Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Farfli.FR

Trojan.Farfli.FR

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 25,896
Threat Level: 80 % (High)
Infected Computers: 10
First Seen: May 9, 2025
Last Seen: June 9, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Farfli.FR
Signature status: No Signature

Known Samples

MD5: 82debcdbff94cbd5c500af30eb5ad8e3
SHA1: 3ba63337b8c9744d85440acbff8f3b38523de2ec
SHA256: ADE5C12094C59709E066C0EF20E01234B49232C5463FD2B8C84B26449C056B4B
File Size: 147.46 KB, 147456 bytes
MD5: 50b4a645b9498fbc13b7a7e7c1c3dfa5
SHA1: c8b644b344d17011135af25d5d0815659a378c39
SHA256: 087458AA0A2538ED45282CC453FBB16024956CDAA5D22B978EEC4078E4AD5E04
File Size: 184.32 KB, 184320 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments DirectShow Sample
Company Name Microsoft
File Description AudioBox MFC Application
File Version 9.20
Internal Name AudioBox
Legal Copyright Copyright (c) Microsoft Corporation
Original Filename Audiobox.exe
Product Name DirectX 9 SDK
Product Version 9.2

File Traits

  • 2+ executable sections
  • HighEntropy
  • No Version Info
  • SusSec
  • x86

Block Information

Total Blocks: 20
Potentially Malicious Blocks: 0
Whitelisted Blocks: 0
Unknown Blocks: 20

