Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Agent.OIC

Trojan.Agent.OIC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 5,277
Threat Level: 80 % (High)
Infected Computers: 573
First Seen: December 29, 2023
Last Seen: March 3, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Agent.OIC
Packers: UPX!
Signature status: No Signature

Known Samples

MD5: 1c097f72ef8a7900ab146e88c9d8980f
SHA1: 310005ca011348fd7e99637d39e69bb02e64870d
File Size: 1.08 MB, 1078272 bytes
MD5: 2461bf462dcf5663d99a3b221dc10969
SHA1: 7897b7b8670a6c2bedee60b9ffe97f2840386bdf
File Size: 452.94 KB, 452935 bytes
MD5: 94e85be24fb1275197befa80986a5afb
SHA1: 71ecfefd0cd07066c81c81eafd57903b0c02689e
File Size: 285.18 KB, 285184 bytes
MD5: 9135a62426155ade541df29878ee1209
SHA1: f80eef522a36c4e167fd8d5cc3f77a0d78b5ca13
SHA256: DFE67A34BF2D3D870014C2F519DE9C5EA43C58E9CFC4CA5823CE01C55D670BA3
File Size: 300.94 KB, 300936 bytes
MD5: b8d6a9d1e6e9d82a4144d895b954c519
SHA1: 4a5eefb9dd9a37bba6796bf20db333c491061db8
SHA256: 8B315342C794682D7CA9D58DA84F0F9C7F42AFB472C255B977A0215417F7DF9F
File Size: 325.13 KB, 325128 bytes
Show More
MD5: 4262bd7bbbabbe2828eb4cb3620fee0c
SHA1: 8612bd60d7c23b8e84a95d53fafd485e9901a0a4
SHA256: 348B3426E919C05547D079C1F19ECC813408B372C4151046AB216B5A11F3CD19
File Size: 1.04 MB, 1038592 bytes
MD5: fc06d9ec56dd0b53e74c45ff287163fc
SHA1: 13d679fb3591354d07c4539d33875c37ffbb222c
SHA256: 5134FC046F94A74C987E6687BE3F7938EBBB4FC112F452F0423740FEA6C2BB7F
File Size: 3.65 MB, 3652897 bytes
MD5: 9fcd41767fb68facef67ac096719869d
SHA1: 540769c22256309c443dfb542fca83e41798d9b6
SHA256: 66F175BCCC377DBE3D17CB8729AD4E769973815ED857A916E85FDC4265BD1950
File Size: 1.04 MB, 1040224 bytes
MD5: 273daffaf24dbc48fde8fe5ac971166a
SHA1: 6569c26b0ad27f675e946c585fa70794ae263fc8
SHA256: C50B435F5463AE28ECA6B18D57EB75645BC0156E2145F7D96FA77CA998563A9C
File Size: 697.18 KB, 697184 bytes
MD5: 3350056b9409b7134416f5426412316e
SHA1: a861a546a3c07784c8f4c5d88907ae382689f52b
SHA256: F718A9B92B200BB8DB95DF7EE85CF27FCA402A1C5D821D79AC04ECA78A15B1EF
