Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Downloader.Agent.CD

Trojan.Downloader.Agent.CD

By CagedTech in Trojans

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: October 30, 2020
Last Seen: January 13, 2022
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Downloader.Agent.CD
Packers: UPX!
Signature status: No Signature

Known Samples

MD5: f5acc5eb94b55bca7c14d6f1efde4e1b
SHA1: da20b0ab5c5861b3377827473b440549ceeecc0f
SHA256: 4767C1E737C93B04A5E19EC11B3B3278D1464244544C16D01F1AB0BF024A62DD
File Size: 4.40 MB, 4399616 bytes
MD5: 84842b790e6d9728336d9354e6e3a2b7
SHA1: 00b1bee1626e337ea02ccd2b7376359d6ebdbbb0
SHA256: D32358B5BDB510687279429851172910033F92920D1576EFF1BD56ADED5FB47E
File Size: 8.24 MB, 8236674 bytes
MD5: f842ca09da6eff2f287b3b5e772229ea
SHA1: 87d89405f499bd43470dccebf2d6fc6e07d39c02
SHA256: 4192C668145EC66AB774865F85DD1A7926599F071CD7477F675D6858E0375781
File Size: 745.98 KB, 745984 bytes
MD5: 78ba9fe9dda7318f33ce4209238e2e71
SHA1: aa9a4de3e48be86ef89049971bccbe21a2b1cc6f
SHA256: 3F878860341C66E4139F4AE9C30F5A0A6CED9612C16A201BA023A8E74F0735A2
File Size: 45.75 KB, 45749 bytes
MD5: 22d5bc3828c91781ab5335c64952bb1c
SHA1: de77604b6e3a0fd3200186a1ed7a1f2387e7eb70
SHA256: 4254D5B93131452D1CFDC107E0B2BA3D08F1D2D3BEE995C8CA6684B277D87E05
File Size: 783.87 KB, 783872 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is .NET application
Show More
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.1.2.50322
Comments 1Remote is a modern personal remote session manager and launcher.
Company Name
  • 9bis.com
  • Shawn
File Description
  • 1Remote
  • SSH, Telnet, Rlogin, and SUPDUP client
  • SSH, Telnet and Rlogin client
File Version
  • Release 0.76 (without embedded help)
  • Release 0.74 (without embedded help)
  • 1.1.2.50322
Internal Name
  • 1Remote.exe
  • PuTTY
Legal Copyright
  • 1remote.github.io
  • Copyright © 1997-2020 Simon Tatham.
  • Copyright © 1997-2022 Simon Tatham.
Original Filename
  • 1Remote.exe
  • KiTTY
Product Name
  • KiTTY
  • Shawn Veck
Product Version
  • Release 0.76 - Additional features on KiTTY That's all folks! by 9bis.com, 2005-2022
  • Release 0.74 - Additional features on KiTTY That's all folks! by 9bis.com, 2005-2021
  • 1.1.2.50322+3cc01a198587bf283495775a5143b8ff839eb096

File Traits

  • dll
  • imgui
  • packed
  • x86

Block Information

Total Blocks: 5,060
Potentially Malicious Blocks: 76
Whitelisted Blocks: 2,419
Unknown Blocks: 2,565

