Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Agent.SKN

Trojan.MSIL.Agent.SKN

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Agent.SKN
Signature status: No Signature

Known Samples

MD5: 0039ecac9ea202efffb88ef33ceca235
SHA1: 14a9db4b4380f403f2e1669cc87e47008fb92112
File Size: 376.57 KB, 376574 bytes
MD5: b25531b9f0abff6161d13f3e05e41944
SHA1: 1729cb0239b9a4934bc33320b14b784078231389
File Size: 13.82 KB, 13824 bytes
MD5: 49acd955ac22107e3d25235fc46c2e9d
SHA1: 34202bc5d1068174c5fa27d3009fd3b6331f1eda
File Size: 378.95 KB, 378953 bytes
MD5: 4bbdf6a5d42ecf5b140272747bd0eecc
SHA1: 5a05a2afc1e0137e2e9fcedbb090924b72b62918
SHA256: 067A3909EE85989FC0AA9FCDCEE4674318A4E9D6CAD1AAD1A698B2C4AC4AB01D
File Size: 23.55 KB, 23552 bytes
MD5: 71ab21c121d32cb3ef6a32353d8c1bec
SHA1: 6017ce1422872d554efa6460ba6d65faa2b6727e
SHA256: 4B0FFFF51E45876FCCA30FFE21ABD4B00AE7F136AB7279E603E85F66F7AC2D92
File Size: 14.85 KB, 14848 bytes
Show More
MD5: 57d525b86a896922bc2f9237aa9135e0
SHA1: 974f23e4021503f5909d1147e253ca768e8f756f
SHA256: 1C95EBF67CE0E1FD388E1CAB9404095581207694CA52565179A72C9B4004D94D
File Size: 14.34 KB, 14336 bytes
MD5: 2946cafed7129b92f755d3693fa88dca
SHA1: 337689fe8027c3184d0e54386aa48511ae8118ab
SHA256: 9EAC9B7E8862CCF43ED9A9C5920424A6F9D31DE1D6A369B113AE9E09673BEF46
File Size: 15.36 KB, 15360 bytes
MD5: 341422b510fb56fcf7fbe933982d04c9
SHA1: 48178f8d273512386dc5bc527751de418a444e70
SHA256: 718C2DA4A752892FFDC6D5EDE90174DE51E3C56CB3D5E3BC3AE14B8FC5D9B476
File Size: 14.85 KB, 14848 bytes
MD5: b09576a76aa2a82aed68c807573d1d8d
SHA1: 125ec70ec6ade2485cc1a8c59401d1060ba93324
SHA256: 780C77B719A0EAD22DCF1C2AB9441D1BDA0365A50054C02648829640C8669D68
File Size: 14.85 KB, 14848 bytes
MD5: 010d7c05642041da6d970fac05036fe0
SHA1: a0961d3b458dfd349d9a46f8b0168b8336aa307d
SHA256: 46DA424D28656A2A04A59A600393C168B42E82E81BC209782E9036D1FF69A03E
File Size: 26.62 KB, 26624 bytes
MD5: f3ee739eba1aa6a0a4ebc653f11eaf40
SHA1: 82f5a31fc4fc1831fd4ced50b47d8bca9b589572
SHA256: 5D2A15279E8FCABC4C78135824F6DC809132175EF1A185471B2A403115D399AA
File Size: 377.80 KB, 377799 bytes
MD5: f5ae845bfad6a0b3221c168515da9698
SHA1: ed8e21fd568cc8586d7b2ee4fda9c6e7fee4305c
SHA256: B9ED86915E99F4707950BFD1569DF7E1CC90B5B0E3D80767FA2F0D8A1283FFA8
File Size: 14.34 KB, 14336 bytes
MD5: c7fec3cf84e6eec38183171a5c814d46
SHA1: bea6695ffd7748387967e3c28896ca21cf2f785f
SHA256: 7F6292FE82BF7CD57183E5652210690AC2932F6D31C3860986A0BEB4B0D20F3C
File Size: 14.85 KB, 14848 bytes
MD5: 78105caa8959794d8cf88f4b4bec25f1
SHA1: 6dbd27ae00a058d2ab23d747a27ee3ad36e7bde3
SHA256: 4B086D7BF085E71B82A68668851C2834D87D1B75CDCC9D31107D4AAE5C9DFDF7
File Size: 24.06 KB, 24064 bytes
MD5: 32ca9afeec03162a66b48522737400be
SHA1: db9e2dc675b369d9d3eaa2b6052a7591f54442eb
SHA256: F05E6CD0EB0BD789247768C846E21C51B632258E46295A3C00FB998FAD09509C
File Size: 14.85 KB, 14848 bytes
MD5: bdcadaec12c376d8a26fcfb4c81f572b
SHA1: acebe8cf6a8f5981d380d70d2369ef680fb99785
SHA256: 227712A384BD645B2DDCB87863CB85137EE62EC68DC013EA787119D5CB988250
File Size: 23.55 KB, 23552 bytes
MD5: 78997c481f9c472b0d5ae209e81d5e48
SHA1: a6223d01e12decb44ffcd34abb61d91415c24848
SHA256: 9B53B52CDB348E98ECE8879E32C2952B6AFC13420F574CB295B99DE5F6F8E07E
File Size: 14.85 KB, 14848 bytes
MD5: df912121aae936a15a21176828222285
SHA1: 387a061141442a4250e9a72e9f39e20ec718d4a3
SHA256: 573BE8B557C62F1F094C8D69640303F8040E03C959F63B9F7F878DFFF58A5FC9
File Size: 14.85 KB, 14848 bytes
MD5: cb2cebe12dae81dd10a7dd84b8950ab6
SHA1: 110c687b97ca4b345e470da41d7548c0168f1639
SHA256: F95EACD6050D8D9720720A5DEC09C0A149C740D4AA637068A5A9D7F462C6D473
File Size: 15.87 KB, 15872 bytes
MD5: b60401c89b559cf6681b27967564aa8f
SHA1: 1247a340af2a4e58fbca52ea8fed031e890aa7f7
SHA256: D5E6B9AB8B1A5EDEF1FDAEA5B0A80C450D9E7F9D56D25718FD52F7FEDDB5A82D
File Size: 16.38 KB, 16384 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Advanced engine that enhances your scalability. Smart system that protects your tasks. Robust tool that customizes your storage. Advanced engine that enhances your scalability. Smart system that protects your tasks. Robust tool that customizes your storage. Advanced engine that enhances your scalability. Smart system that protects your tasks. Robust tool that customizes your storage. Advanced engine that enhances your scalability. Smart system that protects your tasks. Robust tool that customizes your storage.
  • Advanced module that improves your speed. Reliable service that supports your storage. Seamless program that customizes your operations. Advanced module that improves your speed. Reliable service that supports your storage. Seamless program that customizes your operations. Advanced module that improves your speed. Reliable service that supports your storage. Seamless program that customizes your operations. Advanced module that improves your speed. Reliable service that supports your storage. Seamless program that customizes your operations.
