F6FFCD50B8B4A34F495B3B6BED281C
File Size: 34.82 KB, 34816 bytes
MD5: 6ec146db50a5939a351e2889069d5894
SHA1: 0f2fbac3863984584586a34d5270448b079da60c
SHA256: 1DE6912E179AE6FF0BF320FEF9E1EBFB4B6192E377649F40D8AB49359C3DF484
File Size: 36.35 KB, 36352 bytes
MD5: c15db16098e72f950985e737c0a9ac84
SHA1: 4ec52d6907054b39b62af0543ec6b0402f82552a
SHA256: C7C91DE1665325FC617F7D3D558BB0F7EAD53D3175212206BCC6D588FE8DB0E3
File Size: 35.84 KB, 35840 bytes
MD5: 280793d8d867edd1315f7e1cf3d92944
SHA1: 3d313da32261aa1b97b87da323f2817adfde5eb5
SHA256: 6FB5085C48159174AF132145BC3B8DE711B9EBCEF601E8EBBE8D1450185C7BB2
File Size: 107.01 KB, 107008 bytes
MD5: 5a429367b952aef56082aaf6e699b92c
SHA1: bd92b54ee8476f1906829dc366a245211fe39869
SHA256: 07F44E6A70FCEF2DA176AB651AAE49B7662FA10D7F20B3D75A924B3F450B1F2C
File Size: 56.32 KB, 56320 bytes
MD5: 38039cf0b5a7c8333dec6534b109951c
SHA1: 998d60635b935a9d2cfc38a297a17a3c7e1adfba
SHA256: 5ED360C9D199E6C6D0C6DAF831B11BB29D1991140D0A1F7D648C4F2CE05A0BAD
File Size: 265.22 KB, 265216 bytes
MD5: 621505f372b9b4b6620a6fe0d882cb2f
SHA1: 9c70e25c60d9ab3cc3d01a9877549a03617244c8
SHA256: 949642C2F2A45D0A0A8FCB24643027C2FE664E9048615F8E8115338B1F0A09DB
File Size: 38.91 KB, 38912 bytes
MD5: 87d6fa8fc7a16294299e95c947284f0f
SHA1: 0ba2d281018661de2720cd3d97baabd3215c4dd0
SHA256: C0813F07CAC506794B9CDF95E526F9F4ABD97F336EF19727F6E1AD8957BCB167
File Size: 37.38 KB, 37376 bytes
MD5: 4f147c01a880ce1c659adf0d9ba2970c
SHA1: 27f2fb1e142a56763de4acbe5416e12434a12e77
SHA256: 521CFD7768EA2E47583EEE8E6944FB3EB8C9D8481C1511827E2B186D43923E44
File Size: 111.10 KB, 111104 bytes
MD5: 5aa7042dc12b896a171a22291a881691
SHA1: d209cd761bba133c57f0ffa2e23f65ebae9b1c65
SHA256: 8AC733277014DBA43467E3CFFF9D4E97957F33FDC1D277F2D946470632EC89FB
File Size: 45.06 KB, 45056 bytes
MD5: 6c66029bcab695b1ebf7c3b29d726fa1
SHA1: 03b26c921feb490de6e33843a8b2991cc342a1a3
SHA256: 869742F8E03634377A677FB46682908676AF34B55DD81C2884923AABCE5D08E9
File Size: 282.45 KB, 282448 bytes
MD5: bfdd9c6be02c0e2b0ce2ffe7537e71b7
SHA1: fa1e17334e4c9f5c251d34607b247365b521b471
SHA256: 0E19121752124C467F1DCB645D6204B424EF29ECDD68CC3871E7030BC5E1FE9D
File Size: 163.33 KB, 163328 bytes
