Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.KBD

Trojan.Kryptik.KBD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 1,649
Threat Level: 80 % (High)
Infected Computers: 54,773
First Seen: September 30, 2021
Last Seen: April 22, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.KBD
Signature status: No Signature

Known Samples

MD5: e9bcd8cd4c113ed0b368a3c309b54c68
SHA1: 91fdaa37b7a59587131244583c2b2e022d2b083b
File Size: 5.61 MB, 5607615 bytes
MD5: a907a417576504d93f7bfc398b3b3695
SHA1: 1fc0b9e6c6ab1b814f4addcb800ea22b56a9af0c
SHA256: A9ACA720F0496FD403229CA2F5A48644409BAB4C1430FD35F6408FB6534B0482
File Size: 6.19 MB, 6190430 bytes
MD5: 53b4eb374eda65299fbbcf03c5494eb9
SHA1: 3036c508f8e86b50c2e930df91e3231652871703
SHA256: DF35818C738993A1EFA7EAECCD630D835DE7158DB8524E036419FFF9BA4335A7
File Size: 4.05 MB, 4054688 bytes
MD5: e01a209205a9eea05cee3051f76e5a01
SHA1: ebd1013924ec6ebf6afb46cc197b80ee2a9ebaf9
SHA256: 7E3ECE918A1B0B88487A1366B0A2D8872B81698B9B57E66E4F4D1AD37E24F12F
File Size: 831.75 KB, 831745 bytes
MD5: 2a24a6dab22fab96c6f402dd4131f233
SHA1: d8a57e3f14e93ba3e6590504c6d9aa2558f01c46
SHA256: C0B51AE736237766A55AA657313FD1DC09751978A860C1B9A75E71D823CC84CA
File Size: 6.78 MB, 6779676 bytes
Show More
MD5: 26a1edbeb437181ae8496549beef2975
SHA1: 3181606f4919b17d41c65ddb8ee6533cf0cfe6dd
SHA256: 9EFF819EF27E07CF878178E3B4092B891AEDBCEA40CB5C49962A8D195372E860
File Size: 7.43 MB, 7429104 bytes
MD5: 7af28fed2cd8a02bd323962d2d1b8851
SHA1: fd59e3f54494b52c0fe4a0c0d4d6174f50bfa603
SHA256: 714A93338D39A2C6C11B530CA3B6B7267654A03BEC87AD329C5B6B710AB5E25C
File Size: 3.24 MB, 3241663 bytes
MD5: 4fdb40d854c7ee0d78af8d9e19f56e60
SHA1: 6b286d049041715c77b622271cfd5312c1c86cae
SHA256: EFEEC1FA36A6BB15F1F1A0AD8FAF4F91467D55793295F660D23DA6939204A108
File Size: 542.67 KB, 542667 bytes
MD5: f317dc1feeae9022bac22ab4cf818e55
SHA1: 0017b8263bf4ffee3321232b53cb1c09122f694a
SHA256: 47129F59B2A92BD0F2519C8E217FD72F857EFA8893884DA045BC1B81C9D7B8BD
File Size: 1.21 MB, 1210522 bytes
MD5: 044b6a4c9f4edbf66d22cf70ceecc7a0
SHA1: 2cbb48b977e320a92232431127f13ba1b66d43e3
SHA256: 437E5FDCEF0BC6B42418F8F6CC29371CF88AD6C0495A9600E1D054C114A6A5C1
File Size: 3.66 MB, 3655452 bytes
MD5: 1d3caf337831702390f54adff9e0ba1c
SHA1: bdc4bde23399fa205e53ce21fda61bd8cf2ff9a4
SHA256: 842B60456FEF648E13C34E82B525833E53D97C86D4F9246DB087AEDF90370FD5
File Size: 1.53 MB, 1525621 bytes
MD5: dbdc9b65aaab504b124ae024041a33e2
SHA1: 5d75e691f0c5f5152af60fc686cf018989d1b7b6
SHA256: 13BB2C42A6DC66DBB31582DF0B866F57C262FFD590E25355410C0D1CA2564699
File Size: 7.57 MB, 7566268 bytes
MD5: 88dc5d369bd2213090bfd7c2cfe71d90
SHA1: c8fd420cf316ad8d74ca20b37693f715c34de70d
SHA256: 0C0914D3231B1EAE6D91955E7858C419F27E1E7BE67B6DAFCFA969139DE3C458
File Size: 4.73 MB, 4725423 bytes
MD5: 7e3b6fdadfdb38826c9518ca99553b28
SHA1: 9921f42b227a4138a0e258be7755933f288fc2f2
SHA256: 0922833849D6933296F151322DB3E6CDB4334A0003336E0704F080E861EC1582
