Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.KBP

Trojan.Kryptik.KBP

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,605
Threat Level: 80 % (High)
Infected Computers: 15,566
First Seen: July 6, 2021
Last Seen: April 17, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Kryptik.KBP
Signature status: No Signature

Known Samples

MD5: f968a7ad25b6603c5c95612e6dab6519
SHA1: 0d71a9169bc81454a342023c35af666f7ec25951
File Size: 2.51 MB, 2513175 bytes
MD5: 67b2d180d63eb848565154a200bae707
SHA1: 8221c1b4851557307c78a60a65fbaa065a552b29
File Size: 1.02 MB, 1018631 bytes
MD5: f3d7cf49bd2ed49e59e34ad5051888ad
SHA1: 6069c4e5ec5ad852938059d6078ee053ed007402
SHA256: 573726DBF53B9CB454923112C7F974BDA6FBB2B200CECCADACA64A8A173D35A2
File Size: 823.53 KB, 823535 bytes
MD5: dab07fab9d93150d5b053c56c7b15b34
SHA1: 1383b1c58f57a19c0487c816a391f6e2c95eb291
SHA256: C9F27CE2E972F465E2A0EE0E05E9603CB5CE7B53254DBD798398ABDB0FF89BA5
File Size: 2.73 MB, 2725941 bytes
MD5: e07bc792de1a6264db8677b00f84c073
SHA1: a354a54bcb35f2f81a81241b4344c34db4393411
SHA256: 14E0EC3319FA780279830761CB70D1E06287032BDCAB233EA88685D449C954FC
File Size: 225.83 KB, 225829 bytes
Show More
MD5: 1ebb4d7c67a7894b32632303b5b2340f
SHA1: ff57732e8227e65ca8c78afcf743dc42497b248c
SHA256: AF15C6178091309E1B983FFD5241160D6550B7028336F40796488EE16E56CD4A
File Size: 1.11 MB, 1108518 bytes
MD5: 5a1409663765fa0f9f193cad16a6f502
SHA1: a766fd3c30c6726d417fb203f66f39226f7959bd
SHA256: 8C149BD98797416B13EA79A40ED9E0AAB3159D7AEC32ACB09BF2BFFF2862D932
File Size: 3.10 MB, 3098823 bytes
MD5: 207af92929a90eee9523f1fb48e95cd0
SHA1: f61315508f2f6eb94c9a5af54ce26ed10c65b056
SHA256: 77F5562A7E5FC440299C2A406731D85133FBEEBDDF07F2231C5408F8A9EF3155
File Size: 1.51 MB, 1508070 bytes
MD5: 4a1e1278ad91b4c5e130eed18e82e18d
SHA1: da8dbf9f96cd1b39f66d4de0232f570227aba8e6
SHA256: D201AE2DF0553902B2DA9E848DA435C74D9A269092E49EA927DB996E96F3EB4F
File Size: 1.21 MB, 1214787 bytes
MD5: bced06fbb566c6669a755fcef6b9c1c7
SHA1: 3bef0fcb143ff9a552d4f8199158d4c6bb13230b
SHA256: A116BF3E7165647ED39F7F3AACA49C30EB4F2DAB331DF87C300FCAC3347BB63A
File Size: 1.48 MB, 1484628 bytes
MD5: 93868ac6a2facd746067095d6ec0f7bb
SHA1: d4611cad25020d123f37df0182097b5bc220a925
SHA256: 771682F878C2A71955635A52E25FE1548393C68031D9F19DC6A371CF50A7FC59
File Size: 608.13 KB, 608128 bytes