File Size: 1.04 MB, 1040224 bytes
MD5: 3fbaae5a4884090b3ef2babdbfb82356
SHA1: 221874d6d895663e60d71bacb7377e5abe85612c
SHA256: 9EEB6B6DE1213A8A2F96CF8CA9F4DCA8B618CC0DE8CDA6584B18FD16E0A2A4C8
File Size: 691.28 KB, 691280 bytes
MD5: 9ad22dee095e5ce60c1c6a4cbb4db174
SHA1: 9cf3f7e5cd42eff4c3572e4820cb740f57892b5a
SHA256: 3D92C98D9698B230DAA7144B621DD4810781187B2E5278E973CB899C1804B597
File Size: 388.37 KB, 388368 bytes
MD5: 65ee023d3bcc6b859c026d7901408f3a
SHA1: 5105d3df5dadf4b8733b201b0167fa0cafa0b7be
SHA256: 8FFD0F86239C412F2754CED121EA0BB6B701CD68818B8A5884AC5C48B54DD806
File Size: 454.77 KB, 454770 bytes
MD5: d4095c2d148a9bbd5e14f99c854bec7f
SHA1: ec4ff5eeab3a4dc1323ed320c5dd8339b5b2702b
SHA256: 37C0DC5D85FA967D2CBE2DE6C17F6F36C7DB3B6E073CAD622D3D18CDBCACA57D
File Size: 328.20 KB, 328200 bytes
MD5: a8bb9b8e5df30ffd01c10140b84a4452
SHA1: 779738926a7990849c10e4cee71c648dc56a105f
SHA256: 7A2469154AA5A661D2F02F7799508BB0DF72F633042DE9A119817D591EE66D47
File Size: 1.00 MB, 1002888 bytes
MD5: 4ab6321e76796d4e03a387d3497ad965
SHA1: 3506d1ae85c1256ee4974101a09383e4fd7fa906
SHA256: 332E572E95F4B5E7A5765DCC319429F9DA6DBB1B8B95D09054096AC6DED7D04E
File Size: 1.10 MB, 1099776 bytes
MD5: 61b67068d026c80b96398ffe18e3824c
SHA1: a2bb1e487346221ef75dfa1d3407e40f1f2d7ecf
SHA256: A219829CD21B16CE4F8EA45EB2816AD230B36A7CBBA4FAB48F7987AA0326797B
File Size: 1.09 MB, 1092096 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • BNa Si
  • H.D.S. Hungary
File Description
  • Hard Disk Sentinel
  • Hard Disk Sentinel Control
  • Hard Disk Sentinel Project Engine
File Version
  • 6.40.0.0
  • 6.30.0.0
  • 6.20.0.0
  • 6.0.1.0
  • 5.70.0.0
  • 5.50.0.0
  • 5.40.0.0
  • 1.00
  • 1.0.0.0
Internal Name
  • HDSentinel
  • TJprojMain
Legal Copyright Copyright © H.D.S. Hungary
Legal Trademarks <none>
Original Filename
  • Be Na
  • HardDiskSentinelUpdate.exe
  • HDSAction.exe
  • HDSCtrl.exe
  • TJprojMain.exe
Product Name
  • Hard Disk Sentinel
  • Na Li
  • Project1
Product Version
  • 6
  • 5
  • 1.00
  • 1.0.0.0