MD5: 8fe7ee8dc6b73c9177be8f970f7b0cca
SHA1: 378358fe53ee81c30868442ac2b2d56bf174b1fa
SHA256: 17B5071FA7B3D60BF830FA951189EB3646AA5D758C99850FBCA402280EC001B5
File Size: 118.78 KB, 118784 bytes
MD5: be6f4db44a27b3e49714a412ccfee19c
SHA1: 4ddf5a0c36aa92816b3011b1a0cb4e4f8e8ecde9
SHA256: 57EBCC2274280970F15E4F603BA746ED1901E0F62DFB3634E231526AA325080A
File Size: 35.33 KB, 35328 bytes
MD5: ba2c7650531af79c9840befa65c47141
SHA1: eecbcb9ada04583eb6d49be5881e053a7e77bc8a
SHA256: B41E4DCDFA3587822770A2A46490EB4265AB9CE10095F4AC8952F321528DC5F4
File Size: 79.36 KB, 79360 bytes
MD5: 3d699ba78eaf8fd907000dc5ae85e862
SHA1: 9ef108595c37e7ba00819c21e685a9cd4de44260
SHA256: EE622D4DE79AFDE932BB8E3B881B7E588798B886B460C78BBF7401A6B785730D
File Size: 35.33 KB, 35328 bytes
MD5: 48f4464115e7af9f77a51e7e5fc55195
SHA1: b218e9320981b14106e26b15bdd8a1de3def641f
SHA256: 1449F7640926B39538AA710C3B2BA4C193E8D6DC2A54FF43447FD63B0B2D7BD3
File Size: 53.76 KB, 53760 bytes
MD5: 5b6a85ed39a8adb7937f9a43ac59c6bf
SHA1: 8f3a4d461e805f35b180be21d521d33fa6f87fbd
SHA256: 698B160631E7BA73D2962D6F96EB5B81FCB16B90F34385DAA4E95F3B70730E84
File Size: 34.30 KB, 34304 bytes
MD5: 6945fece7b0027829193e3599ceaf6e2
SHA1: 88ea17b3c56cc86470421134cfec6a139e2f1cb9
SHA256: A258822B46862B67D3F5348E93A56001BE847D4A8C4537305FA79C995CC67725
File Size: 39.42 KB, 39424 bytes
MD5: dbd38efde4850d9c9e6e9195f630d7c1
SHA1: 5fbf7e492a6e130b59de83c3e2b5263676abdd6e
SHA256: DBD764ACE47A10CB8A78F7DFACE24B67AC2BDB2267C8B9169BCC3F48A78332FD
File Size: 54.78 KB, 54784 bytes
MD5: 686424e7766a110267af4f5cf0b9a860
SHA1: 4cde2cf4624296d24ab3097dc7ae8ca2a41f271a
SHA256: A9005F076E8563BE66A0189DA35E56C6222CEDBD1E8DB6FFB71248CF0CDD187D
File Size: 63.49 KB, 63488 bytes
MD5: 2d00870a909bceb76f708cb475ad6e80
SHA1: 105e8248f93301b12b948dfee610b9a27ad9da57
SHA256: 8CBD2E011FD107396DF2E7D59C4520858E8BE7BCA72B6662E875D8729158CE1E
File Size: 71.68 KB, 71680 bytes
MD5: fcadbe338bb9ba37da44a118d3af87ed
SHA1: 33af3f42aeba3f816f896454f473dc28be311472
SHA256: 9A8C06D691C4C05A13B70F64321B0049442BF7F2813D7B6D3780DED456F86E3F
File Size: 50.18 KB, 50176 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

