Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.MSIL.Clicker.CCJ

Trojan.MSIL.Clicker.CCJ

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Clicker.CCJ
Signature status: No Signature

Known Samples

MD5: d0bcad62017645c4e987f44aedb9afd5
SHA1: d3df81ac5aabd17bfa80c60de0828e4abac24ab0
SHA256: BF4C3CC0BC2A36489F83E5FE67B709566A15D8AB8F893D992795C27C007B6DD8
File Size: 9.45 MB, 9452544 bytes
MD5: 9d9890968b99c09d21ec8fe0dda6e2d8
SHA1: bd5b5cd677a8708cc10a8cefe46f73a546b5ea07
SHA256: 56D0C6F8E0C52F5FB6B976EC8EA581D03527D5D8EFDF7AA4966387EAB7FB6A5D
File Size: 7.40 MB, 7398912 bytes
MD5: 884481a3e7e82dfb2f3935d966caf161
SHA1: d5fd39d59ca427d13693f5646d5948bffc4cf074
SHA256: 16BC048B289DA4642BEC52D9FD32D2D68698FABCEACE70610229D1A39807A9D2
File Size: 9.18 MB, 9180672 bytes
MD5: b87273c4d75fb87346cf794d8ee67e78
SHA1: 43ebf1699be0db9eea306d4995e44bcbcaa9204a
SHA256: A2E0DC6848134819FA50905840C5730AB87E5010A2E2C099A20EB9E82E0791E4
File Size: 9.27 MB, 9274368 bytes
MD5: 0adb1d6e9b767e8a0413fb94e459255e
SHA1: 43a7925286d73fbbc369f1e58bdf697e83e5be1f
SHA256: 7B17F7D548358BC77C151F37954937461E2EC0A733B0A3533D04C27F26219A09
File Size: 7.71 MB, 7712768 bytes
Show More
MD5: 8a6c086a823af2446a6e0a118a100654
SHA1: a2e74fd99e783d1fc7ea6c83e806e3793806d4eb
SHA256: 41C2DCE409159C2831A484483071BF8B3723A0FEAADCFBB59D282CD529D62CB8
File Size: 9.65 MB, 9646592 bytes
MD5: d98c31e1be40d81edbea011b09b50079
SHA1: 6bfd22b9fe590c9ba919e136b08f72b3c9f9a0b9
SHA256: 181AC4235EFDAC03338E6CCF1966A4505800503B99D1AB03A9200EADABB7772D
File Size: 7.36 MB, 7356881 bytes
MD5: 3cc22351cc1188e8ce66961471b3e794
SHA1: fd51f5ef8571247b9e3f0b7ac32649c674d4da3a
SHA256: B40A883F050A1BA05FB6A5E06AC5DB3CFF072D1E64E056C19BB15368EF6BF64A
File Size: 7.63 MB, 7634323 bytes
MD5: d0108345861b927f135918baa95f2b05
SHA1: d95407c9d8aa5b42dc486921a5f450551eb57708
SHA256: 1D38EFF008B4B760122EFAE98AD6707AA5D71E58DDC97E7562C9311E37B6D918
File Size: 9.61 MB, 9606646 bytes
MD5: f871916a4c2a5b32b8ae85ce1f7c00ab
SHA1: 63859d62fe8f050d2883a22e7c7b0c43ce0d0749
SHA256: ADDC757E0E8B7A187281626593BBB0DBB4573A73929F4E8E0DAB3F2704A188D3
File Size: 7.46 MB, 7463548 bytes
MD5: cfa058f4768ef5ce0026d4bf9a673d95
SHA1: 98a62bbcab1a4dcd4b41712769b029169410ae4b
SHA256: DCF53B265B306DC76FD5E4A2C8CBBC05DA971F7D2C81D018B15D061E13CC4685
File Size: 6.93 MB, 6927435 bytes
MD5: e0a8c5e5e9e9d91fdc9f40e238f10421
SHA1: ae05df2b4927d8aef6281fad7db3b3e930c41e9f
SHA256: 62705E7A6FF6DBB2E154625EC14D53BBA65A86704C9F2BE9D5C338E2C4B370E7
File Size: 7.78 MB, 7778816 bytes
MD5: c249ba17ced139b460d00877562e41dd
SHA1: 62bb4c25d7bfdab4b13772e94176227cc721ad87
SHA256: E3C09A2978C6C897DBDEE1012A6B35491289C5E833DA3BBF257CBA66472368A7
File Size: 8.11 MB, 8114753 bytes
MD5: b4cc78eff816da4eb292aa03eabf2e5b
SHA1: 45ed72b04d7abd1e062749ccce1ab0ac83c206f0
SHA256: 88CB927EB60A6157AACD254A6C233CA0D858CF770436215EA2805E5E6BDE0353
File Size: 5.56 MB, 5558609 bytes
MD5: b11f1c9378ad21516319fd521d2e18f5
SHA1: df505e2879de0fa51b292eae414cea025bdf8004
SHA256: 39EF092A2D90001FA033379FCF9A03D133A574976D5988C4BD29EADA069CAC55
File Size: 8.03 MB, 8030208 bytes
MD5: 010a97a10ee26de3949a8ba544f963e5
SHA1: a26ee5e27711ef53b30848ddcb3266b613dee80e
SHA256: 22C1D1245E76787AC6C2F66E6778911ADA5EB8774DEC0E428FCFD6DEF61521DE
File Size: 8.74 MB, 8744126 bytes
MD5: 172ea57975e819dbb46167f2fd15101d
SHA1: 1b21dbf4134a31a12b8c97773f519e1eb79d63d0
SHA256: 08C85527B26F74DE6ADEF9CF7555CA44B88CD56B5DB9040E33AF6FBC70C32D17
File Size: 5.29 MB, 5288540 bytes
MD5: 039b426f9baaebe4bdc35aec07d82a3b
SHA1: 07d54422ba22858cfa34905938deaee403a1b436
SHA256: B26DE141C0AAD98E6D069AC703813FFCE25F08CB3EC360EEA6E58D03DA08C871
File Size: 7.71 MB, 7708716 bytes
MD5: 64d52da3f99932f2284805d01d910137
SHA1: 4de68946d2025a839dfc1d1a57cf1800a0a3b100
SHA256: DFA27D76943AE9F56C1876E9AB48522877AAE245F661DE691D8F4DA54502273F
File Size: 6.50 MB, 6498204 bytes
