Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.OpenSUpdater.AD

Trojan.OpenSUpdater.AD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,159
Threat Level: 80 % (High)
Infected Computers: 19,678
First Seen: February 15, 2021
Last Seen: April 1, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.OpenSUpdater.AD
Signature status: No Signature

Known Samples

MD5: 1c345bca8cf6c4b049c9502ac484d5be
SHA1: 21ca9dada47a9f02cc05d543bcf2fc2613b3a20a
File Size: 1.11 MB, 1107456 bytes
MD5: ac19c8c0c56a2479f94adb6ce4f29c56
SHA1: 38e4217b6f914e433c03ea0a2b15fe9e569b7298
SHA256: F9C556CECC52C1703AF4BA0841104575CAF8ADF6C4E8D7CE1A8B39947CDA236B
File Size: 1.11 MB, 1107968 bytes
MD5: edff631c1216822e9801b781c912aec1
SHA1: 526d6b190a3b6d5cd480658d9dcd2d34a77d44da
SHA256: C9A0DBA4587ECB66994A4B0F36D23CC0ACDC83ACB71442D0C2B9287D0006F729
File Size: 1.10 MB, 1104384 bytes
MD5: 4421a75b7a769b0a5d7616b847eb1746
SHA1: 45cb9688bda1d6a3027834d903d10c1205560d5c
SHA256: DE12B2C4BFB14C79B46E9A1E4E18E6F535849BB647A787B38436453B8A406C54
File Size: 1.39 MB, 1391616 bytes
MD5: 6ac20d2351dca5e9b1634d849f4928e9
SHA1: 3f6bf8c95daf15bcb5500ce1f82df95b686513de
SHA256: F4EF3ADB2998BEB0CA602D6DA3B4A97A7F5525BF425F0073BE747BBD3804DF3A
File Size: 1.76 MB, 1757696 bytes
Show More
MD5: f08d41da5b186741e23353e520ebbfdc
SHA1: 4501c62bf5267f29d194b6b67fa0e60143461c67
SHA256: 9B3FBE359567425A89CF1C991F527101FE02558237E276E8E4F343356E0407CA
File Size: 1.24 MB, 1238016 bytes
MD5: 015f13dcc18a39483cf5b8ef721107f4
SHA1: 9099d65d43bb607728e419e1cd509cec7041d09c
SHA256: 7FD96D6A332E61C001905B995B3A4A53058860AD39A57ED5801C459385590EE7
File Size: 1.57 MB, 1570304 bytes
MD5: 54ce1b0b53afe79f80aba4694b2f6e3a
SHA1: d0128805ee3532969d88b526f99b33de62f582ca
SHA256: 4AF55A6C8886AFC0AC5EC2475445EFD90D50CCAA28DB7BCA142B861C8210B6B1
File Size: 1.21 MB, 1212416 bytes
MD5: ad619b14e6fb8c6ab0cd78544f2e41eb
SHA1: d3748540208557adfbb142c27c8657a1261c4b32
SHA256: E54EE22A38F56DA5B36EFEA5B4C91ADD5DD455F33D63C3EF3974CEEAC7D2E14F
File Size: 1.32 MB, 1317888 bytes
MD5: 1427f7effd6edbad0f63b5dcecb74333
SHA1: 1aa9b5666994ac100a894688d11cd77ef4fdbd57
SHA256: 1820D6A184851D775077E147414C265BC9DDCD3FD0F39504DCDF9FD334A239C4
File Size: 1.68 MB, 1683968 bytes
MD5: cc403f8ac6b8abbda9dac5c3e99b9680
SHA1: afcd4e5a97c55c5dc423aace935537eb5164ed05
SHA256: 76439124103A2A338560384A90A0D4FFF89446DB1ADCCE5B06B1780F8E8D5715
File Size: 1.11 MB, 1111552 bytes
MD5: 2114524290d68233ee506954603eff19
SHA1: 4c99394006b0491f9275cd4b96d18c525af2157c
SHA256: D0A560B9BD273B5C029E6D8A020677A177CA4B5C2C745A01032FC290BE09FC51
File Size: 1.28 MB, 1278976 bytes
MD5: 771221d9dbb29b7ff52121fcfc68ba8f
SHA1: 768ef489baa6831394467b7de8976dac4a7047a4
SHA256: F972EFE05D53EA27A0A621D82AA75C1E31B347A965BF520F2C82380CCC23C370
File Size: 1.11 MB, 1108480 bytes
MD5: 216396d8dc1cb5c6c9b73f71512bda24
SHA1: d3134571a0acb75940a1800392466fb81b2e5959
SHA256: E93630ED72A38C53D7EA77E972F827D6583681B609D7BDB7A1DE6578D2BBB2EC
File Size: 1.11 MB, 1108480 bytes
MD5: 3274b1c9eeb564dd8c0356d518b8b400
SHA1: acd7f1d491c5b8fff01e2746afa281f641e2a223
SHA256: 4617D95F8B47293BDF5FA712BD622259C8F8E5F2390A376304A5D496119BBC42
File Size: 1.11 MB, 1105408 bytes
MD5: 5ae73d678295f4f6f6928cf51a766b90
SHA1: d7c8cc9ba34cb5ec20df8064abded5f5a3d9f314
SHA256: D848D87BAB0E0F900EB16728AF8F2E9F5D25AB941E35204D0AC8152EEC695036
File Size: 5.00 MB, 5001293 bytes
MD5: 5876b334f91bdda600ec5d5fc339f91c
SHA1: 74853eff9934ed3d86c013a1d84bcb0045386f32
SHA256: 35DB855B6CBB94612289A2E6100677E60D46BC08FC56505CEEACD950E80BEF97
File Size: 1.30 MB, 1295360 bytes
MD5: 08879d09ceec8f23bde7d0ba5755cb1a
SHA1: d9620ebb4d584a6604b26df3a7748c76b2cd1938
SHA256: 166A487406634FDFE2DC334B4A8D699C252A10D7B2E6803908992ED802E593CB
File Size: 1.11 MB, 1108480 bytes
MD5: c0543dfd7200c3bf008c2e508e348fa2
SHA1: c978a0f739eaf62f33933540ff71fc648ba792c4
SHA256: 9160B1EAA5209FCD317BB1DE6C3A036DAA8E8045505BFB3D008BC4C7AEDA0EB2
File Size: 1.69 MB, 1693696 bytes
MD5: 2a0e4ef8fe8570002e3f0a7fd911a664
SHA1: dd224d7c046bafa186c6c54c3e530c5c95822eb0
SHA256: 7B7E9748FD3179A0C2602C0F4A9B7ABF758FDA92AF6DAD781A25578600BC4702
File Size: 1.24 MB, 1243136 bytes
MD5: 0d3673f3002ded52d461f66c31978d20
SHA1: d0972f878a77b4344d4a73c6e6a824a09b8e2bf8
SHA256: DAB0DD37E406345DEFE6FCA50DAFFD5BEB26E31568806BDC43589A503C17AEEE
File Size: 1.75 MB, 1745408 bytes
MD5: 7194eccea8c21c3088bcb5d8b873eca1
SHA1: 12dcfaeadba80ff179a1fdda4f0bae01cca13881
SHA256: E3DB01E1CEC3625903465EF60A6F8F5D22AF66A9F81190FDF577FA78B9C101D8
File Size: 1.67 MB, 1670144 bytes
MD5: 0c755d1ec5bade8720ade6995c9d4f31
SHA1: 0e2630d0d6cbe221602c35a9f569e30c6995c139
SHA256: FF0AF48E39330858D5F09A005AC465241FFCE480B7336023EF0C2DC72C68C592
File Size: 1.11 MB, 1114112 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
File Version
  • 1.1.33.02
  • 1.1.32.00
Product Version
  • 1.1.33.02
  • 1.1.32.00