File Traits

  • .UPX
  • 2+ executable sections
  • HighEntropy
  • packed
  • upx
  • UPX!
  • x86

Block Information

Total Blocks: 10,021
Potentially Malicious Blocks: 398
Whitelisted Blocks: 9,386
Unknown Blocks: 237

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.OIC
  • BadJoke.XA
  • Banload.XB
  • Crypt.B
  • Delf.UC
Show More
  • Delf.XA
  • Delf.XB
  • FareIt.LA
  • Fareit.LC
  • Injector.DFF
  • Injector.DGB
  • Injector.FCG
  • Injector.FHBA
  • Injector.FHBC
  • Injector.GDSA
  • Injector.KFAD
  • Injector.KFF
  • Injector.KFTA
  • Injector.KI
  • Injector.KKF
  • Injector.KPA
  • Injector.KS
  • Injector.KZP
  • Injector.XN
  • Nanobot.FB
  • Nockat.A
  • Nussamoc.A
  • Sckeylog.C

Files Modified

File Attributes
c:\users\user\appdata\local\temp\5088yyec.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\5088yyec.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\afaapi.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\afaapi.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\code.7z Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\code.7z Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch-dnl2.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch-dnl2.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch2.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\dch2.txt Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\deta.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\deta.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detect.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detjm.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detjm.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\detw64.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.hdi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\diskdata_wdc_wd2500bekt-60v5t1_wd-wx51a20y9119_12.01a12.hdi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\en.lng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\en.lng Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\enpro.lng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\enpro.lng Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdd.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdd.jpg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsaction.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsaction.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsctrl.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsctrl.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.key Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.key Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsh Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsh Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsentinel.vsx Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsversion.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\hdsversion.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\libeay32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\libeay32.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\na.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\na.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\removehds7.vbs Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\removehds7.vbs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ssleay32.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ssleay32.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\status.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\status.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusb.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusb.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusg.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusg.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusn.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusn.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusw.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\statusw.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storagetest.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storagetest.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storarc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storarc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storectrl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storectrl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir-2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir-2.