File Size: 6.13 MB, 6131083 bytes
MD5: b7b5a046b3c2c4e22b05948766ec8e26
SHA1: 029911be003c963bbde751edbe1474d2f10be83d
SHA256: 17589BD7FF33DA1DBB18B3E6C9DDF41F0E09EDA64F41B261DC9587B5C5C3E8DD
File Size: 4.98 MB, 4981292 bytes
MD5: f513ca829e88412dda957021eb6f6ac8
SHA1: fab2f00102a66558f0c4562618dcc463b687426a
SHA256: D549E0C991A3E25ACEB4C24961FB13A2F82DA1A6C5C6DD28F969592CE7654B12
File Size: 3.33 MB, 3328214 bytes
MD5: 0db7188298a9c39df25114eaef641fd8
SHA1: 4e8b4fe11d862da993a8154c62f96906ccf54555
SHA256: 36ECE321B61D2E3ACF451C20BE04A308F1EB00479B77757D2E58FC961DEF6B9D
File Size: 3.89 MB, 3886296 bytes
MD5: 4fc32c6b0634532dfdd6995e97fb20a5
SHA1: 5b3e1a70e09410e526b3adb18e37c23e93cf4f1a
SHA256: 52B53082FE70E36EB92A241581590C1009697EBB2E068898409097A4DCFCE274
File Size: 3.48 MB, 3480275 bytes
MD5: dea9a6aaaa84fe77a6ad24b41ef6f09f
SHA1: 14b21a7d9a4e20d2819629fb398e26ef1b520c84
SHA256: 18CF001588FA38EEEC0100305CD559760DF4BC2C3E30EA6C58B1A55CFBF42FD4
File Size: 4.68 MB, 4679409 bytes
MD5: c496e7be57fbef3196dd3ff970fca159
SHA1: 9960f0364d38de39be2401777d6f522390051ec2
SHA256: 6FF7C2C91A008295138CEB40026FB82E31E27C229EFFC9A4D3A1CFE3370241AE
File Size: 1.57 MB, 1567639 bytes
MD5: c4bbace425fba30ff4f15ee1ebb6f4e0
SHA1: 6844db1667070daa4c6f2a804bfcef8d490f7819
SHA256: 2945C6E1B53BAC085D03B737E1AE57B64F2D34613E0C42D3C71331DD53750A89
File Size: 521.33 KB, 521331 bytes
MD5: 26aee67e4ef0c844228e7b014a59efce
SHA1: 4bedc921276bbe8386705644ae84373cf9f55595
SHA256: 38154A606B4485A31C588F8D86E9404D65B72C6FEBB68DD6EB7088D6F2FDDFFE
File Size: 6.70 MB, 6701056 bytes
MD5: 6c536865296e22a5bcb80b531a56bb98
SHA1: 3579793ca488d92133811e4c4d04f34eb98971be
SHA256: D48D08BC57DC190283853CBD3CDB9FB2D0CFE817C0097A66FF2FF97F021C1430
File Size: 5.59 MB, 5591954 bytes
MD5: 49267ebdf63f2b552af1c4be7200f4eb
SHA1: 1633dd3c9b2074e2dddadf024f3d5cd382cf1647
SHA256: 4E34B8CCD6439BE0BD85BC6A31CEC5B8A3D9AA091FDF65069A086963DF3C7491
File Size: 6.81 MB, 6808090 bytes
MD5: 238766fd8e3fe4747c9ff744c28d016b
SHA1: 2a1340fe8720c03308f9c474d59de483db8c73e6
SHA256: 2C5571F73683DBA7C98B61632EC0A6E7C34A6E6D80BACC2FC752E59D4CD06587
File Size: 974.47 KB, 974466 bytes
MD5: cbe0af0dda03fa116d1841ab3dd1894c
SHA1: 95c7136b2d258b13bf5f3211de2fd416ad183681
SHA256: 1023F73FB24942104885A00B6BB56B5C75D2E31DED34B353A3A5D8DD9E683D84
File Size: 3.29 MB, 3292390 bytes
MD5: 939a9799143c4c5ee7f6a14c61e3a9ba
SHA1: f4033f228e02224dc4e0bd421c877cfac8b98f53
SHA256: F38468E445B538DAA28F1A0F981DFDA4E01F4B6012594D27BFD5F65E715149A1
File Size: 6.33 MB, 6330778 bytes
MD5: 29dddf59303aed82d8f68e62a6f6353c
SHA1: a1d1b19503aa08f8743042cddd567c751a7202d6
SHA256: BFC097FC68ECD124DEA43D90F3B5569F8FB3433C76A61583365CB2A324CFB71C
File Size: 284.67 KB, 284672 bytes
MD5: d91211037fd0e6649d526b78a3c05b50
SHA1: ba34eeabd82654cc16938f294b9a90eb06ab818f
SHA256: 842164FB63E598C50718437FB6765BEE427D47D85AD4CB35FB81F741C78A3AD9
File Size: 390.69 KB, 390692 bytes