MD5: 450fe2d633fdd28ecb6c9f0a81f15ed4
SHA1: 72b7bb58ff46a43fff334c3d696e5077fb949c0a
SHA256: A04EAA6B313A8B36566608E250E758EF50C83FF0BF980EB47B8D4C17875F4953
File Size: 7.27 MB, 7274040 bytes
MD5: c3cb2efef93bcc250047acf1528dd430
SHA1: 9f6a889f3b1b815ce7fce3d2bbb9e800788c407c
SHA256: E8FD17310B7EE9031F4BABA542544542D69D7A26C5B3B74F388CEBBA3120BA0D
File Size: 6.19 MB, 6191528 bytes
MD5: 9627669c646cf221c622d4446a46a270
SHA1: 6f11f25d3be0ce876439f427fd83d21d7ca0fabf
SHA256: D3CE1EFC5D116183EC399B1828975D4B1C9CE3804C348062993768F1E6B205A2
File Size: 6.14 MB, 6140407 bytes
MD5: 0711313d172ebe59c86dc00f664b04a3
SHA1: 928fbd51551efac46955cea7feb1c7b700172e05
SHA256: 1A7EB296209912A6E6AFF73408647AB8D80C0EC15B1BC2FE1B2C48DA1238E0B9
File Size: 4.58 MB, 4579684 bytes
MD5: f2098069b33b14630b6da6eee1fa6fd8
SHA1: 73014252c229ba9f06dfe3391c06cd9840b557fa
SHA256: B1BAB7D32C56F8C0CE56DA07A9501230E4CE4C22CDB63C36FC393552649D6756
File Size: 5.40 MB, 5395260 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments
  • Advanced platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network. Advanced platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network. bew_7963 Advanced platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network.
  • Advanced platform that supports your system. Advanced technology that protects your system. Versatile system that improves your tasks. Advanced platform that supports your system. Advanced technology that protects your system. Versatile system that improves your tasks. etusa_1779 Advanced platform that supports your system. Advanced technology that protects your system. Versatile system that improves your tasks.
  • Fast assistant that integrates your network. Smart software that customizes your system. Innovative AI that detects your data. Fast assistant that integrates your network. Smart software that customizes your system. Innovative AI that detects your data. zeq_550 Fast assistant that integrates your network. Smart software that customizes your system. Innovative AI that detects your data.
  • Lightweight platform that monitors your integration. Secure utility that manages your storage. Advanced utility that accelerates your files. Lightweight platform that monitors your integration. Secure utility that manages your storage. Advanced utility that accelerates your files. orah_9113 Lightweight platform that monitors your integration. Secure utility that manages your storage. Advanced utility that accelerates your files.
  • Powerful service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity. Powerful service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity. ahap_1725 Powerful service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity.
  • Robust platform that accelerates your performance. Smart AI that improves your speed. Seamless engine that automates your data. Robust platform that accelerates your performance. Smart AI that improves your speed. Seamless engine that automates your data. qux_2396 Robust platform that accelerates your performance. Smart AI that improves your speed. Seamless engine that automates your data.
  • Robust program that coordinates your data. Reliable platform that monitors your system. Flexible technology that automates your speed. Robust program that coordinates your data. Reliable platform that monitors your system. Flexible technology that automates your speed. rak_717 Robust program that coordinates your data. Reliable platform that monitors your system. Flexible technology that automates your speed.
  • Versatile framework that accelerates your files. Cutting-edge program that automates your automation. Advanced AI that streamlines your storage. Versatile framework that accelerates your files. Cutting-edge program that automates your automation. Advanced AI that streamlines your storage. bew_7030 Versatile framework that accelerates your files. Cutting-edge program that automates your automation. Advanced AI that streamlines your storage.
