PUP.Softcnapp.AB

Analysis Report

General information

Family Name: PUP.Softcnapp.AB
Signature status: Self Signed

Known Samples

MD5: 6eff77e5159561abb760143d6ee0d3eb
SHA1: 192e9e2ea3359b36508b5db2ef45bf8e6ba59783
File Size: 5.00 MB, 5003288 bytes
MD5: b9126e3beea5d5c68c633e0f9e195817
SHA1: 3900475b4923f560638734fe68f2a1e1dae09154
SHA256: 84B10DE148B5F5FE837303CF841956060663D5B5D905AAE73E6029FC8BA21C74
File Size: 4.53 MB, 4530792 bytes
MD5: 8adfc4f06b884ab8e068b674eaac80d1
SHA1: 2833846ef5de94eb2690427158b428996c318106
SHA256: E060AC0B20BAAAE75EE43789DFA95DBA9026C7CF80C01557B73568A99DF763CB
File Size: 1.73 MB, 1727488 bytes
MD5: c4206e4710806e2860c226303371d63f
SHA1: 547d80391263079f2e025a773fe0d313212e34da
SHA256: 267F35AE042E24D06D5E9D8EADBC757446C92BC0269E6556A7744481DF0D1C61
File Size: 5.30 MB, 5297544 bytes
MD5: f9cdec83cebc8004aca438bc2d5c3897
SHA1: 0e5512d94c0e32e58fc20b2aa368dd0c53ac84c8
SHA256: 69230DD891D94A869FDAF5C4636C9633EF36EB3BF4CDBBCAFE9FA77083DB2CD5
File Size: 3.83 MB, 3830384 bytes
Show More
MD5: 551263405b762e493272a33741f54d7a
SHA1: 06cc0a3e874b32f8021efd5a519b0e063b8cc017
SHA256: 5E19825ADE981A8BF6B15109F4BEF3785C0BF3A54A4650EDB97B849D6CFE8AFB
File Size: 5.60 MB, 5595352 bytes
MD5: 7a08ae434a0a134eacaa50ec773bac86
SHA1: 3db3e8fe98e84ed3067522b714ea608b2d6db8b7
SHA256: 3A29B559FB5CAC724B15FD5DDC24D6B96A6DE7E366F3A6C655049F6EEDB26FAA
File Size: 5.10 MB, 5095448 bytes
MD5: f00b512bf66a4c122b581ea2365fa1f7
SHA1: ebb920d5b464a37aaee5a4aaab9aca901bfa6204
SHA256: F28119F96FE673C80E72085A86E2724BC0D9054318B628A32646C4DDA46C0465
File Size: 4.52 MB, 4520960 bytes
MD5: f9579f267dbab5f46a55784a5b16eb0d
SHA1: 6a11acefd6f1f58405586c60d724f58cf6928372
SHA256: 4B8F396D71D368D8993702B8CE0481F32AC74DF76C31545BE311F670A0C40E4D
File Size: 4.70 MB, 4702304 bytes
MD5: f1bb88defc7f5b1e0cb52475b9df1436
SHA1: 31839a57a0032c2c534128b68b99eda9974e34e5
SHA256: 7E92BE1D877C878FF8BBF73AAEAED7EB50D7ED25D9D6F71119CAE04BD0CCD1C7
File Size: 3.51 MB, 3513128 bytes