MD5: 7a7c82ea6289b5d8b51bd5f798c0d69d
SHA1: a7b60356d1879325b38468596805d94346d5fea7
SHA256: D2193167903E3CF3E8F1004122AAC1A088305800A8122858753093195A92FC8D
File Size: 2.89 MB, 2894643 bytes
MD5: c483d49918067f617cc1a631c1aa00c2
SHA1: 3d988caf1804c029f082ed0adeb435efb03909bd
SHA256: CDC5FED212386A9E6F21C62ADFA1773A06F6D4DFD037CCE1D964B37E27A00451
File Size: 1.05 MB, 1048576 bytes
MD5: 913a6abc793a9d7cfc4c130ae42f8807
SHA1: 5ef21aa566d46e018ecd1736a1ab237c223110df
SHA256: 9A726375EDC7D200498F25D0C734E50FA43667C864BADC1D28141E85393F102C
File Size: 5.60 MB, 5604988 bytes
MD5: bd23270180e4b102be2f5285fbc31af2
SHA1: 239d1eeb5f93f885013226d724dbe42e91c9d67f
SHA256: 71DE17460A5E9B9BABBFF57126F0B7123D580337D435098F3F8254BFA76E9D02
File Size: 1.13 MB, 1127045 bytes
MD5: a99d42b109041638f208c369ac987366
SHA1: 68084f3317025bd47f58ca1ca46a6ce96c93c91b
SHA256: A829A77AE6B42C91EE0100B24314C4579CEE4F2AB4BF71BCFE6CF59A7443AB01
File Size: 6.55 MB, 6554690 bytes
MD5: 37f12fb3b3639c1e06efc234435014f6
SHA1: 795f0096c243bae4c8a5e809af96bd833c9fb947
SHA256: 86EF11ADAAC820C8314B07D7B4E01BA9649A041A4EC0B3C7A8361B10D2F3ED14
File Size: 3.00 MB, 2999096 bytes
MD5: 84e4799af958ad9e3ed15080002fc36c
SHA1: 15c3c0cfac74126de350c77e57417d33b87cd283
SHA256: DC1941C7D7A5C484AC4780A6D62242951F60F80A0AE7BD75E17A879DCDFA4F34
File Size: 4.19 MB, 4190597 bytes
MD5: a860d1fa88afdde055befddaefa8c5fc
SHA1: f4c6ec10129451b04d43f7ec49e97d4da46472a1
SHA256: 93EA8CB0AB1C06FEA5C6E7396F13EFF4703976CC45CA4FD1ABEC7D843394035E
File Size: 1.89 MB, 1894188 bytes
MD5: 4eb0940ebba2da7553f70994fb1a7ab9
SHA1: 575ed23672e9ca8bfeec939be17eb78c22fa6abf
SHA256: 17F5CEDDD8D12A76CBF0A101F22CA316566B9A64015B4BBCB38530DE19270576
File Size: 6.39 MB, 6390740 bytes
MD5: 42a4444fc11438357ead1cc8436bbb35
SHA1: 8dc7cc565b0bc7d7b0956dcc8f136471bea6f279
SHA256: 60BB3FF61E3597A459CBC0E814B4B7928CABC7899514CBD73F0D105E5A2E90BF
File Size: 1.24 MB, 1240070 bytes
MD5: c76c64886027750afcd65b6f0e4d4a36
SHA1: fc9fdb6ed2ec6c2c748ac7e5ae5a4cfc6687f974
SHA256: 18B0BF50B300A44372F5AC6B438F2E7CB7D8A3389D735DEF63D7AE4EEA0DA1A0
File Size: 4.92 MB, 4918976 bytes
MD5: 6f97c25e9544cb4c5e9485ffd97786aa
SHA1: aceceaeb5b408907bd726df0762804c688a3ddfb
SHA256: 9FF3917BD5790937FA8D28FD9BFEFBB88423DCB70BFD44F387FE991C943B2783
File Size: 2.70 MB, 2700314 bytes
MD5: 0eea7db4ceb1b6b8287884fecea7102c
SHA1: aaf7f1de4fc9b23be9a4c7f4c39a087e5b614ff3
SHA256: 7E106599FC5139A140245B9B27B612057E61844A8AA212231B93646F3F39C4A9
File Size: 2.34 MB, 2336072 bytes
MD5: f64bc51df5a23372d6eacacac8bb9543
SHA1: fb068680a382e25aabecdc18962981abba81c618
SHA256: 7AE178F2FFABD5EE3D2E3F4F68EE6F693CAA8E8A817E7104011F806AF6FA4ADD
File Size: 501.90 KB, 501901 bytes
MD5: 464b29645d057f237f824ec0186332c1
SHA1: 9eff1fa7fe555dedafab56ef14bf41a61c1a44dc
SHA256: E5CCE2958E81457A7F2CB8E407415943E7BEE12CF2196A49B110AEE60120FBCC
File Size: 350.40 KB, 350400 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