MD5: 62164737f2c16da7480e50cfcf5fdb66
SHA1: 964104bb8682a1fe23eac8e9c8b9f0b1b6b0d50d
SHA256: 35DCDC6B09DFEB4BBE2B607FA2E60A130A8D64049AB6721B37380FB8E9C1646F
File Size: 620.50 KB, 620495 bytes
MD5: d948723f24f7ef671c7f23e7c04e3df6
SHA1: 983731adc41c57b770a740e917b3c69baa5a0d04
SHA256: 4E7472D966B01D8891919D6B02C8720B91B50C322C1FF22B0FEEBEED63F9FC60
File Size: 677.25 KB, 677250 bytes
MD5: 3dc1bd6adfbdb93fdbdd62773a78fe55
SHA1: dfdada15e0e33f09c8e645d53122ce7e7b056d47
SHA256: C5C43306F0F47F12F6B5552944528F3AEEDCF99F998ABC6576D54C231593BAD3
File Size: 407.43 KB, 407432 bytes
MD5: 9a8421c1531ff81ee1fbc645cc517119
SHA1: 30ab65b196cadbfe4d5294f7bacb492bf79beb37
SHA256: 7648F207C055164F4D4ED1D12D5A525695DDFFDC09FB816B8C01996A2920D3E4
File Size: 897.21 KB, 897208 bytes
MD5: 1e6dbcf137acaeccbf7b39db842f489f
SHA1: ab24f8c3e40fe708529ce97efa0fae4db2ec9311
SHA256: DD66CC381F6899411E7BD73449744B55C3BC3D40F432FDE85E0AD2F3FA10DC51
File Size: 2.70 MB, 2699964 bytes
MD5: b9a77216900c859465f20c44644c500a
SHA1: 083f03fd9a127fb5edf005e9935a4f221c7e3a3c
SHA256: 3894F2173BA17AF0FBF027DF0AE9701E0070A20F5C3E5C93B33D76E75F5AB85F
File Size: 3.15 MB, 3154874 bytes
MD5: 5e2911f466fecdbceb8fb6da0ffe5597
SHA1: f2b6aded761220de868c7aefcd9f74b90b9c62ae
SHA256: 41E57FF7999C286586EAB5716BF716E559BA5904DAC57134DD21AD00813A4AC9
File Size: 2.16 MB, 2161336 bytes
MD5: 6afd883962d7de1234440d856e652b84
SHA1: 28737677e3c6ec5268f43452168d0a1c74a9b17e
SHA256: 6C88019E9502E5964CA0167F8E0A5D3A4857F2D2C85ABB594907A337BF6A04D5
File Size: 675.01 KB, 675011 bytes
MD5: 1269fb8c81c3b0b68313e4df70286761
SHA1: f59701a15314246b435a0a11fa75829689f8b294
SHA256: E1A22D7BC0561A95155B125913F0007395562C9B12E628F7622E4B01A3BD4831
File Size: 2.40 MB, 2397926 bytes
MD5: 5c0404ac5f5d3eda01874f310827da0d
SHA1: d11bd26ffd0121e9e91115104936f33b8b51e83c
SHA256: 4256DA6D13DF4568E63216D43D68ADEE714ACE498B97EE205915C87FEF20B966
File Size: 199.23 KB, 199228 bytes
MD5: 7d2a8864ae5aee99bebcff06ecdb2649
SHA1: 24c3ad0ca5b516728adf54a2c98bfe7f839d2669
SHA256: 166E28FD54DC0D8EEEDB8533A0B556641102AB5D667656410C059F684387CE5E
File Size: 1.91 MB, 1914208 bytes
MD5: af9878842b18acec485852877ed39cd8
SHA1: 7c645cc0c5656b30f1e91824518c28eed358f9f8
SHA256: 23ACCA97A1B53A471F15E55F2363DF17BF2C904EAD85E94E7AAE1157AD6FE0AD