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\storelibir.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\uk.lng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\uk.lng Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ukpro.lng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\ukpro.lng Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_status.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_status.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusb.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusb.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusg.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusg.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusn.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusn.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusw.icd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\vista_statusw.icd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\winsched.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nasi boot\hdsentinel\winsched.txt Synchronize,Write Attributes
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ¿ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://ilserbilgisayar.com/image.gifhttp://02dea25.netsolhost RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 奆 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 ࣁ RegNtPreCreateKey
HKCU\software\apcr::u2_1 涣牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 ヘ RegNtPreCreateKey
HKCU\software\apcr::u2_2 晴 RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 眸䭕 RegNtPreCreateKey
HKCU\software\apcr::u2_3 䰪地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 侼崟 RegNtPreCreateKey
HKCU\software\apcr::u2_4 튁즕 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 琣ࢾ RegNtPreCreateKey
HKCU\software\apcr::u2_5 占㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 ᇎ瞻 RegNtPreCreateKey
HKCU\software\apcr::u2_6 郋깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 う忊 RegNtPreCreateKey
HKCU\software\apcr::u2_7 ょ⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 珞蒨 RegNtPreCreateKey
HKCU\software\apcr::u2_8 蕾錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 穧飫 RegNtPreCreateKey
HKCU\software\apcr::u2_9 Ⳍ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 䃩㓖 RegNtPreCreateKey
HKCU\software\apcr::u2_10 鱄矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 ԥ RegNtPreCreateKey
HKCU\software\apcr::u2_11  RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\apcr::u1_12 꽲箾 RegNtPreCreateKey
HKCU\software\apcr::u2_12 痂峁 RegNtPreCreateKey
HKCU\software\apcr::u3_12 ͕巂 RegNtPreCreateKey
HKCU\software\apcr::u4_12 楼峁 RegNtPreCreateKey
HKCU\software\apcr::u1_13 ⍤ꗓ RegNtPreCreateKey
HKCU\software\apcr::u2_13 얆켦 RegNtPreCreateKey
HKCU\software\apcr::u3_13 뛘츥 RegNtPreCreateKey
HKCU\software\apcr::u4_13 RegNtPreCreateKey
HKCU\software\apcr::u1_14 꿳⍹ RegNtPreCreateKey
HKCU\software\apcr::u2_14 䩖䆌 RegNtPreCreateKey
HKCU\software\apcr::u3_14 㩏䂏 RegNtPreCreateKey
HKCU\software\apcr::u4_14 偦䆌 RegNtPreCreateKey
HKCU\software\apcr::u1_15 潸暪 RegNtPreCreateKey
HKCU\software\apcr::u2_15 RegNtPreCreateKey
HKCU\software\apcr::u3_15 ꧲닲 RegNtPreCreateKey
HKCU\software\apcr::u4_15 쏛돱 RegNtPreCreateKey
HKCU\software\apcr::u1_16 辙 RegNtPreCreateKey
HKCU\software\apcr::u2_16 ⡕♗ RegNtPreCreateKey
HKCU\software\apcr::u3_16 嵹❔ RegNtPreCreateKey
HKCU\software\apcr::u4_16 㝐♗ RegNtPreCreateKey
HKCU\software\apcr::u1_17 灱瑼 RegNtPreCreateKey
HKCU\software\apcr::u2_17 諠颼 RegNtPreCreateKey
HKCU\software\apcr::u3_17 샬馿 RegNtPreCreateKey
HKCU\software\apcr::u4_17 ꫅颼 RegNtPreCreateKey
HKCU\software\apcr::u1_18 RegNtPreCreateKey
HKCU\software\apcr::u2_18 jଢ RegNtPreCreateKey
HKCU\software\apcr::u3_18 琓ਡ RegNtPreCreateKey
HKCU\software\apcr::u4_18 Ḻଢ RegNtPreCreateKey
HKCU\software\apcr::u1_19 ୬Ꭱ RegNtPreCreateKey
HKCU\software\apcr::u2_19 舨綇 RegNtPreCreateKey
HKCU\software\apcr::u3_19 ﮆ粄 RegNtPreCreateKey
HKCU\software\apcr::u4_19 醯綇 RegNtPreCreateKey
HKCU\software\apcr::u1_20 ⃧ RegNtPreCreateKey
HKCU\software\apcr::u2_20 ᒬ RegNtPreCreateKey
HKCU\software\apcr::u3_20 漍 RegNtPreCreateKey
HKCU\software\apcr::u4_20 Ԥ RegNtPreCreateKey
HKCU\software\apcr::u1_21 浐炪 RegNtPreCreateKey
HKCU\software\apcr::u2_21 摾扒 RegNtPreCreateKey
HKCU\software\apcr::u3_21 ኰ捑 RegNtPreCreateKey
