Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.DiscordStealer

Trojan.DiscordStealer

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 576
Threat Level: 80 % (High)
Infected Computers: 18,741
First Seen: May 5, 2019
Last Seen: February 7, 2026
OS(es) Affected: Windows

File System Details

Trojan.DiscordStealer may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. dat.txt 98106492f35388863d9060d5682ae9e1 5
More files

Directories

Trojan.DiscordStealer may create the following directory or directories:

%appdata%\empyrean

Analysis Report

General information

Family Name: Trojan.DiscordStealer
Signature status: No Signature

Known Samples

MD5: 9e164a1c308d2fd70b6de23381ea38b0
SHA1: 5325f21dc5099876e5682b99322c11f561295690
File Size: 7.14 MB, 7139842 bytes
MD5: 5b287b4cd77e837975940021e1ce9206
SHA1: 3715e44a6b7b91224fd15b95ac05a24527b54506
File Size: 7.19 MB, 7188406 bytes
MD5: 9ef658467ed16e899ce3dfae0fa1df2a
SHA1: fae395c41871ef8c2960352f576939844934a9a5
File Size: 1.75 MB, 1748480 bytes
MD5: 8bbb1ea0a7bf00bcce7d3bdb8fe4620f
SHA1: f6cc8209fb9c72217adf9e3bf86b2e06820560ba
File Size: 9.23 MB, 9227286 bytes
MD5: 31085f1e026bfcbebf4700e67a0757da
SHA1: 48cb9f975062c0a6ec68dff49afe8868b0c42efa
File Size: 8.27 MB, 8265649 bytes
Show More
MD5: 4eb2d76cacf5a4cffe99dce3e9574583
SHA1: c5127f188acc2d1f541883ec4258711fe8ef04ed
File Size: 7.52 MB, 7517808 bytes
MD5: f422643fd53676cd68048a401fd19068
SHA1: 6e34d5c30919ef8cb6ee2888c29288bb75c10cb1
File Size: 8.11 MB, 8108760 bytes
MD5: 13e5c25d4d1a87768a0e13a32e6b0af1
SHA1: 2d24bc7ca71c9b585d0cce1088f31307d5dd53ab
File Size: 9.63 MB, 9633228 bytes
MD5: deaaa3af22d87cdc0130d544fe0a5008
SHA1: 18f32801c081fb91e2eab36fa7a18fecbe7b13c1
File Size: 3.97 MB, 3972109 bytes
MD5: c2290053496b1d3735485519ddb5ca89
SHA1: 5222f1f58786658fc83d55b00d771806e5ba9e6b
File Size: 6.09 MB, 6085380 bytes
MD5: 8710b08816a3823c6d477c12ba96345a
SHA1: b19ed75f15570cbe037237ecf0f9bb86774f312e
File Size: 7.12 MB, 7124047 bytes
MD5: ff7e04c131623dfa846f887704040ba2
SHA1: c9d69ae389c994052dad12e3d7be7042ed3eb825
File Size: 5.35 MB, 5352840 bytes
MD5: 178504b9a2d31dc1ba21169e0bc3c015
SHA1: 10bfd458319b540838140fa31c1b31d105b95815
File Size: 4.77 MB, 4771406 bytes
MD5: 2f6cacbafee0c90e6fb208d6f507cfed
SHA1: 8d010036fefbed27f063a6c5c4cfa2e985c652c7
File Size: 3.69 MB, 3694071 bytes
MD5: 90fcee652793c8392a33f9450b7e21c0
SHA1: b9ebe9b62f16a5d03566f870d46b8203a6e5fa58
SHA256: F1F34D002E2CB2D07BA269A2EACEDC0085EA717959B2183C9C2778C929CD63D0
File Size: 7.44 MB, 7438194 bytes
MD5: 1431c4220e5a779c1b5020ed236d9ecd
SHA1: b41d1884fac350b32f30c55cecc70d8216a8fe1f
SHA256: C858DC72F01D036F5F57E570C7C3762983AE86BFE77ACE49023F5E06A5C6A7E4
File Size: 8.45 MB, 8450641 bytes