File Size: 791.65 KB, 791654 bytes
MD5: 498bfdddb1590f57355838ebe0ee1fb3
SHA1: 84741480d395a5c6bfc108c58a1de9777f743c49
SHA256: 28D71A3F68F2F169415AFDA987A910268DDD3EF0DDDB7CBF9E29C0644A320B93
File Size: 1.04 MB, 1041894 bytes
MD5: 1b8c146280d0874aa28df2f41c8505df
SHA1: 91796394f3367236e1edec47bf1ca6cff33da5d0
SHA256: 8CE648DC00040EDECD0AA77B550E829C9C4FE25A623B682F9950BE0F09DA1B8C
File Size: 897.40 KB, 897403 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • Cracked & Activator created by Talha's PC Soft. (MH Talha)
  • Seven7i
Company Name
  • 23000-ر تليلي
  • CrackingPatching
  • Dronex_19
  • EDISON JAVIER MONCAYO ILBAY
  • Esoft
  • Grass Valley
  • IMTalker
  • KMSAuto Lite
  • KMS GUI ELDI
  • LOMALKIN
Show More
  • Revision Anual
  • Seven7i
  • SNES9X
  • Türkçe Oyun Merkezi
  • VSO-Software
  • Windows Update
  • XLN KeyGen
File Description
  • BASES PUNIS 2022 Installation
  • ConvertXToDVD v.4.2.0.0 Installation
  • DJI Gimbal Calibration Tool V1.0 Installation
  • EDIUS 9.X.11 COMBO 2025 1.00 Installation
  • FilesSystem32_Hatier 1.00 Installation
  • HD Tune Pro 5.60 Installation
  • IDM 6.42 build 43 6.42.43 Installation
  • Internet Download Manager (IDM) 6.25 Build 17 Full Version
  • KMSAuto 1.8.8 Installation
  • KMSPico 10.2.0 Installation
Show More
  • KoolText Addons System Installation
  • MyCam 1.1 Installation
  • Revision Anual 1.00 Installation
  • Seven7i
  • Super Mario World 2.00 Installation
  • Tom Clancy’s Splinter Cell %100 Türkçe Yama v-1.0 Installati
  • Window update 1.0 Installation
  • XLN KeyGen 1.0 Installation
File Version
  • V1.0
  • v.4.2.0.0
  • v-1.0
  • Addons System
  • 2022
  • 10.2.0
  • 6.42.43
  • 6, 25, 17, 2
  • 5.60
  • 2.00
Show More
  • 1.8.8
  • 1.1
  • 1.00
  • 1.00
  • 1.00
  • 1.0
Internal Name
  • Internet Download Manager
  • TJprojMain
Legal Copyright
  • 23000-ر تليلي
  • CrackingPatching
  • Dronex_19
  • EDISON JAVIER MONCAYO ILBAY
  • Esoft
  • Grass Valley
  • IMTalker
  • KMSAuto Lite
  • KMS GUI ELDI
  • LOMALKIN
Show More
  • Revision Anual
  • Seven7i
  • SNES9X
  • Türkçe Oyun Merkezi
  • VSO-Software
  • Windows Update
  • XLN KeyGen
Original Filename
  • IDMan.exe (Cracked)
  • TJprojMain.exe
Product Name
  • Internet Download Manager (IDM) Crack
  • Project1
Product Version
  • 6, 25, 17, 2
  • 1.00