5 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 2025.8.7.0
  • 2024.10.28.1452
  • 666.0.0.0
  • 13.0.0.0
  • 6.9.0.0
  • 5.0.0.0
  • 3.0.0.2
  • 2.1.0.0
  • 2.0.0.6
  • 2.0.0.0
Show More
  • 1.104.0.0
  • 1.5.0.0
  • 1.4.3.0
  • 1.1.0.0
  • 1.0.0.0
  • 0.0.0.0
Comments
  • cc
  • KoaSplitTunnel.exe
  • Script para Aplicar politicas e configurações a usuarios no momento do Logon do Usuario no dominio.
Company Name
  • blackrock
  • cc - All rights reserved
  • Grupo Mateus
  • RoyalFloraHolland
File Description
  • Amdocs Laptop Recovery
  • Aplikácia na vytvorenie blokovania a odblokovania firewall pravidiel pre programy
  • cc
  • CheckList
  • DEVICE-TWEAKER-SECRET-TWEAK
  • fto
  • KoaSplitTunnel.exe
  • Lifenz Premium Optimizer
  • Mostrar Informações da Estação
  • Programa para Gravar Logs de uso dos sistemas
Show More
  • PS Logon Users AD
  • RustDesk - Questor Sistemas
  • testformtool
  • VMware guestOS Tool
  • WindowsUSB_Installer_by_Mggons
  • Обновление AnyDesk Portable · OvArt
File Version
  • 2025.08.07
  • 2024.10.28.1452
  • 666
  • 13.0
  • 6.9
  • 5.0
  • 3.0.0.2
  • 2.1
  • 2.0.0.6
  • 2.0.0
Show More
  • 1.104
  • 1.5.0.0
  • 1.4.3
  • 1.01
  • 1.0.0.0
  • 1.0.0
  • 1.0
  • 0.0.0.0
Internal Name
  • 1_install_persistence_of_stage_one_0a20d08f.exe
  • AmdocsPCReset.exe
  • AusNavTech-Updater.exe
  • AutoSetup.exe
  • añadir_exclusion.exe
  • bdet.exe
  • BPV_WinDeploy.exe
  • cc.exe
  • ClearStartMenuRecent.exe
  • collectProcess.exe
Show More
  • conexionNAS.exe
  • device-toggler.exe
  • DEVICE-TWEAKER-SECRET-TWEAK-FIX-011.exe
  • Disable Getting device.exe
  • disable_cytool_and_run_cleaner.exe
  • EA Denuvo Token Dumper.exe
  • enviar.exe
  • FirewallAppBlocker.exe
  • fto.exe
  • Get-NetAdapterInfo.exe
  • GravaLog.exe
  • HideRemoteAccessNoUAC.exe
  • Hostname e IPV4.exe
  • JoinDomain.exe
  • KoaSplitTunnel_v20241028.exe
  • LifenzLitePowerplan.exe
  • macguest.exe
  • MP3 Enumerator.exe
  • nvcontainer.exe
  • Patch_fix_Cype2020.exe
  • payload.exe
  • PreparaHD-Offline.exe
  • PS_Logon_User.exe
  • Questor-RustDesk-V143.exe
  • RainHotKey.exe
  • Reset-ChromePolicies.exe
  • RustdeskNSteste5.exe
  • sc.exe
  • script.exe
  • Setup-PosFormatacao_GOLD.exe
  • telegram_bot.exe
  • testformtool.exe
  • unlock_regedit.exe