MD5: c191a0878f087b9ad78a17d2d2ae669b
SHA1: f8bc2d0d8c4f97220c33e4567683a3c680a7ce04
SHA256: 271879D1B7DE179C65759BDC393C23C70D3D63FFB1520F7CF1FD02B4DF1E5270
File Size: 7.45 MB, 7445647 bytes
MD5: c5b67b99e1d170a7799d8877ff176cea
SHA1: 0857ff036e7ab7c8c3c28cec56589c31368c13fe
SHA256: 673F89378D8D922C2B7A4310B6EBD8D00012C3F08689B596C0C96FF777E2C94D
File Size: 5.12 MB, 5117159 bytes
MD5: 0e59bbe71e12e677b52f60c528566924
SHA1: 8abb817b24195ae36e152889aae0259874a941a5
SHA256: F3C2202C440CF6505ED3588DCC38F945BFB9B629071196C79225C1ED190E3702
File Size: 1.96 MB, 1959153 bytes
MD5: 6734ab621a26cd5eb6b4b6f221854c7d
SHA1: 7017206dc809137ce47fa7d9db6a3457f359170b
SHA256: E03D95B4D5CBE0F9C7C7AE513DFCEE20E33119A8DCD16CF81B28757FD9DB4705
File Size: 330.24 KB, 330240 bytes
MD5: 957d8a7d7d7622e15d2183485526dc4f
SHA1: e4268db2d12e94cd57f17240cbbc1825a864f4f7
SHA256: 6BE69D94CBC5C8E0ADCD0B95997B22D4C315EEAC129787D806EE00B560A4DF4B
File Size: 2.79 MB, 2790891 bytes
MD5: 16632fe3923165dfc1e8e5462f29ab0c
SHA1: 08b9f8bf6b29f781f1c00bdfe373da77db840347
SHA256: 209EDC8F3A789C8EDE626CE4D0DED4F48D8FE8E909553242A2C16DAE52CCD971
File Size: 1.90 MB, 1900273 bytes
MD5: b8c4b01a405da4c1d6fbcc9df6ab89dd
SHA1: b6c5c2bc42d235255d469a5f6b77e74fb419b0d9
SHA256: 2BF55712CEB7ABAE60FC5520DBF09E03044869ECC6D725263D366498DF7A26F9
File Size: 646.66 KB, 646656 bytes
MD5: d0563ea99d37e46695be3b500d141431
SHA1: 5c171b8b3ebb91f1249d07ea5e3c802eb41c5bbe
SHA256: 7B9079D7BBB97F040E4F39EB792F74BA50C53B9A03A6E45EDF8A735EAD0C2463
File Size: 16.38 KB, 16384 bytes
MD5: 48daf96f336ff9529eba56b6cf30d473
SHA1: 9a91320eba1d348aafbdf645937f268bbd99e882
SHA256: A2B2FFBA97393A6965B3AA9D6D8D0389C7DA75C1E1FCCD5281A5028B58FB0F9A
File Size: 6.57 MB, 6572916 bytes
MD5: ec7c7d84a593444bebf8e576b1197559
SHA1: e43054f4360b3457e9fffd00833f37f6fde364e3
SHA256: F318BEC7F9DFA9E670D85D73C009E77F01973BC7259D24FE7184E2AF8BD2500B
File Size: 6.10 MB, 6100598 bytes
MD5: 26764325ce6c7fecb386aaa6d43f8920
SHA1: dca96cbd94a11bbdd6f73695599e74a3971d798f
SHA256: AA6A15001030F6F164836E7B47B953E4458D5848A62D84DBAFEAD8823AE76A20
File Size: 2.15 MB, 2145280 bytes
MD5: 94e68c0b52d6909cb86dcc4986e5550c
SHA1: 9130cd6ea4fe18b28dfaad6705cda0a64cc71760
SHA256: 8C8868AF8C0D4D8CB2116A0BC3F06E8C624EFBC4EC3299CF7DF13E00DF63DCBF
File Size: 6.12 MB, 6124136 bytes
MD5: 4765c9dfbff34d524e764559b3cd9f03
SHA1: 3828b3acc89a6dc0afe2b1dd8cd35dbd96dcca22
SHA256: B15441BD2D9B7F5FF8A119611CC898D43D5E6921BCCFCE087E38D20FE374D7A8
File Size: 8.12 MB, 8117373 bytes
MD5: 50f6c8a31a12373b620144010eefffae
SHA1: 7ec69ecb290f54612abff8a3d58f9c13471250e9
SHA256: A0B1E0DAEC6486ED00B9787952C1F7A709E0076031BC62B4E5CE245FCCC329B5
File Size: 2.16 MB, 2158603 bytes
MD5: e1e720fd3c1aa94213e460c94b2cd89d
SHA1: 473130aa9f72ebbee52cdcb40fdb84933c5fdb71