25 additional icons are not displayed above.

Windows PE Version Information

Name Value
Company Name
  • 2HB
  • AMD
  • AMD Driver
  • Android_Research_Tool
  • AniMyTeam
  • beAudio Informatica Ltda
  • Budakbego
  • CH
  • Company Marco Henm1971
  • CrackingPatching
Show More
  • El Sitio De Mi Recreo
  • FreyrSCADA Embedded Solution
  • gertudernameserver
  • Geveze.Org
  • Grupo Informatica y Gestion S.R.L.
  • Ha Duy Tin
  • HS Solution
  • iPoker Tools
  • Keyforpro
  • L-Console
  • LOMALKIN
  • MC Electrolux
  • MILYOHIRO GAMING
  • Niple Software
  • Nnasoft
  • None
  • PesCups.Ru
  • PopCap
  • QSM Unlock Tool
  • Rene.E Laboratory
  • Rutor
  • S.P.D.
  • Shenzhen NOD robot CO.,LTD
  • SpeakyChat
  • UCV - TUTORIA
  • Vahopski Soft
  • Valve
  • Valve (CSDOWNLOAD Original)
  • www.SmallGames.ws
  • Zbshareware Lab by Alker
File Description
  • 2HB FoxComm 4.2 - Integration Service Part 1 4.2 Installatio
  • Abandoned - El manicomio Chestnut Lodge 1.00 Installation
  • Agremaster 1.0.028 Installation
  • Alice Greenfingers 1.06 Installation
  • AMD 1.00 Installation
  • AMD Driver 1.00 Installation
  • Android_Research_Tool 1.00 Installation
  • AniMyApp 1.0.0 Installation
  • BCM_T4_Renault_JC_J2534 1.01 Installation
  • beSonus Plus Update 1.9.0.5 Installation
Show More
  • Candado Secreto 5 Installation
  • CCleaner Professional v4.00.4064 Final (Activated) Full Inst
  • Counter-strike 1.6 Installation
  • Counter-Strike Original 1.6 Installation
  • DNP3 Client-Master Simulator 21.06.008 Installation
  • Dynomite Deluxe by SmallGames.WS Installation
  • Expert ModarisV8-DiaminoV6R2 1.00 Installation
  • FastStone Capture 8.4 Installation
  • FIFA 15 Overlays 1.0 by PesCups.Ru 1.0 Installation
  • gertudernameserver 1.00 Installation
  • GTA San Andreas Remastered 1.00 Installation
  • IDM 6.42 build 60 6.42.60 Installation
  • iPoker Tools v226 Installation
  • Kerizim 1.00 Installation
  • Miracle Box Start Button Fixer 1.0 Installation
  • Niple 5.6 Installation
  • NodPrintVision 1.0Update Installation
  • PAC 2023.01 Installation
  • PrismaTV Ver. 1.1.3.0 Installation
  • Product Key Explorer 3.3.2.0 Installation
  • QSM Unlock Tool V1 Installation
  • RDWorks 8.0.29 Installation
  • ReneeUndeleter 2013.2.28.0 Installation
  • SIM Setup - Registered 5.04 Installation
  • Sistema de Contabilidad Multiempresa Jet 2015 2015 Installat
  • SpeakyChat 9.1.5.0 Installation
  • Update JTime 3.1 3.1 Installation
  • USB Disk Security 6.4.0.1 Installation
  • Zumas Revenge Русская версия Installation
  • Твоё родословное дерево 3.3. Installation
  • игры 1.0 Installation
File Version
  • Русская версия
  • Ver. 1.1.3.0
  • v226
  • V1
  • by SmallGames.WS
  • 2023.01
  • 2015
  • 2013.2.28.0
  • 21.06.008
  • 9.1.5.0
Show More
  • 8.4
  • 8.0.29
  • 6.42.60
  • 6.4.0.1
  • 5.6
  • 5.04
  • 5
  • 4.2
  • 3.3.2.0
  • 3.3.
  • 3.1
  • 1.9.0.5
  • 1.6
  • 1.06
  • 1.01
  • 1.00
  • 1.00
  • 1.0Update
  • 1.0.028
  • 1.0.0
  • 1.0
  • (Activated) Full
Internal Name TJprojMain
Legal Copyright
  • 2HB
  • AMD
  • AMD Driver
  • Android_Research_Tool
  • AniMyTeam
  • beAudio Informatica Ltda
  • Budakbego
  • CH
  • Company Marco Henm1971
  • CrackingPatching
Show More
  • El Sitio De Mi Recreo
  • FreyrSCADA Embedded Solution
  • gertudernameserver
  • Geveze.Org
  • Grupo Informatica y Gestion S.R.L.
  • Ha Duy Tin
  • HS Solution
  • iPoker Tools
  • Keyforpro
  • L-Console
  • LOMALKIN
  • MC Electrolux
  • MILYOHIRO GAMING
  • Niple Software
  • Nnasoft
  • None
  • PesCups.Ru
  • PopCap
  • QSM Unlock Tool
  • Rene.E Laboratory
  • Rutor
  • S.P.D.
  • Shenzhen NOD robot CO.,LTD
  • SpeakyChat
  • UCV - TUTORIA
  • Vahopski Soft
  • Valve
  • Valve (CSDOWNLOAD Original)
  • www.SmallGames.ws
  • Zbshareware Lab by Alker
Original Filename TJprojMain.exe
Product Name Project1
Product Version 1.00

File Traits

  • big overlay
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • SIM
  • x86

Block Information

Total Blocks: 782
Potentially Malicious Blocks: 0
Whitelisted Blocks: 782
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Kryptik.KBBJ
  • Kryptik.KBD
  • Kryptik.KBH
  • Kryptik.KBP
  • Lamer.CA