  • Dynamic application that customizes your security. Innovative AI that optimizes your data. Lightweight utility that enhances your productivity. Dynamic application that customizes your security. Innovative AI that optimizes your data. Lightweight utility that enhances your productivity. Dynamic application that customizes your security. Innovative AI that optimizes your data. Lightweight utility that enhances your productivity. Dynamic application that customizes your security. Innovative AI that optimizes your data. Lightweight utility that enhances your productivity.
  • Efficient application that protects your workflow. Versatile service that optimizes your analytics. Lightweight software that simplifies your operations. Efficient application that protects your workflow. Versatile service that optimizes your analytics. Lightweight software that simplifies your operations. Efficient application that protects your workflow. Versatile service that optimizes your analytics. Lightweight software that simplifies your operations. Efficient application that protects your workflow. Versatile service that optimizes your analytics. Lightweight software that simplifies your operations.
  • Efficient assistant that analyzes your performance. Robust solution that streamlines your workflow. Robust assistant that manages your integration. Efficient assistant that analyzes your performance. Robust solution that streamlines your workflow. Robust assistant that manages your integration. Efficient assistant that analyzes your performance. Robust solution that streamlines your workflow. Robust assistant that manages your integration. Efficient assistant that analyzes your performance. Robust solution that streamlines your workflow. Robust assistant that manages your integration.
  • Efficient engine that coordinates your operations. Advanced utility that controls your security. Advanced system that manages your scalability. Efficient engine that coordinates your operations. Advanced utility that controls your security. Advanced system that manages your scalability. Efficient engine that coordinates your operations. Advanced utility that controls your security. Advanced system that manages your scalability. Efficient engine that coordinates your operations. Advanced utility that controls your security. Advanced system that manages your scalability.
  • Fast software that improves your integration. Robust technology that automates your storage. Reliable utility that improves your scalability. Fast software that improves your integration. Robust technology that automates your storage. Reliable utility that improves your scalability. Fast software that improves your integration. Robust technology that automates your storage. Reliable utility that improves your scalability. Fast software that improves your integration. Robust technology that automates your storage. Reliable utility that improves your scalability.
  • Flexible system that coordinates your tasks. Powerful AI that supports your integration. Smart suite that improves your connectivity. Flexible system that coordinates your tasks. Powerful AI that supports your integration. Smart suite that improves your connectivity. Flexible system that coordinates your tasks. Powerful AI that supports your integration. Smart suite that improves your connectivity. Flexible system that coordinates your tasks. Powerful AI that supports your integration. Smart suite that improves your connectivity.
  • Innovative assistant that analyzes your scalability. Robust AI that enhances your scalability. User-friendly solution that enhances your data. Innovative assistant that analyzes your scalability. Robust AI that enhances your scalability. User-friendly solution that enhances your data. Innovative assistant that analyzes your scalability. Robust AI that enhances your scalability. User-friendly solution that enhances your data. Innovative assistant that analyzes your scalability. Robust AI that enhances your scalability. User-friendly solution that enhances your data.
  • Innovative solution that customizes your integration. Smart service that automates your speed. Seamless application that optimizes your scalability. Innovative solution that customizes your integration. Smart service that automates your speed. Seamless application that optimizes your scalability. Innovative solution that customizes your integration. Smart service that automates your speed. Seamless application that optimizes your scalability. Innovative solution that customizes your integration. Smart service that automates your speed. Seamless application that optimizes your scalability.
Show More
  • Intelligent platform that accelerates your integration. Robust technology that boosts your operations. Seamless extension that controls your data. Intelligent platform that accelerates your integration. Robust technology that boosts your operations. Seamless extension that controls your data. Intelligent platform that accelerates your integration. Robust technology that boosts your operations. Seamless extension that controls your data. Intelligent platform that accelerates your integration. Robust technology that boosts your operations. Seamless extension that controls your data.