File Traits

  • AutoHK
  • HighEntropy
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 3,491
Potentially Malicious Blocks: 0
Whitelisted Blocks: 3,491
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Coinminer.CI
  • Coinminer.GM
  • Coinminer.GMA
  • ConvertAd.GJ
  • OpenSUpdater.AD
Show More
  • Trojan.Downloader.Gen.FA
  • ZippyLoader.E

Files Modified

File Attributes
c:\users\user\downloads\ebene1.png Generic Write,Read Attributes
c:\users\user\downloads\ebene2.png Generic Write,Read Attributes
c:\users\user\downloads\ebene3.png Generic Write,Read Attributes
c:\users\user\downloads\ebene4.png Generic Write,Read Attributes
c:\users\user\downloads\ebene5.png Generic Write,Read Attributes
c:\users\user\downloads\ebene6.png Generic Write,Read Attributes
c:\users\user\downloads\neo_disabled.ico Generic Write,Read Attributes
c:\users\user\downloads\neo_enabled.ico Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\visual pinball\vp10\launcher::activesetup RegNtPreCreateKey
HKCU\software\visual pinball\vp10\launcher::launchforceexit RegNtPreCreateKey
HKCU\software\visual pinball\vp10\launcher::xrchecker RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::autonext RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::focusgrabsaved  RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::autoupdatesaved RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::showfakecab  RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::startminimized RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::debugkeys RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::soundenabled  RegNtPreCreateKey
Show More
HKCU\software\visual pinball\vp10\menu::filterclones  RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::tablepath C:\Users\user\downloads\..\Tables\ RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter2 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter3 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter4 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter5 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter6 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter7 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter8 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::filefilter9 RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::keys default RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::fkey default RegNtPreCreateKey
HKCU\software\visual pinball\vp10\menu::favkey RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiComputeXformCoefficients
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiEnumFonts
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetAppClipBox
  • win32u.dll!NtGdiGetBoundsRect
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetCharSet
  • win32u.dll!NtGdiGetCharWidthInfo

111 additional items are not displayed above.

Keyboard Access
  • GetAsyncKeyState
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Network Winsock
  • bind
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • socket
Service Control
  • OpenSCManager

Trending

Most Viewed

Loading...