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\amd driver\amd driver\1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\amd driver\amd driver\1.exe Generic Write,Read Attributes
c:\program files (x86)\amd driver\amd driver\1.exe Synchronize,Write Attributes
c:\program files (x86)\amd driver\amd driver\2.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\amd driver\amd driver\2.exe Generic Write,Read Attributes
c:\program files (x86)\amd driver\amd driver\2.exe Synchronize,Write Attributes
c:\program files (x86)\amd driver\amd driver\3.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\program files (x86)\amd driver\amd driver\3.exe Generic Write,Read Attributes
c:\program files (x86)\amd driver\amd driver\3.exe Synchronize,Write Attributes
c:\program files (x86)\amd driver\amd driver\favicon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\amd driver\amd driver\favicon.ico Generic Write,Read Attributes
c:\program files (x86)\amd driver\amd driver\favicon.ico Synchronize,Write Attributes
c:\program files (x86)\amd driver\amd driver\uninstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\amd driver\amd driver\uninstall.exe Generic Write,Read Attributes
c:\program files (x86)\amd driver\amd driver\uninstall.exe Synchronize,Write Attributes
c:\program files (x86)\amd driver\amd driver\uninstall.ini Generic Write,Read Attributes
c:\program files (x86)\amd\amd\1.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\amd\amd\1.exe Generic Write,Read Attributes
c:\program files (x86)\amd\amd\1.exe Synchronize,Write Attributes
c:\program files (x86)\amd\amd\2.exe Generic Write,Read Attributes
c:\program files (x86)\gertudernameserver\gertudernameserver\ferz1009_pub3_2cr23.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\gertudernameserver\gertudernameserver\ferz1009_pub3_2cr23.exe Generic Write,Read Attributes
c:\program files (x86)\gertudernameserver\gertudernameserver\ferz1009_pub3_2cr23.exe Synchronize,Write Attributes
c:\program files (x86)\gertudernameserver\gertudernameserver\ps Generic Write,Read Attributes
c:\program files (x86)\gertudernameserver\gertudernameserver\uninstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\gertudernameserver\gertudernameserver\uninstall.exe Generic Write,Read Attributes
c:\program files (x86)\gertudernameserver\gertudernameserver\uninstall.exe Synchronize,Write Attributes
c:\program files (x86)\gertudernameserver\gertudernameserver\uninstall.ini Generic Write,Read Attributes
c:\programdata\usb disk security\uninstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\usb disk security\uninstall.exe Generic Write,Read Attributes
c:\programdata\usb disk security\uninstall.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\15.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\15.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\15.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\16.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\16.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\16.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\20.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\20.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\20.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\21.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\21.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\21.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\4.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\4.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\5.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\50.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\50.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\50.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\6.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\7.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\8.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\8.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\9.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\9.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\temp_0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\back.eml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\back.eml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\butler Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\butler Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\growing Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\growing Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\sequences.eml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\sequences.eml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\significance Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\significance Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\tmp4351$.tmp Generic Write,Read Attributes,Delete
c:\users\user\appdata\local\temp\ixp000.tmp\variable Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ixp000.tmp\variable Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nseb944.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nskba3f.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba3f.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsuba2e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\uds.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\uds.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uds.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\uds0.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\uds0.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uds0.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\usb disk security.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\usb disk security.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\usb disk security.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\speakychatinstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\speakychatinstall.exe Generic Write,Read Attributes