Company Name
  • Advanced platform that boosts your workflow. Versatile assistant that monitors your connectivity. Dynamic solution that customizes your network.
  • Advanced platform that supports your system. Advanced technology that protects your system. Versatile system that improves your tasks.
  • Fast assistant that integrates your network. Smart software that customizes your system. Innovative AI that detects your data.
  • Lightweight platform that monitors your integration. Secure utility that manages your storage. Advanced utility that accelerates your files.
  • Powerful service that automates your system. Powerful engine that accelerates your connectivity. Advanced assistant that integrates your connectivity.
  • Robust platform that accelerates your performance. Smart AI that improves your speed. Seamless engine that automates your data.
  • Robust program that coordinates your data. Reliable platform that monitors your system. Flexible technology that automates your speed.
  • Versatile framework that accelerates your files. Cutting-edge program that automates your automation. Advanced AI that streamlines your storage.
File Description
  • Abominably insisted abuse schaffer wrestler Scheming Abominably freudianism Chintzy bullfighter unfaithfully insisted Astonished freudianism Abominably insisted abuse schaffer wrestler Scheming Abominably freudianism Chintzy bullfighter unfaithfully insisted Astonished freudianism Abominably insisted abuse schaffer wrestler Scheming Abominably freudianism Chintzy bullfighter unfaithfully insisted Astonished freudianism Abominably insisted abuse schaffer wrestler Scheming Abominably freudianism Chintzy bullfighter unfaithfully insisted Astonished freudianism
  • apok_8988
  • betts fitz acellular Sirhan acellular Crawled Crawled krause cooperated gordon fitz gordon betts fitz acellular Sirhan acellular Crawled Crawled krause cooperated gordon fitz gordon betts fitz acellular Sirhan acellular Crawled Crawled krause cooperated gordon fitz gordon betts fitz acellular Sirhan acellular Crawled Crawled krause cooperated gordon fitz gordon
  • blemished bord Bellefontaine novus Ekes bord Bellefontaine bord Surrey montpellier blemished bord Bellefontaine novus Ekes bord Bellefontaine bord Surrey montpellier blemished bord Bellefontaine novus Ekes bord Bellefontaine bord Surrey montpellier blemished bord Bellefontaine novus Ekes bord Bellefontaine bord Surrey montpellier
  • bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears bluefield appears relocations endocrine Illustrations male concreted bluefield Adela appears
  • brahmans Scrotum Pates hao metrical metrical brahmans Scrotum Pates hao metrical metrical brahmans Scrotum Pates hao metrical metrical brahmans Scrotum Pates hao metrical metrical brahmans Scrotum Pates hao metrical metrical brahmans Scrotum Pates hao metrical metrical brahmans Scrotum Pates hao metrical metrical
  • Dejected Tickled pontifications Jello taupe Terrorizes bosnian Terrorizes taupe Dejected Alles Terrorizes Alles taupe Dejected Tickled pontifications Jello taupe Terrorizes bosnian Terrorizes taupe Dejected Alles Terrorizes Alles taupe Dejected Tickled pontifications Jello taupe Terrorizes bosnian Terrorizes taupe Dejected Alles Terrorizes Alles taupe Dejected Tickled pontifications Jello taupe Terrorizes bosnian Terrorizes taupe Dejected Alles Terrorizes Alles taupe
  • Equitable confessor misrule Sew opticians Gentility macrae hydrologic flambe Palindromic confessor hydrologic circulation circulation Equitable confessor misrule Sew opticians Gentility macrae hydrologic flambe Palindromic confessor hydrologic circulation circulation Equitable confessor misrule Sew opticians Gentility macrae hydrologic flambe Palindromic confessor hydrologic circulation circulation Equitable confessor misrule Sew opticians Gentility macrae hydrologic flambe Palindromic confessor hydrologic circulation circulation
  • Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered Growed Inflammable cornerback proteins cornerback Zelma Beaupre recalibration Zelma lineages Pivot Growed Zelma wallpapered
  • hidi_5664
Show More
  • imimo_1411
  • infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated infiltrated Zinged Regrow brinkmann sacredness scowls infiltrated
  • Knifes Faiths Queasiness scurries wearables Faiths wearables Knifes Faiths Queasiness scurries wearables Faiths wearables Knifes Faiths Queasiness scurries wearables Faiths wearables Knifes Faiths Queasiness scurries wearables Faiths wearables
  • mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe mahe Israelites snowshoe beholder Exotic flunking Exotic filigreed Stakeholder Brugger doughboy Collectivism meekly flunking snowshoe
  • niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens niv Entreaty Prodding neuhaus niv Entreaty Dismisses Entreaty Gatekeeping Sunscreens Gatekeeping weak milder Sunscreens
  • ojec_9942
  • quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization quantization Murphys susceptibilities consul Lemmer Poirier dehydrator leve Murphys quantization
  • rats nuzzling Seasonable unframed nuzzling Nico Seventh rats nuzzling Seasonable unframed nuzzling Nico Seventh rats nuzzling Seasonable unframed nuzzling Nico Seventh rats nuzzling Seasonable unframed nuzzling Nico Seventh
  • tah_5712
  • Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb Terre Spaghetti gainful bacardi mustang Resister Pre Conferred nourished stranger unicorns nourished kolb
  • uci_6243
  • vere_667
  • Wrongheaded hotspots devalued unmediated Seafaring letty letty fledermaus fledermaus Intensify devalued Wrongheaded hotspots devalued unmediated Seafaring letty letty fledermaus fledermaus Intensify devalued Wrongheaded hotspots devalued unmediated Seafaring letty letty fledermaus fledermaus Intensify devalued Wrongheaded hotspots devalued unmediated Seafaring letty letty fledermaus fledermaus Intensify devalued
  • yec_7490
File Version
  • 9.7.3.118
  • 9.6.1.196
  • 7.4.8.81
  • 7.4.2.42
  • 5.7.7.123
  • 5.7.4.194
  • 5.6.3.90
  • 5.4.3.53
  • 4.2.1.149
  • 4.1.7.104
Show More
  • 3.7.3.110
  • 3.5.2.40
  • 2.5.8.53
  • 2.4.6.2
  • 1.4.7.104
  • 1.2.9.7
  • 1.0.0.0
Internal Name
  • ahap_1725.exe
  • bew_7030.exe
  • bew_7963.exe
  • etusa_1779.exe
  • orah_9113.exe
  • qux_2396.exe
  • rak_717.exe
  • zeq_550.exe
Legal Copyright
  • 2025 Applicant
  • 2025 Cosmopolitan
  • 2025 Exotic
  • 2025 Raggedly
  • 2025 Spaghetti
  • 2025 Synergy
  • 2025 Zelma
  • 2025 Zinged
  • Anchorage
  • Carrots
Show More
  • Constraint
  • Copyright © 2025
  • Correspondingly
  • Hemant
  • Intensify
  • Nico
  • Palindromic
Original Filename
  • ahap_1725.exe
  • Anchorage
  • Applicant.exe
  • bew_7030.exe
  • bew_7963.exe
  • Carrots
  • Constraint
  • Correspondingly
  • Cosmopolitan.exe
  • etusa_1779.exe
Show More
  • Exotic.exe
  • Hemant
  • Intensify
  • Nico
  • orah_9113.exe
  • Palindromic
  • qux_2396.exe
  • Raggedly.exe
  • rak_717.exe
  • Spaghetti.exe
  • Synergy.exe
  • Zelma.exe
  • zeq_550.exe
  • Zinged.exe
Product Name
  • Anchorage
  • apok_8988
  • Applicant
  • Carrots
  • Constraint
  • Correspondingly
  • Cosmopolitan
  • Exotic
  • Hemant
  • hidi_5664
Show More
  • imimo_1411
  • Intensify
  • Nico
  • ojec_9942
  • Palindromic
  • Raggedly
  • Spaghetti
  • Synergy
  • tah_5712
  • uci_6243
  • vere_667
  • yec_7490
  • Zelma
  • Zinged
Product Version
  • 9.7.3.118
  • 9.6.1.196
  • 7.4.8.81
  • 7.4.2.42
  • 5.7.7.123
  • 5.7.4.194
  • 5.6.3.90
  • 5.4.3.53
  • 4.2.1.149
  • 4.1.7.104
Show More
  • 3.7.3.110
  • 3.5.2.40
  • 2.5.8.53
  • 2.4.6.2
  • 1.4.7.104
  • 1.2.9.7
  • 1.0.0.0