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\\ Generic Read,Write Data,Write Attributes,Write extended,Append data
\\ Synchronize,Write Attributes
c:\program files (x86)\windows mail\wab.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows mail\wab.exe Synchronize,Write Attributes
c:\program files (x86)\windows mail\wabmig.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows mail\wabmig.exe Synchronize,Write Attributes
c:\program files (x86)\windows photo viewer\imagingdevices.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\windows photo viewer\imagingdevices.exe Synchronize,Write Attributes
c:\program files\cuassistant\culauncher.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\cuassistant\culauncher.exe Synchronize,Write Attributes
Show More
c:\program files\microsoft update health tools\expediteupdater.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\expediteupdater.exe Synchronize,Write Attributes
c:\program files\microsoft update health tools\uhssvc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\uhssvc.exe Synchronize,Write Attributes
c:\program files\ruxim\dtudriver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\dtudriver.exe Synchronize,Write Attributes
c:\program files\ruxim\plugscheduler.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\plugscheduler.exe Synchronize,Write Attributes
c:\program files\ruxim\ruximics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\ruximics.exe Synchronize,Write Attributes
c:\program files\ruxim\ruximih.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\ruximih.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\classification\sensece.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\classification\sensece.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\mssense.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\mssense.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseap.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseap.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseaptoast.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseaptoast.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensecm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensecm.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensedlpprocessor.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensedlpprocessor.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensegpparser.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensegpparser.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseidentity.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseidentity.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseimdscollector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseimdscollector.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseir.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseir.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensendr.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensendr.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetracer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetracer.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetvm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetvm.exe Synchronize,Write Attributes
c:\program files\windows defender\configsecuritypolicy.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\configsecuritypolicy.exe Synchronize,Write Attributes
c:\program files\windows defender\mpcmdrun.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\mpcmdrun.exe Synchronize,Write Attributes
c:\program files\windows defender\msmpeng.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\msmpeng.exe Synchronize,Write Attributes
c:\program files\windows defender\nissrv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\nissrv.exe Synchronize,Write Attributes
c:\program files\windows defender\offline\offlinescannershell.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\offline\offlinescannershell.exe Synchronize,Write Attributes
c:\program files\windows mail\wab.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wab.exe Synchronize,Write Attributes
c:\program files\windows mail\wabmig.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wabmig.exe Synchronize,Write Attributes
c:\program files\windows photo viewer\imagingdevices.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows photo viewer\imagingdevices.exe Synchronize,Write Attributes
c:\program files\windows security\browsercore\browsercore.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows security\browsercore\browsercore.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\appinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\appinstaller.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\winget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.240.0_x64__8wekyb3d8bbwe\winget.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.41132.0_x64__8wekyb3d8bbwe\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.41132.0_x64__8wekyb3d8bbwe\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.41132.0_x64__8wekyb3d8bbwe\gethelp.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.41132.0_x64__8wekyb3d8bbwe\gethelp.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\whatsnew.store.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\whatsnew.store.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3dviewer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3dviewer.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\view3d.resourceresolver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\view3d.resourceresolver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftofficehub_18.1903.1152.0_x64__8wekyb3d8bbwe\localbridge.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftofficehub_18.1903.1152.0_x64__8wekyb3d8bbwe\localbridge.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.microsoftsolitairecollection.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.microsoftsolitairecollection.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\solitaire.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\solitaire.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftstickynotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.notes.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftstickynotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.notes.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.brokered.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.brokered.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.mspaint_6.1907.29027.0_x64__8wekyb3d8bbwe\paintstudio.view.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.mspaint_6.1907.29027.0_x64__8wekyb3d8bbwe\paintstudio.view.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olk.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olk.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkbg.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkbg.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkexthost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkexthost.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkfulltrustexecutor.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkfulltrustexecutor.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkmcpserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkmcpserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkpushnotificationbackgroundtask.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\olkpushnotificationbackgroundtask.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\relaunchnativehost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\relaunchnativehost.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\xpdagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.outlookforwindows_1.2026.225.0_x64__8wekyb3d8bbwe\xpdagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.people_10.2202.100.0_x64__8wekyb3d8bbwe\peopleapp.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.people_10.2202.100.0_x64__8wekyb3d8bbwe\peopleapp.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.screensketch_10.1907.2471.0_x64__8wekyb3d8bbwe\screensketch.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.screensketch_10.1907.2471.0_x64__8wekyb3d8bbwe\screensketch.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypeapp.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypeapp.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebackgroundhost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebackgroundhost.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebridge\skypebridge.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebridge\skypebridge.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.storepurchaseapp_22601.1401.7.0_x64__8wekyb3d8bbwe\storeexperiencehost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.storepurchaseapp_22601.1401.7.0_x64__8wekyb3d8bbwe\storeexperiencehost.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.wallet_2.4.18324.0_x64__8wekyb3d8bbwe\microsoft.wallet.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.wallet_2.4.18324.0_x64__8wekyb3d8bbwe\microsoft.wallet.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.webmediaextensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.webmediaextensions.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.webmediaextensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.webmediaextensions.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windows.devhome_0.2100.858.0_x64__8wekyb3d8bbwe\windowsadvancedsettings.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windows.devhome_0.2100.858.0_x64__8wekyb3d8bbwe\windowsadvancedsettings.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windows.devhome_0.2100.858.0_x64__8wekyb3d8bbwe\windowsadvancedsettingsstub\windowsadvancedsettings.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windows.devhome_0.2100.858.0_x64__8wekyb3d8bbwe\windowsadvancedsettingsstub\windowsadvancedsettings.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windows.photos_2026.11020.20001.0_x64__8wekyb3d8bbwe\photos.autoplay.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windows.photos_2026.11020.20001.0_x64__8wekyb3d8bbwe\photos.autoplay.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windows.photos_2026.11020.20001.0_x64__8wekyb3d8bbwe\photos.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windows.photos_2026.11020.20001.0_x64__8wekyb3d8bbwe\photos.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsalarms_11.2512.0.0_x64__8wekyb3d8bbwe\clockwidgets\clockwidgets.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsalarms_11.2512.0.0_x64__8wekyb3d8bbwe\clockwidgets\clockwidgets.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsalarms_11.2512.0.0_x64__8wekyb3d8bbwe\time.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsalarms_11.2512.0.0_x64__8wekyb3d8bbwe\time.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\deploymentagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\deploymentagent.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\restartagent.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\restartagent.exe Synchronize,Write Attributes

632 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 ˆ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ċ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://althawry.org/images/xs.jpghttp://www.careerdesk.org/im RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 ᅕ쒧 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Urlomon
  • URLDownloadToFile
Process Shell Execute
  • WinExec

Shell Command Execution

C:\Users\Ihcltpks\AppData\Local\Temp\0AA85043.exe

Trending

Most Viewed

Loading...