MD5: 8aa5710a5a48b4d5a1e3592cfd627386
SHA1: a8e3e89fa1d1d9dc938db51fda5fdc97e0cbde28
SHA256: 2C0CCB4B470ED337AF903590854724B7B55EC10CB5A955ED9FFC8D700C66F1A4
File Size: 4.72 MB, 4718688 bytes
MD5: 1efe1a1f39ad445fb815863e21202b35
SHA1: c6396081ba43959cbdbeede6841c3542171f2a72
SHA256: 2195489CC6C6FA4581CA88AEEAE232070E3022954649920641A9B78C81747C58
File Size: 5.67 MB, 5665496 bytes
MD5: c944045050e46bcf6bc3159d2fb944e5
SHA1: 649a0403f777fe8c7a72704266cdf9730ddf7070
SHA256: 1130D5B104FA27BA2B864FC36959EEBA8E968B4C6194447F608C9C459F416378
File Size: 4.43 MB, 4434949 bytes
MD5: fb87c0ec9402bb3b0fae0f7e5c4870a2
SHA1: 60c91039596bc216a5892fb6f2c217943011cf8f
SHA256: 939E5BAB90B2B5AA81DABBC079240DE6A9828BEA9AB58C594DDE284EF0C84007
File Size: 4.06 MB, 4061992 bytes
MD5: c2d9f7c7eb88822615bbcd333388ecc4
SHA1: 2fa4cbebe7d6c71d5fd816e7f6251ac137dc6bde
SHA256: 3D669F04A6D493F68140BAC4662E99E3E3B0B48F7E1EA95C43986AF337579945
File Size: 5.25 MB, 5250288 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Company Name
  • XZ
  • 上海畅指网络科技有限公司
  • 成都奇鲁科技有限公司
File Description
  • CipherLock
  • DataLock
  • Player
  • 云电脑安装程序
  • 云电脑更新程序
  • 游戏微端
  • 雷电模拟器
File Version
  • 65535.0.260.1007
  • 2026,02,05,1
  • 2025,09,02,1
  • 9.1.75.0
  • 9.1.73.0
  • 9.1.46.1
  • 9.1.40.0
  • 9.1.38.0
  • 9.1.37.1
  • 9.1.23.1
Show More
  • 9.0.78.0
  • 1.1025.1100.903
  • 1.1025.1075.722
Internal Name
  • cipherlock_service.exe
  • datalock_service.exe
  • dnplayer.exe
  • ld
Legal Copyright
  • Copyright (C) 2016
  • Copyright (C) 2019
  • Copyright (C) 2025
  • 版权所有 鲁大师游戏
Original Filename
  • cipherlock_service.exe
  • datalock_service.exe
  • dnplayer.exe
  • Installer.exe
  • ld
  • Update.exe
Product Name
  • CipherLock
  • DataLock
  • Installer
  • Player
  • Update
  • 游戏微端
  • 雷电模拟器
Product Version
  • 65535.0.260.1007
  • 9.1.75.0
  • 9.1.73.0
  • 9.1.46.1
  • 9.1.40.0
  • 9.1.38.0
  • 9.1.37.1
  • 9.1.23.1
  • 9.0.78.0
  • 3.0.0.0
Show More
  • 1.1025.1100.903
  • 1.1025.1075.722

