Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Zylom

PUP.Zylom

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Zylom
Signature status: No Signature

Known Samples

MD5: bcc012b8e3a9e5c35af69ca0db28ac54
SHA1: c1e5b2ecd14c192cda3e2633735798d762c95a57
File Size: 460.84 KB, 460841 bytes
MD5: 0420807e92d05979a5086904636dc134
SHA1: 350306d2c582dabbcefabaa1bd772c691846a06d
File Size: 369.01 KB, 369015 bytes
MD5: a659f2369f1c2e087515d6c1b33539bd
SHA1: 5179a1e9af0fd70e46a3b2f5205b3a83038dbf67
SHA256: CADF143F055EEA5CFB18CF932AF2E9E40364888D61430B4BF0C8F3C88586579A
File Size: 9.32 MB, 9317496 bytes
MD5: 926e0c648a94d498c8f8fb262f08a3cd
SHA1: c345091001df18c7f32d7f5830ddbb098d4ebd09
SHA256: 207A05DDC2FD59A6A81DEB9F9AE081BE777AA61E30EEDE34FBEF6FF7F0744A2F
File Size: 5.56 MB, 5564184 bytes
MD5: b86c151de22b1418b1796745199e7e81
SHA1: 68be9ac0f36df740ed25c6024033e7838bef7dd4
SHA256: 7488D96B7AF09429809FF8A157FB1923565D68DABA94E380EC4B8E94D2DC0183
File Size: 436.36 KB, 436363 bytes
Show More
MD5: b065e43903f4e6b339241151391f05af
SHA1: 3a5c5a05130e1fec771190ea5b2997bc9368c1d4
SHA256: 704976C67BB9BFF23B1AF79CD09443189F27FB7C0774F8DBB7CF0E6C7C985A2D
File Size: 419.94 KB, 419945 bytes
MD5: 7b1a6895698d3acf8484031b6e67646d
SHA1: 228096d9e514fc4cfb57cf95023afa3ddd46f8ba
SHA256: B8D11F2D1935878E53731DA999B53FA602E2583837EA64DF1B13A5236194A6BD
File Size: 332.16 KB, 332162 bytes
MD5: a10bfa31e55c7ab8ec9908c2fdad061d
SHA1: e35e6ce7d4560d0071865d3182d222f737134fbb
SHA256: 41C7DB97633BAAC3E1BA00101727E3956A3A7FF79E36C2845613F714897FD955
File Size: 706.99 KB, 706993 bytes
MD5: 4877b24acb8bdd02161da40fea700c24
SHA1: 597a66b0b5b56df07939c7b26d5ad7c15eb0da79
SHA256: A0C6809F147514ACFB2CDB7C4BF3A4956DA26A985E8FF0F74CDBA3C3A7800446
File Size: 440.37 KB, 440366 bytes
MD5: 52d0a8b1b9d33a5d6546508f8577349b
SHA1: d1a39a031f3b88d2cfeedb0f1f8613e538bf2741
SHA256: 7F9C6480E56B8E09F56C0A8BA7C6E62D773A4F3BC63D711B2AD990E10C9BCF5B
File Size: 344.33 KB, 344328 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
File Description
  • GameInst Application
  • Zylom Games
File Version 1, 0, 0, 1
Internal Name
  • GameInst
  • Zylom Games
Legal Copyright Copyright (C) 2004
Original Filename
  • GameInst.exe
  • Zylom Games
Product Name
  • GameInst Application
  • Zylom Games
Product Version 1, 0, 0, 1

Digital Signatures

Signer Root Status
RealGames Europe B.V. Class 3 Public Primary Certification Authority Root Not Trusted
Zylom Media Group B.V. Class 3 Public Primary Certification Authority Root Not Trusted

File Traits

  • HighEntropy
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 911
Potentially Malicious Blocks: 165
Whitelisted Blocks: 636
Unknown Blocks: 110