SHA256: 995DC398251D3E78A616562ACF07729D2B8C4EC5DD1AEBF8B066B85F4F39F8D8
File Size: 5.16 MB, 5157963 bytes
MD5: 30d4b32df2cc441ddde8f1d0f4194e06
SHA1: fc2a8dd14facae14976c32f3a460261950f2ac96
SHA256: 60ACD4FC5FEA7F696669C0DC8FD97ECE7A71717767279721C7DD2E00C6904E49
File Size: 8.99 MB, 8994895 bytes
MD5: c8d763bcb0929b6d4457ab062ef88fa6
SHA1: 502d97e1fa5aefed249a2004ce62a036c8268531
SHA256: 4191A292C0E736153F4AFD7AC24483CCDC64B8254538C6474A6E2E6825F989EA
File Size: 9.80 MB, 9795611 bytes
MD5: c59d9bcb7bc72118bdf57e7d7c9b25f7
SHA1: 2c5ca28cb17519d6294ca76fd98038674ad56f3a
SHA256: F828B5E3940E01E0CB443CE62CE70F0328C6474E0ACCFAE7D495F7DE1E4C1F3C
File Size: 6.09 MB, 6087910 bytes
MD5: b37b14b27d8ba4c676ac5f1713af314b
SHA1: b752b42b73355273696f61df633512ffac30f23a
SHA256: 6FDD9EAFC248BA20FDA95241D9737699AA70614ADE183E4B7BF368A4E7D6C668
File Size: 8.06 MB, 8064986 bytes
MD5: 1fd5a772efa4208d40aa0e8772ad816a
SHA1: 5d8f0863956ab7a8dc8d236f75b456a253ba7a9c
SHA256: 45FC4139EB85899F8EE456708F7E094F2C5A3E12E2C0E7D2AAEA283F8D03854E
File Size: 6.48 MB, 6477992 bytes
MD5: 3b3324a0957e32b5046242f04d06e0cc
SHA1: dd6d813b640ce321c54af51b671e3623701d3417
SHA256: 517CE5636F2F7936AEECA6AAC25CC6CAB7ECC2EC4F5E7E9F4FFBDD6437161DD8
File Size: 8.38 MB, 8381610 bytes
MD5: 546cd156d9481e4c6d2692344582e5b4
SHA1: cde50a056f319e4c24101a6fdc77ca5618667a87
SHA256: 431BD31674D29F339BA0160C524DFBE54B4A60F37BA2682FBD9DD2DC96611230
File Size: 4.45 MB, 4451428 bytes
MD5: ab22abaa33c9546562de110d66133f32
SHA1: 8b0febe1e8c30595b5c3ca3baafef85972a52402
SHA256: B42780862D8C49ECA63E34B4A2010E9B597B87D65324763358521343ABCF8B45
File Size: 4.83 MB, 4831232 bytes
MD5: 7a4213823c2af6f8f8600969fed86b8c
SHA1: 226d438ea92449af395502da329aba1b99fc30db
SHA256: 28014AAB673C5972516A0F00A02DC0CC991D30E69FACAF783365ED33188B3FFC
File Size: 6.26 MB, 6264781 bytes
MD5: f2cfc9b0d904daebf6136a96ef959516
SHA1: 9474613469743a1356737e784df7a52fb5304d12
SHA256: C66EC037C8E7AE18F368562C6BD3DE83C7FD5D6D1D70446D3F8CC0F47497C0CC
File Size: 4.14 MB, 4140167 bytes
MD5: 5a7920876d62de14ddae1f90866dcb7a
SHA1: cb84bbda857a8ccd76600faa5efb4fdf6ef34c44
SHA256: 75F68201D2B692F77B8035B8D13713A405A2B9092ACE257CFBDC14DE96CFB984
File Size: 9.51 MB, 9508548 bytes
MD5: 9da76965b2a2312f060c9879935b06a5
SHA1: a80244df4241c278d66eb73e4b5f68f59927718a
SHA256: 621709D8D7640E4B56C091C6765B6879561827388818A1A0A6669E9F12283B67
File Size: 8.63 MB, 8625643 bytes
MD5: ba169376ba189811412b0f6a0c85a15c
SHA1: cd1f1fb50a63daa22c81a58b9cfb69b88362b240
SHA256: 59F6A5163E7225803386F4C05A40C5BF4FF147A7067FAD92138F1F0F57E31BB7
File Size: 9.47 MB, 9472135 bytes
MD5: 92caa66bf846021d8376e45c66114a11
SHA1: b52f9a13bffd9d8b9d6e519660bfe76a534aa47e
SHA256: 942DF1D27FA4EBAB7C2A8885F816B1525BEE757BC8D5C6E4EAD036E882065C50