  • Reliable service that controls your productivity. Secure interface that streamlines your speed. Intelligent service that enhances your productivity.
  • Scalable framework that optimizes your integration. Versatile module that simplifies your operations. Powerful system that boosts your system. Scalable framework that optimizes your integration. Versatile module that simplifies your operations. Powerful system that boosts your system. Scalable framework that optimizes your integration. Versatile module that simplifies your operations. Powerful system that boosts your system. Scalable framework that optimizes your integration. Versatile module that simplifies your operations. Powerful system that boosts your system.
  • Seamless suite that boosts your analytics. Secure AI that manages your connectivity. Powerful AI that manages your productivity. Seamless suite that boosts your analytics. Secure AI that manages your connectivity. Powerful AI that manages your productivity. Seamless suite that boosts your analytics. Secure AI that manages your connectivity. Powerful AI that manages your productivity. Seamless suite that boosts your analytics. Secure AI that manages your connectivity. Powerful AI that manages your productivity.
  • Versatile extension that simplifies your data. Reliable utility that coordinates your tasks. Lightweight system that integrates your network. Versatile extension that simplifies your data. Reliable utility that coordinates your tasks. Lightweight system that integrates your network. Versatile extension that simplifies your data. Reliable utility that coordinates your tasks. Lightweight system that integrates your network. Versatile extension that simplifies your data. Reliable utility that coordinates your tasks. Lightweight system that integrates your network.
  • Versatile extension that simplifies your security. Lightweight AI that enhances your analytics. Flexible assistant that manages your storage. Versatile extension that simplifies your security. Lightweight AI that enhances your analytics. Flexible assistant that manages your storage. Versatile extension that simplifies your security. Lightweight AI that enhances your analytics. Flexible assistant that manages your storage. Versatile extension that simplifies your security. Lightweight AI that enhances your analytics. Flexible assistant that manages your storage.
  • Versatile technology that supports your workflow. Innovative program that automates your productivity. Secure tool that optimizes your speed. Versatile technology that supports your workflow. Innovative program that automates your productivity. Secure tool that optimizes your speed. Versatile technology that supports your workflow. Innovative program that automates your productivity. Secure tool that optimizes your speed. Versatile technology that supports your workflow. Innovative program that automates your productivity. Secure tool that optimizes your speed.
Company Name
  • Amdahl
  • Barnette
  • Butave
  • Detective
  • Fexexa
  • Gudija
  • Interlinked
  • Lennie
  • Mobapo
  • Paso
Show More
  • Prohibition
  • Radela
  • Ranjan
  • Savor
  • Swafford
  • Uyumuv
  • Wozuru
File Description
  • Ahijiz
  • Bonuki
  • Dangerous
  • Embellishment
  • Esozuh
  • Foresighted
  • Garbanzos
  • Heng
  • Hooves
  • Mcallister
Show More
  • Nexuku
  • Owufin
  • Pandora
  • Seoul
  • Typographic
  • Uzecab
  • Vumewa
  • yardsyards harmsenharmsen EncinoEncino yards yardsyards harmsenharmsen EncinoEncino yards yardsyards harmsenharmsen EncinoEncino yards yardsyards harmsenharmsen EncinoEncino yards yardsyards harmsenharmsen EncinoEncino yards yardsyards harmsenharmsen EncinoEncino yards yardsyards harmsenharmsen EncinoEncino yards
File Version
  • 5.3.5.147
  • 1.0.0.0
Internal Name
  • Amdahl.exe
  • Barnette.exe
  • Butave.exe
  • Detective.exe
  • Fexexa.exe
  • Gudija.exe
  • Interlinked.exe
  • Lennie.exe
  • Mobapo.exe
  • Paso.exe
Show More
  • Prohibition.exe
  • Radela.exe
  • Ranjan.exe
  • Savor.exe
  • Swafford.exe
  • Uyumuv.exe
  • Wozuru.exe
Legal Copyright
  • Copyright © 2025
  • Encino Cantab
Original Filename
  • Amdahl.exe
  • Barnette.exe
  • Butave.exe
  • Detective.exe
  • Fexexa.exe
  • Gudija.exe
  • Interlinked.exe
  • Lennie.exe
  • Mobapo.exe
  • Paso.exe
Show More
  • Prohibition.exe
  • Radela.exe
  • Ranjan.exe
  • Savor.exe
  • Swafford.exe
  • Uyumuv.exe
  • Wozuru.exe
  • yards.exe
Product Name
  • Ahijiz
  • Bonuki
  • Dangerous
  • Embellishment
  • Encino
  • Esozuh
  • Foresighted
  • Garbanzos
  • Heng
  • Hooves
Show More
  • Mcallister
  • Nexuku
  • Owufin
  • Pandora
  • Seoul
  • Typographic
  • Uzecab
  • Vumewa
Product Version
  • 5.3.5.147
  • 1.0.0.0