c:\users\user\appdata\roaming\speakychatinstall.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\speakychatuninstall.cmd Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\speakychatuninstall.cmd Generic Write,Read Attributes
c:\users\user\appdata\roaming\speakychatuninstall.cmd Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::displayname AMD Driver 1.00 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::displayversion 1.00 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::versionminor RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::publisher AMD Driver RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::displayicon C:\Program Files (x86)\AMD Driver\AMD Driver\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::uninstallstring C:\Program Files (x86)\AMD Driver\AMD Driver\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::installlocation C:\Program Files (x86)\AMD Driver\AMD Driver\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::installsource c:\users\user\downloads\ RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::installdate & RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::language Љ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::estimatedsize RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\amd driver 1.00::norepair  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\runonce::wextract_cleanup0 rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Ibbzlepy\AppData\Local\Temp\IXP000.TMP\" RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⧑뇗顬ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 攼눨顬ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 잫눪顬ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⟇뉫顬ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 讴뉭顬ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::displayname USB Disk Security RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::displayversion 6.4.0.1 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::versionminor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::publisher Zbshareware Lab by Alker RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::displayicon C:\ProgramData\USB Disk Security\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::uninstallstring C:\ProgramData\USB Disk Security\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::urlinfoabout http://a1ker.blogspot.ru RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::installlocation C:\Program Files (x86)\USB Disk Security\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::installsource c:\users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::installdate &! RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::language Й RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::estimatedsize RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\usb disk security::norepair  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::displayname SpeakyChat 9.1.5.0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::displayversion 9.1.5.0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::versionmajor RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::versionminor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::publisher SpeakyChat RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::displayicon C:\Program Files (x86)\SpeakyChat\SpeakyChat\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::uninstallstring C:\Program Files (x86)\SpeakyChat\SpeakyChat\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::urlinfoabout http://speakychat.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::helplink mailto:support@company.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::installlocation C:\Program Files (x86)\SpeakyChat\SpeakyChat\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::installsource c:\users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::installdate & RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::language П RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::estimatedsize ێ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\speakychat 9.1.5.0::norepair  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe න䵁곷ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 鲋ȁ獖} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::displayname gertudernameserver 1.00 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::displayversion 1.00 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::versionminor RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::publisher gertudernameserver RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::displayicon C:\Program Files (x86)\gertudernameserver\gertudernameserver\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::uninstallstring C:\Program Files (x86)\gertudernameserver\gertudernameserver\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::urlinfoabout http://www.gertudernameserver.com/ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::helplink mailto:support@company.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::installlocation C:\Program Files (x86)\gertudernameserver\gertudernameserver\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::installsource c:\users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::installdate & RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::language Й RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::estimatedsize ʒ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\gertudernameserver 1.00::norepair  RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState
Process Shell Execute
  • CreateProcess
  • ShellExecute
  • WriteConsole
Process Manipulation Evasion
  • NtUnmapViewOfSection
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateNamedPipeFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerNameEx
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess

Shell Command Execution

"C:\Users\Lulaxasj\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
open C:\Program Files (x86)\AMD Driver\AMD Driver\1.exe
open C:\Program Files (x86)\AMD Driver\AMD Driver\2.exe
open C:\Program Files (x86)\AMD Driver\AMD Driver\3.exe
reg.exe /dfghskhjdf987347589374a
Show More
WriteConsole: ERROR: Invalid A
cmd /c sGiOYWZ & type Sequences.eml | %comspec%
WriteConsole: 'sGiOYWZ' is not
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /S /D /c" type Sequences.eml "
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe
WriteConsole: Microsoft Window
WriteConsole:
WriteConsole: (c) Microsoft Co
WriteConsole: C:\Users\Ibbzlep
WriteConsole: Set Spend=E
WriteConsole: cXHsJeffrey(Ds(O
WriteConsole: 'cXHsJeffrey' is
WriteConsole: zImJGuess(Ea(Pak
WriteConsole: 'zImJGuess' is n
WriteConsole: UiIPublishing(Eq
WriteConsole: 'UiIPublishing'
WriteConsole: mULivestock(Pike
WriteConsole: 'mULivestock' is
WriteConsole: Set Trademarks=Y
WriteConsole: mwGTight(Analyze
WriteConsole: 'mwGTight' is no
WriteConsole: aiSIv(Sympathy(P
WriteConsole: 'aiSIv' is not r
WriteConsole: LpAbsolute(Inter
WriteConsole: 'LpAbsolute' is
WriteConsole: Set Supports=k
WriteConsole: sehFPhentermine(
WriteConsole: 'sehFPhentermine
WriteConsole: SFtKentucky(Shoe
WriteConsole: 'SFtKentucky' is
WriteConsole: iCHqFront(Payabl
WriteConsole: 'iCHqFront' is n
WriteConsole: MNEcCount(Effici
WriteConsole: 'MNEcCount' is n
WriteConsole: FmRevelation(Ste
WriteConsole: 'FmRevelation' i
WriteConsole: Set Horizontal=F
WriteConsole: MmQGEqual(Dealin
WriteConsole: 'MmQGEqual' is n
WriteConsole: iLbAye(Telephony
WriteConsole: 'iLbAye' is not
WriteConsole: JNTrembl(Critics
WriteConsole: 'JNTrembl' is no
WriteConsole: Set Aberdeen=g
WriteConsole: tlvZSlowly(
WriteConsole: 'tlvZSlowly' is
WriteConsole: kjQkSolar(
WriteConsole: 'kjQkSolar' is n
WriteConsole: aAKgPopularity(M
WriteConsole: 'aAKgPopularity'
WriteConsole: Set Nipples=O
WriteConsole: LhySic(Laborator
WriteConsole: 'LhySic' is not
WriteConsole: ymWorkers(Stadiu
WriteConsole: 'ymWorkers' is n
WriteConsole: oaiPlaza(Trailer
WriteConsole: 'oaiPlaza' is no
WriteConsole: uRycSeeks(Assaul
WriteConsole: 'uRycSeeks' is n
WriteConsole: LlYEnclosed(Pa(C
WriteConsole: 'LlYEnclosed' is
WriteConsole: Set Feat=o
WriteConsole: XonMNightmare(
WriteConsole: 'XonMNightmare'
WriteConsole: zKReplacement(Co
WriteConsole: 'zKReplacement'
WriteConsole: Set Tools=y