File Size: 9.50 MB, 9499267 bytes
MD5: 5dcad5bed49ef0b5b88dc29ea7161a82
SHA1: 5aa73dc47cc1c1abcfc03ca2bfcb8c2829be049c
SHA256: A69F0A727BEFCCCB373FE599DEA6070EDB943FE84A126F2E31DBE4DC346056AC
File Size: 3.25 MB, 3250866 bytes
MD5: 2ce6f9fc9eae679d38836d3457d324d5
SHA1: 56453efd437bd194e61ed812bea8083dd5090762
SHA256: 9EAF822939C4BD4F915870C966BE091A908A6051973025196C1BF6980A1B500C
File Size: 13.31 KB, 13312 bytes
MD5: d0c36409ceed9b71c38828f8ce0c8d7f
SHA1: d8e7bcaa6efd38fd99b634a6fa0b4dfc567a6fa0
SHA256: F4E646B5FF58C1C1F8DE1888F1315F8953C59388060141C6F2AB07A4331B157B
File Size: 7.00 MB, 7000031 bytes
MD5: d804f07ee44ee591b66221332cb86837
SHA1: c970e5595470a452c0f23bfabfe4c343f83daa91
SHA256: 19E2D66EA228CDA45BD75C4D0498A1394CAA6E8870009F46B793A7CEF204EABD
File Size: 6.08 MB, 6082738 bytes
MD5: 37ebf9cf53518a52ae86e6f8ed831c2d
SHA1: 59d58c616fb98e52b2264708e200c4c1b4782f27
SHA256: 49C3EAED2826ADBFF1591D095937D239113265B678C5FF967F4717663CF3BFDD
File Size: 222.72 KB, 222720 bytes
MD5: 6455d4fe19a599e4a5b71bc66b582089
SHA1: babcdf285cf8991db3b9c2b772799a4ad1e0c2b2
SHA256: 7DC1E67616BBADE528C1236990210E3DF41BDCC3ECA1CD49191C3FD953B58577
File Size: 6.80 MB, 6799518 bytes
MD5: a7f55eb46c1b1e5f1beeac3fad78a41e
SHA1: 73c66adc23591c44894cf9bd9ce9412d746dad16
SHA256: D1F2EFA994E266D5B314022B76B391EF051EC0446F80E351FE4B9278A9DE7543
File Size: 1.39 MB, 1392513 bytes
MD5: c1c6a72f016c985e2a2c18338c740fb4
SHA1: 57d676ef37d97ed499b09025fba8a469c67c1dfc
SHA256: 4753DBC4AFAD8978F2BB0E6CD3A7483BEE35F2047D7438DC592878359D59EDF1
File Size: 9.26 MB, 9260603 bytes
MD5: 456d495d272721bbdb8c4b20a39cad6a
SHA1: e069ede7865c74b1a2eb5a69a00ba3125bb54890
SHA256: E0700746098E24609337A14621469F8455176347F992427DFA727302756E29FC
File Size: 9.22 KB, 9216 bytes
MD5: 971548cc79eb8946e1740503594ea0b3
SHA1: e438937204eecf4daf971238c3f7218f837cb9cc
SHA256: B5DAFE92938A228FEB18DDAB5D7E08500B7CDC534BB5F099A268EDFF38AC173B
File Size: 1.74 MB, 1738132 bytes
MD5: 36275d870b1c3dd6aba78cf1ca54caec
SHA1: 9d9c3f7271fff7854d9ee0c02725a2a093ad30fd
SHA256: 03966B7DF7EA2C37F7CD45792F26863F9BC566BAEC617A3BC776A4FF7E070369
File Size: 16.38 KB, 16384 bytes
MD5: 0a1610bc9fa1d46edf4b0d3b02100310
SHA1: fe5da03b5452959308d42ce1467aad9d4da3701d
SHA256: C3279B0584780F65092BB1A512AFADB5157DF95FBB5C2E09B8501527A397D130
File Size: 9.73 MB, 9726170 bytes
MD5: fe1e4949d4a7e123dbfef93bc86ea5d7
SHA1: bdf3ec7c565fb542ef8c35b72d8971b9f4266bf0
SHA256: 07437168E47761B0A2ED27334EF5ECAF5D5031C1ECD41EE456569DE6177BED7E
File Size: 7.31 MB, 7305936 bytes
MD5: 17b9719455b394df1828c3ddba7869a3
SHA1: 4134d62236c72676d5543162116d6b1d6f233b48
SHA256: 9DDAA1102BF71F40E49A86B16B0F359B49A343A3A2BB7B03E63B81534E5AB1B9
File Size: 8.05 MB, 8051312 bytes