Digital Signatures

Signer Root Status
天津旗鱼网络科技有限公司 DigiCert SHA2 Assured ID Code Signing CA Self Signed
Shanghai Baizhi Network Technology Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Shanghai Chang Zhi Network Technology Co,. Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
成都奇鲁科技有限公司 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Hangzhou Shunwang Technology Co.,Ltd DigiCert Trusted Root G4 Root Not Trusted
Show More
Shanghai Baizhi Network Technology Co., Ltd. DigiCert Trusted Root G4 Hash Mismatch
Shanghai Chang Zhi Network Technology Co,. Ltd. DigiCert Trusted Root G4 Root Not Trusted

File Traits

  • 2+ executable sections
  • HighEntropy
  • imgui
  • Installer Version
  • No Version Info
  • x86

Block Information

Total Blocks: 22,421
Potentially Malicious Blocks: 188
Whitelisted Blocks: 18,810
Unknown Blocks: 3,423

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? ? 0 ? 0 1 1 0 1 ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? ? 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 0 ? ? 0 0 ? 0 0 ? ? ? 0 ? 0 0 0 0 ? 0 0 ? ? ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 ? ? 0 ? ? 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 ? ? 0 ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? x ? 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? ? 0 0 ? 0 ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 ? 0 ? 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 ? ? 0 0 0 ? ? 0 ? 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\cacert.pem Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\dat.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\dat.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\installer20260403.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\lefttitle.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\netlink.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\netlink.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\netlink.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\oem.png Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\playphoto.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\360netul\547d80391263079f2e025a773fe0d313212e34da_0005297544.netul.log Generic Write,Read Attributes
c:\users\user\appdata\roaming\microgame\netbridge.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microgame\netbridge.zip Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\microgame\netbridge.zip Synchronize,Write Attributes
c:\users\user\appdata\roaming\microgame\netbridge.zip Synchronize,Write Data
c:\users\user\appdata\roaming\microgame\netbridge.zip.temp Generic Write,Read Attributes
c:\users\user\appdata\roaming\microgame\utils\7z.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\cacert.pem Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\log\update20260109.log Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\com_key::user_id 6Sdt9LS1p4tLBHLhCa+3pwff8IJVyZzGMsCAPr2cajWw/5M8juyjJUgMWohVZzEvWZSDHJ9eV2H+Y3CSu8+W0g== RegNtPreCreateKey
HKCU\software\com_key::id_check RegNtPreCreateKey
HKLM\software\wow6432node\com_user::m2 RegNtPreCreateKey
HKLM\software\wow6432node\commaster::mid RegNtPreCreateKey
HKLM\software\wow6432node\commaster::m2 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob  ︗ꕰ಻葧듊ḋɡ໕ꃊᵓ䵫箙妼 `VeriSign Universal Root Certification AuthoritySB䀰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 4㈰ࠆثԁ܅ȃࠆ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43::blob 캇笋สI壡魱꠷犓쩭큛켍༜瀲퍙뉴ꚜ엣ꘊS@㸰ἰआ虠ňﶆɬ、〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 4㈰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ăࠆثԁ܅ࠃb 逾떙币䢏lᆝ﨡㖺襚槟Ṗ옽尲 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob 涭␛㄁豪␳礶㗊蝦ひきﮥ㮇꜏띻名~쀀⼃ǖ魃前涐ꃷ焗⧗蝒댣瞶槺䝈原픒㈇ݶ韑ᤇᐰࠆثԁ܅̃ࠆثԁ܅ăb 餣ᅖꔧ╱賞ൡ⿟碠좵缆艎邂뢿㱋 4㈰ࠆثԁ܅ȃࠆثԁ܅̃ࠆث RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob 궎Ƶ䶪ᶌᦕ ︗ꕰ಻葧듊ḋɡ໕ꃊᵓ䵫箙妼 `VeriSign Universal Root Certification AuthoritySB䀰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\3679ca35668772304d30a5fb873b0fa77bb70d54::blob \ࠀ涭␛㄁豪␳礶㗊蝦ひきﮥ㮇꜏띻名~쀀⼃ǖ魃前涐ꃷ焗⧗蝒댣瞶槺䝈原픒㈇ݶ韑ᤇᐰࠆثԁ܅̃ࠆثԁ܅ăb 餣ᅖꔧ╱賞ൡ⿟碠좵缆艎邂뢿㱋 4㈰ࠆثԁ܅ RegNtPreCreateKey
HKCU\software\com_key::user_id FRiUHCqJT7wtBFxJK/KmHG8oXf2f8Y2StQ54HLZ3Fswb7dgGBLkhGFH6bETdzpEhiZJ2H4MS6crANFdWerz+nQ== RegNtPreCreateKey
HKCU\software\com_key::id_check RegNtPreCreateKey
HKLM\software\wow6432node\com_user::m2 RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSASocket
  • WSAStartup
Network Info Queried
  • GetAdaptersAddresses
  • GetAdaptersInfo
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • gethostname
  • recv
  • send
  • setsockopt
Anti Debug
  • NtQuerySystemInformation
Network Winhttp
  • WinHttpOpen
Encryption Used
  • BCryptOpenAlgorithmProvider
Network Wininet
  • HttpOpenRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetSetOption
User Data Access
  • GetUserDefaultLocaleName
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...