File Traits

  • .NET
  • x86

Block Information

Total Blocks: 26
Potentially Malicious Blocks: 6
Whitelisted Blocks: 19
Unknown Blocks: 1

Visual Map

0 0 x 0 x 0 0 0 0 0 0 x x 0 0 ? 0 0 0 0 x 0 0 0 x 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Agent.SKJ
  • MSIL.Agent.SKN

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\govenment.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\govenment.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\microsoft.web.webview2.core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\microsoft.web.webview2.winforms.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\microsoft.web.webview2.wpf.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\runtimes\win-arm64\native\webview2loader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\runtimes\win-x64\native\webview2loader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\borax\runtimes\win-x86\native\webview2loader.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\buttery\microsoft.web.webview2.core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\microsoft.web.webview2.winforms.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\microsoft.web.webview2.wpf.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\powerboats.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\powerboats.exe.config Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\runtimes\win-arm64\native\webview2loader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\runtimes\win-x64\native\webview2loader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\buttery\runtimes\win-x86\native\webview2loader.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp6505.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv4d95.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv4d95.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv4d95.tmp\nsexec.dll Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Xuwjxhbb\AppData\Local\Temp\nsv4D95.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe Ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap

82 additional items are not displayed above.

Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

taskkill /f /im Govenment.exe
C:\Users\Xuwjxhbb\AppData\Local\Temp\borax\Govenment.exe ""
taskkill /f /im Encino.exe
C:\Users\Bfasxkfj\AppData\Local\Temp\buttery\Powerboats.exe ""

Trending

Most Viewed

Loading...