  • update-anydesk-portable.exe
  • UpdateSummaryD5 Mat.exe
  • Win11_Encompass_fix.exe
  • Windows.USB.Creator.exe
  • Windows Security.exe
Legal Copyright
  • (c) 2023-2025 David Parsons
  • 2026 ~Patrik Dianiška
  • ALIX TECNOLOGIA
  • All rights reserved
  • All Rights Reserved.
  • blackrock
  • ECT - 2021
  • Grupo Mateus Copyright ©2025
  • JieYing
  • L0W LΛTENCY GΛM1NG (RU)
Show More
  • Peter Levy EUC-E
  • Questor Sistemas
  • Royal FloraHolland 2024
  • tonho888
  • © 2026 Lifenz
Legal Trademarks Royal FloraHolland 2024
Original Filename
  • 1_install_persistence_of_stage_one_0a20d08f.exe
  • AmdocsPCReset.exe
  • AusNavTech-Updater.exe
  • AutoSetup.exe
  • añadir_exclusion.exe
  • bdet.exe
  • BPV_WinDeploy.exe
  • cc.exe
  • ClearStartMenuRecent.exe
  • collectProcess.exe
Show More
  • conexionNAS.exe
  • device-toggler.exe
  • DEVICE-TWEAKER-SECRET-TWEAK-FIX-011.exe
  • Disable Getting device.exe
  • disable_cytool_and_run_cleaner.exe
  • EA Denuvo Token Dumper.exe
  • enviar.exe
  • FirewallAppBlocker.exe
  • fto.exe
  • Get-NetAdapterInfo.exe
  • GravaLog.exe
  • HideRemoteAccessNoUAC.exe
  • Hostname e IPV4.exe
  • JoinDomain.exe
  • KoaSplitTunnel_v20241028.exe
  • LifenzLitePowerplan.exe
  • macguest.exe
  • MP3 Enumerator.exe
  • nvcontainer.exe
  • Patch_fix_Cype2020.exe
  • payload.exe
  • PreparaHD-Offline.exe
  • PS_Logon_User.exe
  • Questor-RustDesk-V143.exe
  • RainHotKey.exe
  • Reset-ChromePolicies.exe
  • RustdeskNSteste5.exe
  • sc.exe
  • script.exe
  • Setup-PosFormatacao_GOLD.exe
  • telegram_bot.exe
  • testformtool.exe
  • unlock_regedit.exe
  • update-anydesk-portable.exe
  • UpdateSummaryD5 Mat.exe
  • Win11_Encompass_fix.exe
  • Windows.USB.Creator.exe
  • Windows Security.exe
Product Name
  • Amdocs PC Reset
  • cc
  • DEVICE-TWEAKER
  • Disable Getting Device
  • FirewallAppBlocker
  • Flash Trader
  • GravaLog
  • Hostname e IPV4
  • KoaSplitTunnel.exe
  • Lifenz Premium Optimizer
Show More
  • OC4VM
  • PS Logon Users AD
  • Rustdesk - Questor Sistemas
  • testformtool
  • update-anydesk-portable
  • WMI Provider Host
Product Version
  • 2025.08.07
  • 2024.10.28.1452
  • 666
  • 13.0
  • 6.9
  • 5.0
  • 3.0.0.2
  • 2.1
  • 2.0.0.6
  • 2.0.0
Show More
  • 1.104
  • 1.5.0.0
  • 1.4.3
  • 1.01
  • 1.0.0.0
  • 1.0.0
  • 1.0
  • 0.0.0.0

