Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Perinet

PUP.Perinet

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Perinet
Signature status: Modified signature

Known Samples

MD5: 61ada39dbcc867158d5ec55ec7121132
SHA1: 54da50d9f359c90ff8b1971afa08514da93e4672
File Size: 491.78 KB, 491784 bytes
MD5: 7be3c5eb30120a66c76d9d4d732c767c
SHA1: 033c9ddb26b90d26c784999e6ce4459d4e52060d
File Size: 491.78 KB, 491784 bytes
MD5: 6921ae925b2765c41779327062c592ec
SHA1: dba7186861a788ab26c70810eb0bb63a6ec6d1b6
SHA256: 1AD59C38AF6E4FE2C7B4FE2183A91E507B22822C8D4FE1DEA2E3E45BEB5EEE02
File Size: 491.78 KB, 491784 bytes
MD5: 030c8fad6ce2dceb5dd5a0895b2b3fb2
SHA1: 1ea23d670afbd97c0ba51e705af2968a69cd8676
SHA256: A083C767D328DF48C0E664E70FC29B430256B14CC5B19C215ED896AAAA8B1699
File Size: 489.29 KB, 489288 bytes
MD5: 985a8744fb86cd7b8481e9db1d8e7138
SHA1: a0a33ec73cb26b3e8f0deef6218fe46d576fb487
SHA256: 93C875A7EBE65F4A6FB1A7773F948262EF6104A2378ECB2D92FD3EA6E455AFC3
File Size: 491.78 KB, 491784 bytes
Show More
MD5: 0468d17881fcbb17ae1c4bb6a8e42427
SHA1: 7229f0b155244eaa436004e5441fab76174fb0b6
SHA256: D06760F950336171FFE3DC5016F560EE04C27DFED346A87CFDE3EDDEB1F44D5A
File Size: 491.78 KB, 491784 bytes
MD5: a75a949c097ae4e5133472c2430b9d57
SHA1: 7bc847795bcbf3ea686724443ab0eed9a01ca292
SHA256: 153B42780A87EA76769EAF682A1CC13CEDEA490CBB1B41FE943BE9C86F02F4BD
File Size: 491.78 KB, 491784 bytes
MD5: d7e6366be9650b5246ebd9224a739868
SHA1: d90a9aeaac29e95503176f52a7cbf719f3025e7f
SHA256: 20428052B5654AA32492BBBC010E72138762FCCA8F6116A03BC1AA02D71A889B
File Size: 491.78 KB, 491784 bytes
MD5: 97762f675e9f3dc0229028a666022d09
SHA1: dd8e3dabb70d46c9d13c7693226ffffe48d6e802
SHA256: 718509DE9B159C58CABEE48E72FC4C4FE39179550353ACCD56B7BB1327D100C1
File Size: 80.30 KB, 80296 bytes
MD5: 33552296da4805e7162b15eb2c5c32bf
SHA1: 2a675e278d6c9b09f88acfb585f8899a6a519879
SHA256: F6D6C02D5CDB15CAF93707DC59390123141380ED367BF721B6E8563700233F46
File Size: 491.78 KB, 491784 bytes
MD5: 51fbf114af7b65abf44ce8988da0813a
SHA1: 191c62826eabac2e353a22cd223605dd28c72704
SHA256: D73BFEC5D092095DE1F7258A10DC0C9741F748F756F341FCFFC0B4BA3AE7CA4C
File Size: 491.78 KB, 491784 bytes
MD5: 3aee11957ed709949e9d0b99b992e80b
SHA1: 3b17ec73c171113555cc4028f4838dc3d493ce17
SHA256: B53494E8EE24F7C844F451C5F402893DFAB996DC42EB8A76B183BAF04D67FFC4
File Size: 638.96 KB, 638960 bytes
MD5: 0d8b6ef84415719544f1818e968b2398
SHA1: bb334b505b951794c658bd6ca0fc7f49a4734080
SHA256: CFFE3AA8779CDE221EED65CE4CF87C28041E88F32CC34957ABC81FA400EFB6EA
File Size: 489.29 KB, 489288 bytes
MD5: 8ad212cb2dd028c2d0b8eebff4453368
SHA1: 4ecc3760331e5ee0f8d3271cbf8de49c18331348
SHA256: 76BDE8136955A37A23D87AC6D5AD1F852B29D254B72B59321F18A30C856C3DD9
File Size: 491.78 KB, 491784 bytes
MD5: ca370ec69b7a94ba6f3ad88709c80d22
SHA1: 58262394505f3860a45112884dd9ccce3d0b98c8
SHA256: 60B2D4A86EEA1041E841369841DEC5CA34DFB29E664EAA2647829CE7D55FF478
File Size: 491.78 KB, 491784 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name © 2014 ClientConnect Ltd.
File Description
  • IncrediAppRes DLL
  • IncrediMail Installer
  • Setup.exe
File Version
  • 8, 0, 0, 1368
  • 8, 0, 0, 1367
  • 8, 0, 0, 1360
  • 8, 0, 0, 1354
  • 6, 6, 0, 5259
Internal Name
  • IncrediAppRes
  • IncrediMail Installer
Legal Copyright
  • Copyright (C) 2003
  • Copyright (C) 2010
  • © 2014 ClientConnect Ltd.
Original Filename
  • IncrediAppRes.DLL
  • IncrediMail_Install.exe
  • SweetPlayer.exe
Product Name
  • IncrediAppRes Dynamic Link Library
  • IncrediMail Installer
  • Setup.exe
Product Version
  • 8, 0, 0, 1368
  • 8, 0, 0, 1367
  • 8, 0, 0, 1360
  • 8, 0, 0, 1354
  • 6, 6, 0, 5259
  • 1.4.0.1.140910.01