MD5: 7638cd2c9506f98b61b6d7acd08d7d47
SHA1: 2a41f84876669e8973c49fb621f92dd6970a2abb
SHA256: 38192DACABAA98456AAE01F2B1FB2C9DABBB82587784DFBB9AB6E5E7C9E2BB31
File Size: 9.25 MB, 9254243 bytes
MD5: 640c33708e994a77e62e3634dd0ebdfb
SHA1: 38380e277841c1a0936cd4f27a9c700afa7f8c8f
SHA256: 2C2A20F61F8ECCE5BB63515B40E0A06F6B77782782D2D55CDC5B82FC1BBF8C05
File Size: 4.82 MB, 4816333 bytes
MD5: a80d65b159b1b205d28f103fced593fa
SHA1: 6d03d988bad7af06edd1f513bfddd06720e66061
SHA256: 12024A3929A0BC6559140651F9A1E032498FFD46764417B815A78252E0AFD6F7
File Size: 7.53 MB, 7534489 bytes
MD5: 8f46854d5868212d61a323071eb078d6
SHA1: 6438154a67c4af5cd39089d501bea304dc0a942a
SHA256: D5B6CD6715436A651A0374D7C1B19E62E67DCBB5FD6547F2DAE4AEDB027CF7C5
File Size: 27.65 KB, 27648 bytes
MD5: bf594fe3cd52bd02a1cd7f2d432538d1
SHA1: e28e633dfc22eafd0c36bac4938b550f0b68887b
SHA256: 7F3E4E88E84ABFBDA8F40EAB56F7BD14BBA254BF5862C55E3BF78DAC0291FCD9
File Size: 9.07 MB, 9069683 bytes
MD5: 90d37e5f4051734d9d864bd32f410a65
SHA1: 72fd7f977046a422857931f8a9060620a6d33cfb
SHA256: E3A3E1A4A3B40F7592CBCD6B9F24D1220F44C7B638D8FE7ED833F936427EDC79
File Size: 8.66 MB, 8663124 bytes
MD5: 1ac80abd6116cab20eb33082c33d5694
SHA1: fd262e9d657e83eac047907fc46003751e5129ff
SHA256: 73CE132111BA985C12D7904E96FE6E90D7E59278A68681E77A83BF88258A0620
File Size: 9.07 MB, 9072443 bytes
MD5: a048ee18fd771d256de9c688d1144b01
SHA1: 9846da7800df9026b6f4963af19b1cfa825cfd8e
SHA256: B499D6E281112CC5DDBBA5512239AB1DDCE4307F8987FA52B204C2F9D2AE5DE0
File Size: 8.61 MB, 8607232 bytes
MD5: 8991b8851223400523745443283d4f08
SHA1: 06cf0b20f23ad3a56056fd0f3c58b7961294a3c8
SHA256: 3856BD12A4C191933F0D40CD8C4CC444779446926DFEE119D17EFC339812F66B
File Size: 9.37 MB, 9373358 bytes
MD5: 69867e93c880a8e40de0a9708d583095
SHA1: 5393c8a909ffba65a30bb48aeb6f49193bbac2e3
SHA256: C2392DC6E0706F61AD52866968241CB1A9352F190ADEAA3492A2C4B976844B4B
File Size: 6.11 MB, 6112109 bytes
MD5: e762792d60f5ca767aabe3be6f8b8ef1
SHA1: 0543611e7259c5330496ace88a33eedf5ec9a76a
SHA256: 093EEE08C3D00CCDBC53DA731EFB0EC0E917DC231949017D6F3CE059A1066E80
File Size: 8.06 MB, 8059978 bytes
MD5: 5077a9c1c9283fc712317b758fa57679
SHA1: abdb180cd7e805188a160897d15775103471432d
SHA256: DCC77CB4384E88399825054CC441576F03E34221F1169D9A9CB3F3F4649BD615
File Size: 6.84 MB, 6838441 bytes
MD5: 0871edc86f7cb11ef749a198d06bff5e
SHA1: 5de1760d7bbd77daa53a5356b584751df4293156
SHA256: F3B4AAAD93938AEAFBF0AE5CB515FBE8D0CAB03016369FCA271AF1AF5DF595D9
File Size: 2.91 MB, 2906310 bytes
MD5: d86b6bfc86470632ea579be2fefb05f6
SHA1: 97f0513d64e2894c951c8f72bb6c71209b9180c8
SHA256: B47B4678DF228A08F8AE25F2EDB19AA8E792BD516FE655DEA4C3220449AF611A
File Size: 9.32 MB, 9318365 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