Visual Map

0 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 0 ? ? 0 ? 0 0 0 ? ? ? ? 0 ? ? ? ? 0 0 ? ? 0 ? 0 0 ? 0 ? ? ? ? 0 0 0 ? ? 0 ? ? ? 0 ? 0 ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? ? ? 0 ? 0 ? 0 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? 0 ? 0 ? 0 ? ? ? 0 0 ? 0 ? 0 0 0 ? 0 ? 0 0 0 ? ? 0 0 ? 0 0 ? ? 0 ? 0 0 ? ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 ? 0 0 0 ? ? ? 0 ? 0 ? 0 ? 0 ? ? 0 0 ? ? 0 0 0 0 0 ? ? ? 0 ? ? 0 0 0 ? x 0 0 0 ? x ? ? ? ? 0 0 0 ? 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 0 0 ? ? 0 0 ? 0 ? 0 ? 0 ? ? 0 0 ? ? 0 ? 0 0 ? ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? x ? ? 0 ? ? ? ? 0 0 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 ? 0 x 0 ? 0 ? 0 ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? 0 ? 0 0 0 ? ? ? 0 ? 0 0 ? 0 0 ? 0 0 ? 0 0 0 ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? 0 0 ? 0 ? ? 0 ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 ? 0 ? 0 ? 0 0 ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? x 0 ? ? 0 ? 0 ? ? ? ? ? 0 0 0 ? 0 ? ? ? 0 0 ? 0 0 ? 0 ? 0 0 ? x 0 ? ? 0 ? 0 ? ? x ? 0 ? 0 0 ? ? 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? ? 0 0 ? 0 ? ? ? ? ? ? 0 0 x ? ? ? 0 0 ? ? 0 ? 0 0 ? 0 ? 0 ? 0 0 ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? 0 ? ? 0 ? ? ? ? 0 ? ? 0 ? 0 0 ? 0 0 ? ? ? 0 ? ? ? ? ? ? 0 ? x 0 ? 0 ? 0 ? ? x ? 0 ? 0 0 ? ? 0 ? ? ? ? 0 ? ? 0 0 ? 0 0 ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? 0 0 0 ? ? ? 0 0 ? ? 0 ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? 0 ? 0 ? ? 0 ? 0 x ? ? ? 0 0 ? ? ? ? 0 ? ? ? 0 0 0 0 ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? x 0 ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 ? ? x ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? 0 ? 0 0 ? ? 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 ? 0 ? 0 ? 0 ? ? ? x 0 ? ? ? 0 ? ? 0 0 ? 0 0 ? ? 0 ? 0 ? ? ? ? 0 0 ? ? 0 ? ? 0 0 ? 0 ? ? ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? 0 0 0 0 ? ? ? ? 0 ? ? ? ? 0 ? 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? ? 0 x 0 0 ? 0 ? ? ? 0 ? ? 0 0 0 0 ? ? ? ? 0 0 ? 0 ? ? ? 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? 0 ? ? 0 ? ? ? 0 ? 0 0 ? ? 0 ? 0 ? ? 0 ? ? 0 0 0 0 ? ? ? 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? 0 ? x 0 ? 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 x 0 0 ? ? ? ? ? ? ? ? ? 0 0 0 0 0 x 0 0 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 0 ? ? ? 0 ? ? ? 0 0 ? 0 0 ? ? 0 ? 0 0 x 0 ? 0 ? ? 0 ? ? ? ? 0 0 0 ? 0 ? 0 ? ? 0 ? ? 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? 0 0 0 0 ? 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 0 0 0 ? x ? x ? ? 0 ? ? 0 ? ? ? ? 0 0 0 0 0 ? ? ? 0 ? 0 0 0 ? ? ? 0 ? 0 0 ? ? ? ? ? x ? 0 ? ? ? 0 ? ? ? ? ? ? 0 0 0 ? ? ? ? 0 0 x 0 ? 0 ? ? 0 ? ? ? 0 ? ? ? ? ? 0 0 0 0 ? ? ? 0 ? ? ? ? ? ? 0 0 x ? ? ? x 0 x ? ? ? x ? ? 0 ? ? ? ? ? ? ? ? ? ? x ? ? ? 0 0 0 ? 0 ? ? ? x 0 0 ? ? 0 0 0 ? x 0 ? ? ? ? 0 ? 0 ? 0 ? ? ? x 0 0 ? ? x ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? 0 ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 ? 0 0 ? ? 0 ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 ? 0 ? ? ? ? ? ? x ? ? ? 0 ? 0 ? 0 0 0 ? ? ? ? 0 ? ? ? ? 0 ? ? 0 ? ? 0 ? 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 0 ? 0 ? 0 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 0 ? ? 0 0 ? 0 0 ? ? ? ? 0 0 ? 0 0 ? ? ? ? 0 ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? 0 ? x 0 0 ? 0 0 ? ? ? 0 ? 0 ? ? 0 0 ? 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? ? 0 ? 0 0 ? 0 0 0 0 0 0 ? ? 0 ? ? ? 0 ? ? 0 0 0 ? 0 0 ? ? 0 0 0 0 ? ? 0 ? 0 0 0 ? 0 0 ? ? ? ? ? 0 ? ? 0 ? ? 0 0 ? 0 0 ? ? ? ? 0 ? 0 ? ? 0 ? 0 ? ? x ? ? 0 ? ? 0 ? 0 0 ? ? 0 ? x ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 0 0 ? ? 0 ? ? 0 ? 0 0 ? 0 ? 0 0 ? ? ? 0 ? ? 0 ? 0 0 0 ? 0 ? ? ? 0 ? ? ? ? 0 0 x ? 0 ? 0 0 ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\dll_log.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh6fa7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\roaming\kitty\kitty.ini Generic Write,Read Attributes
c:\users\user\downloads\kitty.ini Generic Write,Read Attributes
c:\users\user\downloads\sessions\default%20settings Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\9bis.com\kitty::folders Default RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kicount 1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kilastup 1775009585/1775009585 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kilastuh 003vv5p0wllSn6J/JuHY5+15F0ElzSf6w/JuMYJ+o5n RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kisess 0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kivers 644139SISt9TSb5tFtt9TFS0F6hww RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kipath c:\users\user\downloads\de77604b6e3a0fd3200186a1ed7a1f2387e7eb70_0000783872 RegNtPreCreateKey
HKCU\software\9bis.com\kitty::kilic KI678-3EYX7-QWLCK-LFW98-06XTN RegNtPreCreateKey
HKCU\software\9bis.com\kitty::build 0.76.0.12 @ 10/11/2022-07:28:37(GMT) RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::present  RegNtPreCreateKey
Show More
HKCU\software\9bis.com\kitty\sessions\default%20settings::hostname RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logfilename kitty.log RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logtype RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logfileclash ￿￿ RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logflush  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::logheader  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshlogomitpasswords  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshlogomitdata RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::protocol ssh RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::portnumber  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::closeonexit  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::warnonclose  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pinginterval RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pingintervalsecs RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::tcpnodelay  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::tcpkeepalives RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::terminaltype xterm RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::terminalspeed 38400,38400 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::terminalmodes CS7=A,CS8=A,DISCARD=A,DSUSP=A,ECHO=A,ECHOCTL=A,ECHOE=A,ECHOK=A,ECHOKE=A,ECHONL=A,EOF=A,EOL=A,EOL2=A,ERASE=A,FLUSH=A,ICANON=A,ICR RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::addressfamily RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyexcludelist RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxydns  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxylocalhost RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxymethod RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyhost proxy RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyport P RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxyusername RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxypassword RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxytelnetcommand connect %host %port\n RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::proxylogtoterm  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::environment RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::username RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::usernamefromenvironment RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::localusername RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nopty RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::compression RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::tryagent  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::agentfwd RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gssapifwd RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::changeusername RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::cipher aes,chacha20,3des,WARN,des,blowfish,arcfour RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::kex ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::hostkey ed448,ed25519,ecdsa,rsa,dsa,WARN RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::preferknownhostkeys  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rekeytime < RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gssapirekey  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rekeybytes 1G RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshnoauth RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshnotrivialauth RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshbanner  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authtis RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authki  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authgssapi  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::authgssapikex  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gsslibs gssapi32,sspi,custom RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::gsscustom RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshnoshell RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sshprot  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::loghost RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ssh2des RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::publickeyfile RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::remotecommand RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rfcenviron RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::passivetelnet RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::backspaceisdelete  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::entersendscrlf RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rxvthomeend RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::linuxfunctionkeys RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noapplicationkeys RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noapplicationcursors RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nomousereporting RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremoteresize RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noaltscreen RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremotewintitle RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremoteclearscroll RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::remoteqtitleaction  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nodbackspace RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::noremotecharset RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::applicationcursorkeys RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::applicationkeypad RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::nethackkeypad RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::altf4  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::altspace RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::altonly RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::composekey RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ctrlaltkeys  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::telnetkey RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::telnetret  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::localecho  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::localedit  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::answerback KiTTY RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::alwaysontop RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fullscreenonaltenter RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::hidemouseptr RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::sunkenedge RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowborder  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::curtype  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::blinkcur  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::beep  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::beepind RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::bellwavefile RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverload  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverloadn  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverloadt ߐ RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::belloverloads RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollbacklines RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::decoriginmode RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::autowrapmode  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::lfimpliescr RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::crimplieslf RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::disablearabicshaping RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::disablebidi RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::winnamealways  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wintitle RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::termwidth P RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::termheight  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::font Courier New RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontisbold RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontcharset RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontheight RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontquality  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::fontvtmode  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::usesystemcolours RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::trypalette RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ansicolour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::xterm256colour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::truecolour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::boldascolour  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowclosable  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowminimizable  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowmaximizable  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::windowhassysmenu  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::disablebottombuttons  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour0 187,187,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour1 255,255,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour2 0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour3 85,85,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour4 0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour5 0,255,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour6 0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour7 85,85,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour8 187,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour9 255,85,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour10 0,187,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour11 85,255,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour12 187,187,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour13 255,255,85 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour14 0,0,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour15 85,85,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour16 187,0,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour17 255,85,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour18 0,187,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour19 85,255,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour20 187,187,187 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::colour21 255,255,255 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rawcnp RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::utf8linedraw RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pastertf RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mouseisxterm RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::rectselect RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::pastecontrols RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mouseoverride  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness0 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness32 0,1,2,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness64 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,2 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness96 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness128 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness160 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness192 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::wordness224 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,1,2,2,2,2,2,2,2,2 RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mouseautocopy  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::mousepaste explicit RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ctrlshiftins explicit RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::ctrlshiftcv none RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::linecodepage RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::cjkambigwide RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::utf8override  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::printer RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::capslockcyr RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollbar  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollbarfullscreen RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollonkey RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::scrollondisp  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::erasetoscrollback  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::locksize RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::bce  RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::blinktext RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::x11forward RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::x11display RegNtPreCreateKey
HKCU\software\9bis.com\kitty\sessions\default%20settings::x11authtype  RegNtPreCreateKey

112 additional registry modifications are not displayed above.

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushVirtualMemory
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Keyboard Access
  • GetKeyState
Network Winsock2
  • WSAStartup
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\aa9a4de3e48be86ef89049971bccbe21a2b1cc6f_0000045749.,LiQMAxHB

Trending

Most Viewed

Loading...