Visual Map

? x x 0 x x ? x ? 0 0 x 0 x 0 0 0 x x x x x 0 0 x ? 0 x 0 x x x x ? ? x x ? 0 0 x x x x x 0 0 0 0 ? x ? ? 0 0 0 0 0 x ? 0 0 0 0 0 0 0 0 0 0 x x x x x ? x 0 x x ? x x x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x ? ? ? ? x ? ? x x x 0 ? ? ? ? ? ? ? ? ? x x ? ? 0 0 0 0 0 ? ? ? x 0 0 ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? 0 ? 0 ? x x 0 0 0 0 x x ? x ? 0 x 0 0 0 ? 0 0 0 0 x x x x 0 ? ? ? ? ? ? ? ? x ? x ? ? ? ? 0 ? ? x ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x 0 x 0 ? ? x x ? 0 ? ? ? 0 ? x ? x x x ? 0 x ? x x x x x x x x x x 0 x 0 0 0 0 x x x x x x x x 0 0 x x x x x x 0 x x 0 0 0 x x x ? x 0 x 0 0 0 x x x x x x x 0 0 0 0 0 0 0 0 0 x x x ? x 0 ? x 0 ? x ? 0 x x x 0 0 x 0 0 x x x x 0 x x x x x ? 0 ? x 0 ? ? x ? ? ? x x ? ? 0 x x x x x x x x x x x x x 0 x x x x x x x ? x x x 0 0 x 0 0 0 0 x 0 0 x 0 0 0 x x 0 x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Emotet.RAFI
  • Wacapew.I

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\.zt431f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\.zt4ae0.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\.rz4330.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\entries Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\entries Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\entries Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\repository Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\repository Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\repository Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\root Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\root Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\cvs\root Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\doneinstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\doneinstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\doneinstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\doneuninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\doneuninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\doneuninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\annuleren_square.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\annuleren_square.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\annuleren_square.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\annuleren_square_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\annuleren_square_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\annuleren_square_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\bladeren_square.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\bladeren_square.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\bladeren_square.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\bladeren_square_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\bladeren_square_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\bladeren_square_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_annuleer.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_annuleer.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_annuleer.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_annuleer_over.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_annuleer_over.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_annuleer_over.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_ok.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_ok.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_ok.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_ok_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_ok_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_ok_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_start.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_start.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_start.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_start_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_start_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\button_start_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\code_bladeren.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\code_bladeren.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\code_bladeren.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\entries Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\entries Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\entries Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\repository Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\repository Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\repository Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\root Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\root Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\cvs\root Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\gametitle.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\gametitle.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\gametitle.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\loading.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\loading.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\loading.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\ok_square.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\ok_square.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\ok_square.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\ok_square_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\ok_square_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\ok_square_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\pijl.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\pijl.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\pijl.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\pijl_over.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\pijl_over.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\images\pijl_over.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\install.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\install.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\install.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\setup.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\setup.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\setup.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\entries Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\entries Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\entries Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\repository Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\repository Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\repository Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\root Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\root Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\cvs\root Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\reg_style.css Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\reg_style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\styles\reg_style.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\uninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\uninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\uninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\waitinstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\waitinstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\waitinstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\waituninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\waituninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylominstallertemp1761371680\waituninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\.rz4b00.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstall.html Synchronize,Write Data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstalldx.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstalldx.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstalldx.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneinstalldx.html Synchronize,Write Data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneuninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneuninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneuninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\doneuninstall.html Synchronize,Write Data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneinstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneinstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneinstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneinstalldx.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneinstalldx.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneinstalldx.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneuninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneuninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\doneuninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\images\footer.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\images\footer.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\images\footer.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\install.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\install.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\install.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\scripts\mm.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\scripts\mm.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\scripts\mm.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\setup.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\setup.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\setup.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\styles\reg_style.css Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\styles\reg_style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\styles\reg_style.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\uninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\uninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\uninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\unsupportedos.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\unsupportedos.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\unsupportedos.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\waitinstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\waitinstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\waitinstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\waituninstall.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\waituninstall.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\funpass\waituninstall.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\googletoolbar-de.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\googletoolbar-de.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\googletoolbar-de.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\gtapi.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\gtapi.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\gtapi.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\gtb.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\gtb.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\gtb\gtb.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images Generic Read,Write Data,Write Attributes,Write extended,Delete,LEFT 262144
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images Synchronize,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\annuleren_square.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\annuleren_square.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\annuleren_square.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\annuleren_square_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\annuleren_square_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\annuleren_square_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\bladeren_square.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\bladeren_square.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\bladeren_square.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\bladeren_square_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\bladeren_square_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\bladeren_square_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_annuleer.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_annuleer.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_annuleer.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_annuleer_over.jpg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_annuleer_over.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_annuleer_over.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_bladeren.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_bladeren.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_bladeren.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_bladeren_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_bladeren_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_bladeren_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_ok.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_ok.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_ok.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_ok_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_ok_over.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_ok_over.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_start.gif Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_start.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_start.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\.zylomisrtemp1759764263\images\button_start_over.gif Generic Read,Write Data,Write Attributes,Write extended,Append data

70 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\google\navclient::test test RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • ReadProcessMemory

Trending

Most Viewed

Loading...