WriteConsole: tswCompletion(
WriteConsole: 'tswCompletion'
WriteConsole: UidExhibit(
WriteConsole: 'UidExhibit' is
WriteConsole: oCOFInstrumental
WriteConsole: 'oCOFInstrumenta
WriteConsole: nYwHand(Envelope
WriteConsole: 'nYwHand' is not
WriteConsole: Set Save=M
WriteConsole: lqResponse(
WriteConsole: 'lqResponse' is
WriteConsole: YKCargo(Ed(Encou
WriteConsole: 'YKCargo' is not
WriteConsole: kPhSeparately(An
WriteConsole: 'kPhSeparately'
WriteConsole: Set Broker=G
WriteConsole: odyNotification(
WriteConsole: 'odyNotification
WriteConsole: tCAdvisors(
WriteConsole: 'tCAdvisors' is
WriteConsole: XaFCRebecca(Trap
WriteConsole: 'XaFCRebecca' is
WriteConsole: fkPure(Ipod(Offe
WriteConsole: 'fkPure' is not
WriteConsole: tyOStranger(Ozon
WriteConsole: 'tyOStranger' is
WriteConsole: Set Slow=V
WriteConsole: hvdBhutan(Fence(
WriteConsole: 'hvdBhutan' is n
WriteConsole: nlxFCut(Chapter(
WriteConsole: 'nlxFCut' is not
WriteConsole: Set Observe=N
WriteConsole: IbMexican(Timoth
WriteConsole: 'IbMexican' is n
WriteConsole: RUYVaries(Import
WriteConsole: 'RUYVaries' is n
WriteConsole: yTcCreation(Tort
WriteConsole: 'yTcCreation' is
WriteConsole: SwAppointment(Ju
WriteConsole: 'SwAppointment'
WriteConsole: Set Billion=/
WriteConsole: nWQualify(Denver
WriteConsole: 'nWQualify' is n
WriteConsole: sMTies(Ak(Press(
WriteConsole: 'sMTies' is not
WriteConsole: QaqyRoof(Mounted
WriteConsole: 'QaqyRoof' is no
WriteConsole: GCkSurround(
WriteConsole: 'GCkSurround' is
WriteConsole: EmHEmployees(Pub
WriteConsole: 'EmHEmployees' i
WriteConsole: Set Hrs=2
WriteConsole: JfNChrome(Sapphi
WriteConsole: 'JfNChrome' is n
WriteConsole: hLiNQuery(Pirate
WriteConsole: 'hLiNQuery' is n
WriteConsole: ZzMaterials(Ciga
WriteConsole: 'ZzMaterials' is
WriteConsole: TVnJanuary(
WriteConsole: 'TVnJanuary' is
WriteConsole: Set Protected=J
WriteConsole: hvOwen(Iran(Gsm(
WriteConsole: 'hvOwen' is not
WriteConsole: JSPc(Anymore(
WriteConsole: 'JSPc' is not re
WriteConsole: Set Mate=T
WriteConsole: jOSunrise(
WriteConsole: 'jOSunrise' is n
WriteConsole: mnRBuys(Advisory
WriteConsole: 'mnRBuys' is not
WriteConsole: WRcProgramming(
WriteConsole: 'WRcProgramming'
WriteConsole: WuxaBoring(Ports
WriteConsole: 'WuxaBoring' is
WriteConsole: rSCentres(Battle
WriteConsole: 'rSCentres' is n
WriteConsole: Set Hide=P
WriteConsole: LDADistributions

131 additional execution are not displayed above.

Related Posts

Trending

Most Viewed

Loading...