HKCU\software\apcr::u4_21 碙扒 RegNtPreCreateKey
HKCU\software\apcr::u1_22 㓇ᕈ RegNtPreCreateKey
HKCU\software\apcr::u2_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u3_22 蘧햴 RegNtPreCreateKey
HKCU\software\apcr::u4_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u1_23 陑 RegNtPreCreateKey
HKCU\software\apcr::u2_23 䙄䜝 RegNtPreCreateKey
HKCU\software\apcr::u3_23 㖪䘞 RegNtPreCreateKey
HKCU\software\apcr::u4_23 徃䜝 RegNtPreCreateKey
HKCU\software\apcr::u1_24 錢̱ RegNtPreCreateKey
HKCU\software\apcr::u2_24 릂 RegNtPreCreateKey
HKCU\software\apcr::u3_24 룑뢁 RegNtPreCreateKey
HKCU\software\apcr::u4_24 틸릂 RegNtPreCreateKey
HKCU\software\apcr::u1_25 쎱Ŝ RegNtPreCreateKey
HKCU\software\apcr::u2_25 叶⯨ RegNtPreCreateKey
HKCU\software\apcr::u3_25 ⱄ⫫ RegNtPreCreateKey
HKCU\software\apcr::u4_25 䙭⯨ RegNtPreCreateKey
HKCU\software\apcr::u1_26 埇䳅 RegNtPreCreateKey
HKCU\software\apcr::u2_26 Ʝ鹍 RegNtPreCreateKey
HKCU\software\apcr::u3_26 폋齎 RegNtPreCreateKey
HKCU\software\apcr::u4_26 맢鹍 RegNtPreCreateKey
HKCU\software\apcr::u1_27 ﵣ湺 RegNtPreCreateKey
HKCU\software\apcr::u2_27 ଓႳ RegNtPreCreateKey
HKCU\software\apcr::u3_27 䝾ᆰ RegNtPreCreateKey
HKCU\software\apcr::u4_27 ⵗႳ RegNtPreCreateKey
HKCU\software\apcr::u1_28 믶鷲 RegNtPreCreateKey
HKCU\software\apcr::u2_28 苓茘 RegNtPreCreateKey
HKCU\software\apcr::u3_28 쫥舛 RegNtPreCreateKey
HKCU\software\apcr::u4_28 ꃌ茘 RegNtPreCreateKey
HKCU\software\apcr::u1_29 왿鐩 RegNtPreCreateKey
HKCU\software\apcr::u2_29 ན RegNtPreCreateKey
HKCU\software\apcr::u3_29 繨 RegNtPreCreateKey
HKCU\software\apcr::u4_29 ᑁ RegNtPreCreateKey
HKCU\software\apcr::u1_30 喈ꊽ RegNtPreCreateKey
HKCU\software\apcr::u2_30 鷚柣 RegNtPreCreateKey
HKCU\software\apcr::u3_30 曠 RegNtPreCreateKey
HKCU\software\apcr::u4_30 螶柣 RegNtPreCreateKey
HKCU\software\apcr::u1_31 ⤕ᴖ RegNtPreCreateKey
HKCU\software\apcr::u2_31 RegNtPreCreateKey
HKCU\software\apcr::u3_31 RegNtPreCreateKey
HKCU\software\apcr::u4_31 RegNtPreCreateKey
HKCU\software\apcr::u1_32 ᛵ RegNtPreCreateKey
HKCU\software\apcr::u2_32 眺䲮 RegNtPreCreateKey
HKCU\software\apcr::u3_32 ҉䶭 RegNtPreCreateKey
HKCU\software\apcr::u4_32 溠䲮 RegNtPreCreateKey
HKCU\software\apcr::u1_33 㣍﫝 RegNtPreCreateKey
HKCU\software\apcr::u2_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u3_33 蠼븐 RegNtPreCreateKey
HKCU\software\apcr::u4_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u1_34 相혀 RegNtPreCreateKey
HKCU\software\apcr::u2_34 䌄ㅹ RegNtPreCreateKey
HKCU\software\apcr::u3_34 㾣ぺ RegNtPreCreateKey
HKCU\software\apcr::u4_34 喊ㅹ RegNtPreCreateKey
HKCU\software\apcr::u1_35 RegNtPreCreateKey
HKCU\software\apcr::u2_35 톟ꏞ RegNtPreCreateKey
HKCU\software\apcr::u3_35 ꋖꋝ RegNtPreCreateKey
HKCU\software\apcr::u4_35 죿ꏞ RegNtPreCreateKey
HKCU\software\apcr::u1_36 RegNtPreCreateKey
HKCU\software\apcr::u2_36 ⊢ᙄ RegNtPreCreateKey
HKCU\software\apcr::u3_36 噝ᝇ RegNtPreCreateKey
HKCU\software\apcr::u4_36 㱴ᙄ RegNtPreCreateKey
HKCU\software\apcr::u1_37 뱢铜 RegNtPreCreateKey
HKCU\software\apcr::u2_37 듣袩 RegNtPreCreateKey
HKCU\software\apcr::u3_37 엀親 RegNtPreCreateKey
HKCU\software\apcr::u4_37 꿩袩 RegNtPreCreateKey
HKCU\software\apcr::u1_38 澍봴 RegNtPreCreateKey
HKCU\software\apcr::u2_38 㫅﬏ RegNtPreCreateKey
HKCU\software\apcr::u3_38 䥷兀 RegNtPreCreateKey
HKCU\software\apcr::u4_38 ⍞﬏ RegNtPreCreateKey
HKCU\software\apcr::u1_39 䜁ʒ RegNtPreCreateKey
HKCU\software\apcr::u2_39 誨浴 RegNtPreCreateKey
HKCU\software\apcr::u3_39 ﳺ汷 RegNtPreCreateKey
HKCU\software\apcr::u4_39 雓浴 RegNtPreCreateKey
HKCU\software\apcr::u1_40 櫎㬴 RegNtPreCreateKey
HKCU\software\apcr::u2_40 RegNtPreCreateKey
HKCU\software\apcr::u3_40 RegNtPreCreateKey
HKCU\software\apcr::u4_40 RegNtPreCreateKey
HKCU\software\apcr::u1_41 㭦郆 RegNtPreCreateKey
HKCU\software\apcr::u2_41 搧刿 RegNtPreCreateKey
HKCU\software\apcr::u3_41 ប匼 RegNtPreCreateKey
HKCU\software\apcr::u4_41 綽刿 RegNtPreCreateKey
HKCU\software\apcr::u1_42 ꅇ꬞ RegNtPreCreateKey
HKCU\software\apcr::u2_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u3_42 鬛얧 RegNtPreCreateKey

302 additional registry modifications are not displayed above.

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout
  • win32u.dll!NtGdiStretchDIBitsInternal

61 additional items are not displayed above.

Shell Command Execution

(NULL) na.exe
cmd.exe /c ""C:\Users\Khlaspue\AppData\Local\Temp\5088YYEC.cmd" "C:\Users\Khlaspue\appdata\local\temp\nasi boot\hdsentinel\na.exe" "

Trending

Most Viewed

Loading...