Digital Signatures

Signer Root Status
Sysadmin Automacao Sysadmin Automacao Self Signed
ft250v ft250v Self Signed

File Traits

  • .NET
  • HighEntropy
  • Installer Version
  • x64
  • x86

Block Information

Total Blocks: 65
Potentially Malicious Blocks: 21
Whitelisted Blocks: 44
Unknown Blocks: 0

Visual Map

0 0 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 x x x x 0 0 0 0 0 0 0 x 0 0 0 x 0 x x x x x 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.DllInject.MDA
  • MSIL.FakeMS.F
  • MSIL.FakeMS.FA
  • MSIL.FakeMS.L
  • MSIL.Gamehack.BAVB
Show More
  • MSIL.Gamehack.BAVG
  • MSIL.Gamehack.BAVH
  • MSIL.Gamehack.BAVI
  • MSIL.Gamehack.BOWG
  • MSIL.Gamehack.HM
  • MSIL.Gamehack.O
  • MSIL.Gamehack.OI
  • MSIL.Gamehack.OIA
  • MSIL.Gamehack.VA
  • MSIL.Marsilia.AE

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.133971986701310799.6140.defaultappdomain.58c4c8754a0cd92b2430333c8024656b0689432c_0000296448 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133972604501641146.4612.defaultappdomain.0f56da503e0177875878c04ef496070126436a59_0000069632 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133972712487467569.4252.defaultappdomain.026fc4c0973f267808bbbec0b1fb3752380684b0_0000045568 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133990218170884239.5868.defaultappdomain.f47b806057f945d89396a09552ec2376ead8730c_0000102400 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133997503409530534.5880.defaultappdomain.eaa839534f442366c8d40d2be2a26159c3b78fd8_0000138240 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134004720232992731.3728.defaultappdomain.d3d087e2f0563a0e81ee4e1be4f55f5259f668e8_0000034304 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134005292652818864.5912.defaultappdomain.9eb1c73a8b7102be59c315b4e79f7953364b8bd5_0000034816 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
Show More
\device\namedpipe\pshost.134005332230129105.5784.defaultappdomain.c8bcbe06a72c6512b4fc65258c7e6b16600a3667_0000152064 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134005793027650976.5004.defaultappdomain.d344980e3d6a0005a4b2567170246e471ac1b1f1_0000034816 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134010348721063971.4120.defaultappdomain.7a580699de053ea2df06197db6c57cb3d80d4fcf_0000036352 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134024258391085759.5728.defaultappdomain.b5e841f2c82e78d76bd4768ef08812d3a3e6c109_0000036864 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134024386930414574.164.defaultappdomain.1f4cd61a6f1c39fe6f21e630abe110e6e0ef01d3_0000121856 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134024617182773502.5432.defaultappdomain.ee423bb280e1b8f90b2364d9ed5c9f91e54af014_0000037888 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134025827072599471.1964.defaultappdomain.6eae1b808adf6730b129363b7fc0de9dd1965954_0000039936 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134035033465143817.1320.defaultappdomain.adadf486f5761a014f2c6913bfed82a746dbcf32_0000042496 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134038669471419804.3092.defaultappdomain.2e33714691c972c4b222074e2057735bd0504b10_0000036864 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134059027658718555.8064.defaultappdomain.3c6d1366d581cb5f9483ea065f5528bb5aa47bfc_0000086016 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134061028023348239.5340.defaultappdomain.d1ca9a26de42be6387289c8338196b3e554d7b9b_0000045056 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134065493232228491.2400.defaultappdomain.4c752cf488e316aa8bf4954bcb56089061edb18c_0000066560 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134076271646598602.3452.defaultappdomain.f10411ae8f014b60001e2ff60e5be352b7ece73b_0000129024 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134077868857434831.8120.defaultappdomain.829b347d4063146d2c1d5d7997bc2eb345fd50ca_0000235704 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134079536539410155.8416.defaultappdomain.70eff82bc85f7b0d775b3a76545529216669c5d6_0000126976 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134091376789094327.6472.defaultappdomain.2a1d5460b83c1f110350b5a89d8cc68b2d96a052_0000071168 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134091456484226799.5716.defaultappdomain.d2392b9a6bed50bf9351fcb533e17828db23c6d5_0000049664 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134100192252137884.4204.defaultappdomain.7915bca862fea0759d3741f5acdc51d8c5b3ebf2_0000033792 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134100769996534135.8480.defaultappdomain.cd726681ab07a57b308569e86c7c0cb397db28c6_0000099840 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134110039870356445.7668.defaultappdomain.171f1e0629eb2ea3054d3c75ffe4b8a6c251265e_0000034816 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134112349464355822.4164.defaultappdomain.0f2fbac3863984584586a34d5270448b079da60c_0000036352 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134133330246340927.504.defaultappdomain.bd92b54ee8476f1906829dc366a245211fe39869_0000056320 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134133645947856260.596.defaultappdomain.998d60635b935a9d2cfc38a297a17a3c7e1adfba_0000265216 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134147346574949390.8556.defaultappdomain.9c70e25c60d9ab3cc3d01a9877549a03617244c8_0000038912 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134148199918060199.5464.defaultappdomain.0ba2d281018661de2720cd3d97baabd3215c4dd0_0000037376 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134163952819598463.1048.defaultappdomain.27f2fb1e142a56763de4acbe5416e12434a12e77_0000111104 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134164246522542451.5280.defaultappdomain.d209cd761bba133c57f0ffa2e23f65ebae9b1c65_0000045056 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134167876113196995.7548.defaultappdomain.fa1e17334e4c9f5c251d34607b247365b521b471_0000163328 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134172115811885130.4696.defaultappdomain.4ddf5a0c36aa92816b3011b1a0cb4e4f8e8ecde9_0000035328 