File Traits

  • .NET
  • HighEntropy
  • x86

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc22.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc70.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabd0c.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb2253.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca7e4.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsca880.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsde77f.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf1769.tmp\nsexec.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nskf4a8.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna1d9.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsna823.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq2350.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa92c.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst7d0d.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu87e8.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva41b.tmp\nsexec.dll Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 뽨Ć媴ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ⷞ盧嵊ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᶮ灖彋ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᎞攃哣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䆽昀ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 뇴ﴛ栴ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 펍髥穧ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᣆ錣ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ڷ鄳閊ǜ RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 肿뢎闸ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ൤忔ꋌǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 膛᥺ꛊǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 兪궺ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䶟房녍ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
Anti Debug
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ZwMapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Nudiwbxe\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Rvlvdwkg\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Cmgzznua\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Fpynsbgp\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Elrlusdm\AppData\Local\""
Show More
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Tufvrcup\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Sdevtrfi\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Hutwngab\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Vqjjdzlt\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Qxlnnuaf\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Lzlshpol\AppData\Local\""
powershell -Command "Add-MpPreferencak60a1ak60a1 -ExclusionPath \"C:\Users\Hjhonlqo\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Dmakdulv\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Program Files (x86)\""
powershell -Command "Add-MpPreferencaP29a1aP29a1 -ExclusionPath \"C:\Users\Updkrqyl\AppData\Local\""
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Pyxcjtbl\AppData\Local\""

Trending

Most Viewed

Loading...