36 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 1.0.0.0
  • 0.0.0.0
Comments A Frontend for Mednafen multi emulator
Company Name
  • AGMG Discord
  • Builder
  • ClashFarmer.com
  • ConsoleApp1
  • King of Pirates Online
  • Microsoft Corporation
  • Speedvicio
  • Toxic Home
File Description
  • Builder
  • ClashFarmer Professional Bot
  • ConsoleApp1
  • E3Discord
  • GI Mods Fixer
  • King of Pirates Launcher
  • LuceneSearch
  • Manifest Dumper Executable
  • MedGui Reborn
  • Runtime Broker
Show More
  • SendMessage Discord
  • WindowsFormsApplication1
File Version
  • ClashFarmer 2.4 RC11
  • ClashFarmer 2.3 RC2
  • 10.0.19041.4355 (WinBuild.160101.0800)
  • 3.2.2.9
  • 1.00
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • 57FixReleaseVersion
  • Builder.dll
  • ClashFarmerBot
  • ConsoleApp1.dll
  • E3Discord.exe
  • educationxmr.exe
  • EmailAutomation.exe
  • kopo_d.exe
  • LuceneSearch.exe
  • Manifest Dumper
Show More
  • MedGuiR.exe
  • RuntimeBroker.exe
  • SendMessage Discord.exe
  • TJprojMain
Legal Copyright
  • Copyright © 2009
  • Copyright © 2015
  • Copyright © 2023
  • Copyright © 2025 Toxic Home
  • Copyright © champ 2020
  • © AGMG. All rights reserved.
  • © ClashFarmer. All rights reserved.
  • © Microsoft Corporation. All rights reserved.
Original Filename
  • 57FixReleaseVersion.exe
  • Builder.dll
  • ClashFarmer.exe
  • ConsoleApp1.dll
  • E3Discord.exe
  • educationxmr.exe
  • EmailAutomation.exe
  • kopo_d.exe
  • LuceneSearch.exe
  • Manifest_Dumper.exe
Show More
  • MedGuiR.exe
  • RuntimeBroker.exe
  • SendMessage Discord.exe
  • TJprojMain.exe
Product Name
  • Builder
  • ClashFarmer Professional Bot
  • ConsoleApp1
  • E3Discord
  • Genshin Impact Mod Fixer
  • KOP Launcher
  • LuceneSearch
  • Manifest Dumperr
  • MedGui Reborn
  • Microsoft® Windows® Operating System
Show More
  • Project1
  • SendMessage Discord
  • WindowsFormsApplication1
Product Version
  • ClashFarmer 2.4 RC11
  • ClashFarmer 2.3 RC2
  • 10.0.19041.4355
  • 3.0
  • 1.00
  • 1.0.0.0
  • 1.0.0
  • 0.0.0.0

