Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Injector.AQ

Trojan.Injector.AQ

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,281
Threat Level: 80 % (High)
Infected Computers: 204
First Seen: November 19, 2012
Last Seen: May 22, 2026
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AntiVir TR/Injector.AQ.101
Kaspersky Trojan-Dropper.Win32.Dapato.btxz
Avast Win32:MalOb-KU [Trj]
Symantec Trojan.Gen.2
K7AntiVirus Trojan
CAT-QuickHeal TrojanDropper.Dapato.btxz
Panda Trj/Sinowal.WWG
AVG PSW.Generic10.ACXB
Fortinet W32/Dapato.ANQD!tr
Ikarus Trojan-Spy.Win32.Zbot
AhnLab-V3 Dropper/Win32.Dapato
Microsoft Trojan:Win32/Injector.AQ
TrendMicro TROJ_GEN.FFFCBJN
AntiVir TR/Rogue.KD.769248.19
Comodo UnclassifiedMalware

SpyHunter Detects & Remove Trojan.Injector.AQ

File System Details

Trojan.Injector.AQ may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. msconfig.dat 183d77cc86c963f6c3392ba16ca89171 2
More files

Analysis Report

General information

Family Name: Trojan.Injector.MA
Signature status: No Signature

Known Samples

MD5: fa53e5df24918930ab27b8f4b5936136
SHA1: 9186c2215f488f2eb62153603a4dd4af20533979
SHA256: 1BB6C9B63BD7387793C45A199EB52E9E3C6E9C2FA1CF0136C0B0350E1872BD23
File Size: 678.91 KB, 678912 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Remote Service Application
Company Name Microsoft Corp.
File Description Remote Service Application
File Version 1, 0, 0, 1
Internal Name MSRSAAPP
Legal Copyright Copyright (C) 1999
Original Filename MSRSAAP.EXE
Product Name Remote Service Application
Product Version 4, 0, 0, 0

File Traits

  • 2+ executable sections
  • ntdll
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 2,833
Potentially Malicious Blocks: 340
Whitelisted Blocks: 2,493
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Banker.G
  • Banload.XE
  • Banload.XG
  • Sednit.D

Files Modified

File Attributes
c:\users\user\documents\msdcsc Synchronize,Write Attributes
c:\users\user\documents\msdcsc\msdcsc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\documents\msdcsc\msdcsc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\documents\msdcsc\msdcsc.exe Synchronize,Write Attributes
c:\users\user\ntuser.dat{53b39e87-18c4-11ea-a811-000d3aa4692b}.txr.3.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\winlogon::userinit C:\Windows\system32\userinit.exe,C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::microupdate C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe RegNtPreCreateKey

5359 additional registry modifications are not displayed above.

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
  • VirtualAllocEx
Process Shell Execute
  • CreateProcess
  • ShellExecute
Thread Create Remote
  • CreateRemoteThread
User Data Access
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation
Network Winsock
  • connect
  • gethostbyname
  • inet_addr
  • socket

Shell Command Execution

notepad
C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe "C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe"
open C:\Users\Qdamznba\Documents\MSDCSC\msdcsc.exe

Trending

Most Viewed

Loading...