Digital Signatures

Signer Root Status
Perion Network Ltd. VeriSign Class 3 Code Signing 2010 CA Self Signed

Block Information

Total Blocks: 140
Potentially Malicious Blocks: 4
Whitelisted Blocks: 55
Unknown Blocks: 81

Visual Map

? ? 0 ? ? ? ? 0 ? ? 0 ? ? ? 0 0 0 0 0 0 x 0 0 ? 0 ? ? ? ? 0 ? ? ? x ? ? 0 ? ? ? ? 0 0 0 ? ? ? 0 ? 0 0 0 ? 0 0 0 ? ? 0 0 ? ? 0 0 ? 0 0 0 0 0 0 0 ? 0 ? x ? 0 0 0 0 1 1 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 1 ? ? x 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1702112\actionengine.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\ars.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\arscookies.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\autoupdateengine.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicparameters.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicproductparams.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicproductutils.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicscript.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\basicscript.xml Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\1702112\gui\api.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\api.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\jquery-1.3.2.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\jquery.localisation.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-ar.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-da.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-de.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-el.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-en.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-es.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-fi.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-fr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-he.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-hu.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-it.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-nb.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-nl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-pl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-pt.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-ru.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-sv.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings-tr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\language\splash-strings.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_center.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_left.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\loading_right.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\splash.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\splash.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\splash.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\gui\translation.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\instlangs.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\settings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\settings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\settings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-da.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-de.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-el.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-es.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-fi.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-fr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-hu.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-it.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-nb.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-nl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-pl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-pt.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-ru.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-sv.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\language\strings-tr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\productscorrelations.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\statistics.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\terms.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\uninstallsearchguard.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702112\utilities.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\actionengine.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\ars.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\arscookies.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\autoupdateengine.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicparameters.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicproductparams.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicproductutils.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicscript.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\basicscript.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\api.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\api.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\jquery-1.3.2.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\jquery.localisation.min.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-ar.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-da.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-de.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-el.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-en.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-es.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-fi.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-fr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-he.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-hu.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-it.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-nb.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-nl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-pl.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-pt.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-ru.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-sv.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings-tr.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\language\splash-strings.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_center.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_left.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\loading_right.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\splash.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\splash.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\splash.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\gui\translation.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\instlangs.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\settings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\settings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\settings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-da.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-de.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-el.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-en.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-es.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-fi.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-fr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-he.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-hu.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-it.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-nb.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-nl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-pl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-pt.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-ru.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-sv.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\language\strings-tr.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\productscorrelations.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\statistics.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\terms.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\uninstallsearchguard.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1702116\utilities.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\iminstaller\incredimail\injectparams.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsc71f.tmp\dm_loader.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\failed.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\fdmclient.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\nonesilentsuccess.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\proxy.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\success.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc71f.tmp\webapphost.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm70e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\~df504d9a329dc19b56.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\local settings\temp\iminstaller\bb334b505b951794c658bd6ca0fc7f49a4734080_0000489288.log Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid 225117eb-aaa2-48a9-ada0-a1a1f751ec59 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 艹樝䏁ǜ RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid a65274ff-fdc9-441d-9481-5402235e9146 RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::injectsuccesspage RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid b46b5d7a-0361-4daf-869d-9735ce7fa592 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䱞낢惷ǜ RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\main\featurecontrol\feature_browser_emulation::3b17ec73c171113555cc4028f4838dc3d493ce17_0000638960 RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.5794"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid e76736cc-d76c-4399-8a10-239b7295d77a RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid a95c8717-479e-4427-88b8-efd54e9d7d68 RegNtPreCreateKey
HKCU\software\iminstaller\incredimail::sessionguid b6e96760-34bc-46a5-8e12-859a5408f990 RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Winsock
  • gethostbyname
  • socket
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetUserName
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetSetOption
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

(NULL) icacls C:\Users\Yuvdnqrc\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\dd8e3dabb70d46c9d13c7693226ffffe48d6e802_0000080296.,LiQMAxHB
(NULL) icacls C:\Users\Bzntulrh\AppData\Local\Temp\Low /setintegritylevel (OI)(CI)low

Trending

Most Viewed

Loading...