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134173173014981564.8120.defaultappdomain.eecbcb9ada04583eb6d49be5881e053a7e77bc8a_0000079360 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134175970216844558.3536.defaultappdomain.9ef108595c37e7ba00819c21e685a9cd4de44260_0000035328 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134181814356635631.4484.defaultappdomain.b218e9320981b14106e26b15bdd8a1de3def641f_0000053760 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134183434229269860.3552.defaultappdomain.8f3a4d461e805f35b180be21d521d33fa6f87fbd_0000034304 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134201860169622299.4620.defaultappdomain.88ea17b3c56cc86470421134cfec6a139e2f1cb9_0000039424 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134205720681241116.7888.defaultappdomain.5fbf7e492a6e130b59de83c3e2b5263676abdd6e_0000054784 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134207991147691566.732.defaultappdomain.4cde2cf4624296d24ab3097dc7ae8ca2a41f271a_0000063488 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134210461870143746.8660.defaultappdomain.105e8248f93301b12b948dfee610b9a27ad9da57_0000071680 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134213004689828534.7344.defaultappdomain.33af3f42aeba3f816f896454f473dc28be311472_0000050176 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\logs\checklist-resultado.txt Generic Write,Read Attributes
c:\logs\setup-posformatacao.log Generic Write,Read Attributes
c:\temp\rustdesk_combined.log Generic Write,Read Attributes
c:\users\administrator\desktop\testformtool\states.cgg Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\powershell\startupprofiledata-interactive Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_0xds0zdd.h3t.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_0yggjt11.mxk.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_0zpeooyu.knz.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_1b2wubcw.4fq.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_1tpnowkv.xh0.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_1zuqdehd.bmw.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_2y5cetde.bep.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3bds500t.fjr.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3bnkrwca.ceg.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3gfulxyl.vmw.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3jpmmaqc.ame.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_3op5p2ek.0eu.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_40wexx4n.zro.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_4iigb5d2.05w.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_4rvvh21e.z5p.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_4weoa543.mhs.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_5qauq10m.vuv.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_aoala5g2.hfg.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_atddqe4h.qxx.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_b120bsmp.gqf.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_bdrxvw3b.wy4.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_bgkswxpp.onx.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_bhwmu4hv.x52.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_bzfvkkh5.qog.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_bzssrurd.2i4.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_cfy0io1k.uhs.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_cmfkjhbm.gfk.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_cmil40ch.y3z.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_cpn40xth.hi4.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ddqifo2z.b3j.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_df0lejoy.3xn.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_di30cikr.w3g.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_dubvjmfq.uhn.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_efo4wkko.hxc.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_eiug3v5c.e1e.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ez5nmxj4.yoh.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ftscgson.0n0.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_g4crspts.o1h.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_harzapv5.rbk.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_hrfgq3gs.2j4.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_izzrsf5v.eak.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jn3512ec.mqy.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jsxwulj2.wgp.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jtjlh4af.uiw.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jvsmgsk1.umk.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_jxtdizno.qff.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_liw52eh1.z5w.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_lkxbtgnf.bcm.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_lzndah2r.clc.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_lzyrekst.2qf.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_mcc3ifcv.jc5.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_mj2fb5w5.nz5.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_mypxzf0f.14k.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_n1jo0lro.5ku.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_n1mfq2nk.sch.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ncxwb2lq.jqx.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_nf2gem0i.g3x.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_nsvlx243.dze.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_o2kii15g.miq.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_o3xsgkzj.bkj.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_odem31hp.kah.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_oibluc4z.kpn.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_orb3skmb.gmk.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_otvghtkl.ihw.