File Traits

  • big overlay
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • SIM
  • x86

Block Information

Similar Families

  • Kryptik.KBBJ
  • Kryptik.KBD
  • Kryptik.KBH
  • Kryptik.KBP
  • Lamer.CA

Files Modified

File Attributes
\device\namedpipe\pshost.134121602027619089.8092.defaultappdomain.powershell Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\program files (x86)\esoft\mycam\acutil.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\acutil.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\acutil.dll Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\avlf.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\avlf.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\avlf.dll Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\gdiplus.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\gdiplus.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\gdiplus.dll Synchronize,Write Attributes
Show More
c:\program files (x86)\esoft\mycam\hand.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\hand.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\hand.dll Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\liveupdate.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\liveupdate.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\liveupdate.dll Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\microsoft.vc90.crt.manifest Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\microsoft.vc90.crt.manifest Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\microsoft.vc90.crt.manifest Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\msvcp90.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\msvcp90.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\msvcp90.dll Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\msvcr90.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\msvcr90.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\microsoft.vc90.crt\msvcr90.dll Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\mycam.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\mycam.exe Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\mycam.exe Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\snapshot.wav Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\snapshot.wav Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\snapshot.wav Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\uninstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\uninstall.exe Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\uninstall.exe Synchronize,Write Attributes
c:\program files (x86)\esoft\mycam\zlib.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\esoft\mycam\zlib.dll Generic Write,Read Attributes
c:\program files (x86)\esoft\mycam\zlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\15.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\15.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\15.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\16.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\16.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\16.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\4.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\4.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\5.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\5.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\7.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\7.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\8.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\8.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\9.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\$inst\9.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\$inst\9.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\$inst\temp_0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ezbtjnqg.24w.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_o1at1rai.d5b.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd29e6.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd29e6.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi28cc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsif4b4.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsma69d.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsma69d.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn3cad.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsn3cae.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn3cae.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso29d6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswa506.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswa68c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx3bb3.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsyf5fd.tmp\advsplash.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyf5fd.tmp\aero.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyf5fd.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyf5fd.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyf5fd.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsyf5fd.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyf5fd.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\spltmp.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\spltmp.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\aboutlogo.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\aboutlogo.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\aboutlogo.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\diskoff.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\diskoff.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\diskoff.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\diskon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\diskon.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\diskon.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragcopy.cur Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragcopy.cur Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragcopy.cur Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragmove.cur Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragmove.cur Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragmove.cur Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragno.cur Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragno.cur Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\dragno.cur Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\estimate.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\estimate.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\estimate.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\file.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\file.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\file.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\folderup.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\folderup.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\folderup.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\passwordoff.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\passwordoff.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\passwordoff.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\passwordon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\passwordon.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\passwordon.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rar.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rar.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rar.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rarsmall.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rarsmall.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rarsmall.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rev.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rev.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\rev.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\setup.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\setup.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\setup.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sfx.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sfx.ico Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sfx.ico Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sfxlogo.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sfxlogo.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sfxlogo.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sortdown.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sortdown.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sortdown.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sortup.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sortup.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\sortup.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\add.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\add.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\add.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\benchmark.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\benchmark.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\benchmark.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\comment.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\comment.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\comment.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\convert.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\convert.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\convert.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\delete.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\delete.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\delete.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\exit.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\exit.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\exit.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\extract.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\extract.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\extract.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\extractto.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\extractto.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\extractto.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\find.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\find.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\find.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\info.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\info.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\info.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\lock.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\lock.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\lock.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\print.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\print.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\print.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\protect.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\protect.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\protect.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\repair.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\repair.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\repair.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\report.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\report.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\report.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\sfx.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\sfx.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\sfx.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\test.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\test.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\test.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\view.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\view.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\view.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\virusscan.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\virusscan.bmp Generic Write,Read Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\virusscan.bmp Synchronize,Write Attributes
c:\users\user\appdata\roaming\winrar\themes\winrar windows 10 by seven7i\toolbar\wizard.bmp Generic Read,Write Data,Write Attributes,Write extended,Append data

11 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Firbgszh\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Firbgszh\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Firbgszh\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Htwpzixd\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Htwpzixd\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Htwpzixd\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::displayname Seven7i 1.00 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::displayversion 1.00 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::versionminor RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::publisher Seven7i RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::displayicon C:\Users\Rwaeyfsy\appdata\Roaming\WinRAR\Themes\Winrar windows 10 By Seven7i\Uninstall.exe RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::uninstallstring C:\Users\Rwaeyfsy\appdata\Roaming\WinRAR\Themes\Winrar windows 10 By Seven7i\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::urlinfoabout http://www.company.com/ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::helplink mailto:support@company.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::installlocation C:\Users\Rwaeyfsy\appdata\Roaming\WinRAR\Themes\Winrar windows 10 By Seven7i\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::installsource c:\users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::installdate % RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::language Љ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::estimatedsize Ѻ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\seven7i 1.00::norepair  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鏅绢ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001 Windows Network Diagnostics RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::displayname MyCam 1.1 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::displayversion 1.1 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::versionmajor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::versionminor  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::publisher Esoft RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::displayicon C:\Program Files (x86)\Esoft\MyCam\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::uninstallstring C:\Program Files (x86)\Esoft\MyCam\Uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::installlocation C:\Program Files (x86)\Esoft\MyCam\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::installsource c:\users\user\downloads\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::installdate &( RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::language Ж RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::estimatedsize RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::nomodify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\mycam 1.1::norepair  RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

"C:\Users\Firbgszh\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
"C:\Users\Htwpzixd\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
open powershell.exe -Command "Add-MpPreference -ExclusionPath '$env:APPDATA\windowshost'"
"C:\Users\Wqzqbbyu\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\

Trending

Most Viewed

Loading...