File Traits

  • .NET
  • Agile.net
  • Fody
  • golang
  • HighEntropy
  • NewLateBinding
  • No Version Info
  • ntdll
  • RijndaelManaged
  • Stealer
Show More
  • x64
  • x86

Block Information

Total Blocks: 903
Potentially Malicious Blocks: 0
Whitelisted Blocks: 894
Unknown Blocks: 9

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.DFSK
  • Agent.GDX
  • Agent.JKTA
  • Agent.ODN
  • Agent.OISE
Show More
  • Downloader.Agent.N
  • KillWin.H
  • MSIL.ClipBanker.HA
  • Mint.B
  • ShellcodeRunner.TV
  • Stealer.IFA
  • Stealer.IFDF

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\pshost.134000988243126940.4264.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\users\user\appdata\local\temp\__psscriptpolicytest_3ou4h1ps.pp0.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_5a1z5tqj.3xz.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_decimal.pyd Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\_mei10362\_elementtree.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_testcapi.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\_tkinter.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\certifi\cacert.pem Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\include\pyconfig.h Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\lib2to3\grammar.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\lib2to3\grammar3.8.5.final.0.pickle Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\lib2to3\patterngrammar.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\lib2to3\patterngrammar3.8.5.final.0.pickle Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\lib2to3\tests\data\readme Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\main.exe.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\python38.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl86t.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\auto.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\clock.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\ascii.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\big5.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1250.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1251.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1252.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1253.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1254.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1255.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1256.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1257.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp1258.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp437.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp737.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp775.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp850.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp852.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp855.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp857.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp860.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp861.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp862.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp863.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp864.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp865.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp866.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp869.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp874.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp932.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp936.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp949.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\cp950.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\dingbats.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\ebcdic.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\euc-cn.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\euc-jp.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\euc-kr.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\gb12345.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\gb1988.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\gb2312-raw.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\gb2312.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso2022-jp.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso2022-kr.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso2022.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-1.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-10.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-13.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-14.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-15.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-16.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-2.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-3.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-4.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-5.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-6.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-7.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-8.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\iso8859-9.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\jis0201.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\jis0208.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\jis0212.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\koi8-r.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\koi8-u.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\ksc5601.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\maccenteuro.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\maccroatian.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\maccyrillic.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macdingbats.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macgreek.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\maciceland.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macjapan.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macroman.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macromania.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macthai.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macturkish.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\macukraine.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\shiftjis.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\symbol.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\encoding\tis-620.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\history.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\http1.0\http.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\http1.0\pkgindex.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\init.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\af.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\af_za.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ar.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ar_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ar_jo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ar_lb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ar_sy.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\bg.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\bn.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\bn_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ca.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\cs.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\da.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\de.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\de_at.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\de_be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\el.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_au.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_bw.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_ca.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_gb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_hk.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_ie.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_nz.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_ph.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_sg.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_za.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\en_zw.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\eo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_ar.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_bo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_cl.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_co.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_cr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_do.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_ec.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_gt.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_hn.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_mx.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_ni.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_pa.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_pe.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_pr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_py.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_sv.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_uy.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\es_ve.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\et.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\eu.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\eu_es.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fa.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fa_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fa_ir.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fi.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fo_fo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fr_be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fr_ca.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\fr_ch.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ga.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\ga_ie.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\gl.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\gl_es.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\gv.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\gv_gb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\he.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\hi.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\hi_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\hr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\hu.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\id.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\id_id.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\is.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\it.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10362\tcl\msgs\it_ch.msg Generic Write,Read Attributes

9012 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 䁕垞ᄰǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ꋸ垠ᄰǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\software\microsoft\tip\aggregateresults::data RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAllocateLocallyUniqueId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
Show More
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtLoadKeyEx
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueueApcThreadEx2
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess