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_oy5iellr.lqx.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_p045qdrx.duu.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_pdy3aaix.slz.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_pnirs5og.205.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_pytkcrl2.uoi.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_pzeaodn5.oui.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_quxh2n00.tb5.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_qwppfsfo.kbq.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_rg5s32jl.xkp.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_rho32mi3.ueo.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_sctyq14f.zi4.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_uirf1kx4.rhy.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_uuze50e1.ckl.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_uwkj4ppy.drd.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_uwlky4vz.mbn.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_vpdf3aq2.af4.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_vsqxhhup.dbh.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_vuufinkw.om0.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_vwmtsvdp.3tz.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_wcuvqmy0.pz1.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_wh1ke51h.hru.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_wuakaazo.eqh.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_xvexofwi.3ol.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_yncoc1e5.squ.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_zndjgumx.sfo.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_zw2pbsjk.s0n.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cn4egsqv\cn4egsqv.0.cs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cn4egsqv\cn4egsqv.cmdline Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cn4egsqv\cn4egsqv.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cn4egsqv\cn4egsqv.err Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cn4egsqv\cn4egsqv.out Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cn4egsqv\cn4egsqv.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\etwiipby\etwiipby.0.cs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\etwiipby\etwiipby.cmdline Generic Write,Read Attributes
c:\users\user\appdata\local\temp\etwiipby\etwiipby.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\etwiipby\etwiipby.err Generic Write,Read Attributes
c:\users\user\appdata\local\temp\etwiipby\etwiipby.out Generic Write,Read Attributes
c:\users\user\appdata\local\temp\etwiipby\etwiipby.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jbhur5bf\jbhur5bf.0.cs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\jbhur5bf\jbhur5bf.cmdline Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jbhur5bf\jbhur5bf.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\jbhur5bf\jbhur5bf.err Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jbhur5bf\jbhur5bf.out Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jbhur5bf\jbhur5bf.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\payload.hta Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\sg4fukkg\sg4fukkg.0.cs Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\sg4fukkg\sg4fukkg.cmdline Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sg4fukkg\sg4fukkg.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\sg4fukkg\sg4fukkg.err Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sg4fukkg\sg4fukkg.out Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sg4fukkg\sg4fukkg.tmp Generic Write,Read Attributes
c:\users\user\desktop\defenderexclusiontool\defendermenutool.ps1 Generic Write,Read Attributes
c:\users\user\downloads\dumper_log.txt Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 썢쇀ᦳǜ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
Show More
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 驯瑞ǜ RegNtPreCreateKey
HKLM\software\policies\microsoft\windows\windowsupdate\au::noautoupdate  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 땛ꖫǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe য়꣸ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 蚘囀쭤ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 俩쵴ǜ RegNtPreCreateKey
HKLM\system\setup::respecializecmdline RegNtPreCreateKey
HKLM\system\setup::workingdirectory RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\setup\sysprep\settings\sppnp::donotcleanupnonpresentdevices  RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\setup\sysprep\settings\sppnp::persistalldeviceinstalls  RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
Show More
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletion
  • ntdll.dll!NtRequestWaitReplyPort

154 additional items are not displayed above.

User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Process Shell Execute
  • CreateProcess
Network Winsock2
  • WSAConnect
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Info Queried
  • GetAdaptersAddresses
  • GetAddrInfo
  • GetHostName
  • GetNetworkParams
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • setsockopt
Network Winhttp
  • WinHttpOpen
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Service Control
  • ControlService
  • OpenSCManager
  • OpenService
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\WINDOWS\system32\HOSTNAME.EXE"
"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand
"C:\WINDOWS\system32\reg.exe" add HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 1 /f
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Bsjdvude\AppData\Local\Temp\etwiipby\etwiipby.cmdline"
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Bdgrvxzt\AppData\Local\Temp\cn4egsqv\cn4egsqv.cmdline"
Show More
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Ocfgwpyr\AppData\Local\Temp\sg4fukkg\sg4fukkg.cmdline"
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Wtocxonf\AppData\Local\Temp\jbhur5bf\jbhur5bf.cmdline"

Related Posts

Trending

Most Viewed

Loading...