61 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Network Winsock2
  • WSAConnect
  • WSAGetOverlappedResult
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
  • socket
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory

Shell Command Execution

c:\users\user\downloads\3715e44a6b7b91224fd15b95ac05a24527b54506_0007188406.exe "c:\users\user\downloads\3715e44a6b7b91224fd15b95ac05a24527b54506_0007188406.exe"
C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
c:\users\user\downloads\f6cc8209fb9c72217adf9e3bf86b2e06820560ba_0009227286.exe "c:\users\user\downloads\f6cc8209fb9c72217adf9e3bf86b2e06820560ba_0009227286.exe"
c:\users\user\downloads\48cb9f975062c0a6ec68dff49afe8868b0c42efa_0008265649.exe "c:\users\user\downloads\48cb9f975062c0a6ec68dff49afe8868b0c42efa_0008265649.exe"
c:\users\user\downloads\6e34d5c30919ef8cb6ee2888c29288bb75c10cb1_0008108760.exe "c:\users\user\downloads\6e34d5c30919ef8cb6ee2888c29288bb75c10cb1_0008108760.exe"
Show More
c:\users\user\downloads\2d24bc7ca71c9b585d0cce1088f31307d5dd53ab_0009633228.exe "c:\users\user\downloads\2d24bc7ca71c9b585d0cce1088f31307d5dd53ab_0009633228.exe"
"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Sudsjfwn'
c:\users\user\downloads\9a91320eba1d348aafbdf645937f268bbd99e882_0006572916 "c:\users\user\downloads\9a91320eba1d348aafbdf645937f268bbd99e882_0006572916"
c:\users\user\downloads\b752b42b73355273696f61df633512ffac30f23a_0008064986 "c:\users\user\downloads\b752b42b73355273696f61df633512ffac30f23a_0008064986"
c:\users\user\downloads\dd6d813b640ce321c54af51b671e3623701d3417_0008381610 "c:\users\user\downloads\dd6d813b640ce321c54af51b671e3623701d3417_0008381610"
c:\users\user\downloads\226d438ea92449af395502da329aba1b99fc30db_0006264781 "c:\users\user\downloads\226d438ea92449af395502da329aba1b99fc30db_0006264781"
c:\users\user\downloads\cb84bbda857a8ccd76600faa5efb4fdf6ef34c44_0009508548 "c:\users\user\downloads\cb84bbda857a8ccd76600faa5efb4fdf6ef34c44_0009508548"
c:\users\user\downloads\d8e7bcaa6efd38fd99b634a6fa0b4dfc567a6fa0_0007000031 "c:\users\user\downloads\d8e7bcaa6efd38fd99b634a6fa0b4dfc567a6fa0_0007000031"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 780
c:\users\user\downloads\fe5da03b5452959308d42ce1467aad9d4da3701d_0009726170 "c:\users\user\downloads\fe5da03b5452959308d42ce1467aad9d4da3701d_0009726170"
c:\users\user\downloads\bdf3ec7c565fb542ef8c35b72d8971b9f4266bf0_0007305936 "c:\users\user\downloads\bdf3ec7c565fb542ef8c35b72d8971b9f4266bf0_0007305936"
c:\users\user\downloads\72fd7f977046a422857931f8a9060620a6d33cfb_0008663124 "c:\users\user\downloads\72fd7f977046a422857931f8a9060620a6d33cfb_0008663124"
c:\users\user\downloads\fd262e9d657e83eac047907fc46003751e5129ff_0009072443 "c:\users\user\downloads\fd262e9d657e83eac047907fc46003751e5129ff_0009072443"
c:\users\user\downloads\06cf0b20f23ad3a56056fd0f3c58b7961294a3c8_0009373358 "c:\users\user\downloads\06cf0b20f23ad3a56056fd0f3c58b7961294a3c8_0009373358"
c:\users\user\downloads\0543611e7259c5330496ace88a33eedf5ec9a76a_0008059978 "c:\users\user\downloads\0543611e7259c5330496ace88a33eedf5ec9a76a_0008059978"

Related Posts

Trending

Most Viewed

Loading...