Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Passview.BD

Trojan.Passview.BD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 765
Threat Level: 80 % (High)
Infected Computers: 1,849
First Seen: January 11, 2022
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Passview.BD
Packers: UPX
Signature status: No Signature

Known Samples

MD5: 416d7f7c445820457e8413e3379d2fb1
SHA1: 84fa6986a285a50920c2a4f58eb45e192046771f
File Size: 123.90 KB, 123904 bytes
MD5: b53b3708abaa434f3dcd7777aadb73f6
SHA1: feb64851c7b8068b724b02c6b198edaf04b22743
SHA256: 1CCBD01EB00FF9B85907F8BECEC0D3EE046114C8D5ADC63CB86558D71BF9F4E1
File Size: 45.57 KB, 45568 bytes
MD5: 9d82546314801b41e4817a5266bcd3f9
SHA1: 8e1fcc7786aafede34fa24b19a1f4d938ee72c02
SHA256: AE5826A0BC8A9CDE2A284C22B46403449895205749EFCFC52FB3D5FA8AD3A6E5
File Size: 2.83 MB, 2833712 bytes
MD5: 6dca38127a871ac00244247cbfcf4d9e
SHA1: 65aadd6f3251f7c997376a5562edc2c198b6598e
SHA256: A6850E6ED805CA6E62527EB6577941535459817ECA8A2AF9193E22DE21E15CD5
File Size: 3.75 MB, 3747650 bytes
MD5: b0801e8c98beaf0c01f1058af84a6330
SHA1: 2b1a5859601b4e0219a853b73d80b8498b8a0e57
SHA256: E648A81BF6530CCB9C35E4E08C34686F4573BA3677E67F7A0479BA8A2005B592
File Size: 1.39 MB, 1388737 bytes
Show More
MD5: 440df2831cccae374c3819a97b438f2f
SHA1: 043b5cdfa64cb6fc4d51c38c3becb475a0ad2ccd
SHA256: 97870C766FD3E45D0BEEB8E6B2A337F12DD3565AE02066A8F703B5596157A1EC
File Size: 42.50 KB, 42496 bytes
MD5: 4eb39f9948a3cffff0b207f0a5135f00
SHA1: dc0431bf33619d41784ec6bd709c2c2c7c5d34ca
SHA256: A68D98986D7AAB8B8E9257C8AED212C280959AF64A53379B660809D67753D237
File Size: 589.31 KB, 589312 bytes
MD5: 21909480209e282445f3505b64b126ea
SHA1: dee2f69635adf9fa7072c1cf692b756a8e2b9ae0
SHA256: 1A9F7A473FE38271503BBDB41769F7C617CF287066FDD896A1EEBEA5406D0313
File Size: 1.93 MB, 1928497 bytes
MD5: eb16625a5d17cc1e628d548b13eff80b
SHA1: 06aaf80c0dfd5674308f9b9660e0ab3d19c39524
SHA256: 1A46BE4199F62927D9C00F27AB108ECC5957042A655DDB8B12FD0DFE28EAD450
File Size: 119.81 KB, 119808 bytes
MD5: 2b10c2b54d23404b89b47f4e24b04093
SHA1: fdd7ca56d76b718752f957d81d4276489bf7512b
SHA256: E80FA7FBA6F61AE2DDD0315A1615B04A794E292665A886C3EDBEC69AC3578B54
File Size: 7.81 MB, 7806944 bytes
MD5: ea2e1196632e41ee00cc11cc44b8480a
SHA1: 33e030a858a79ba20e3a513c11eaf55e0d577f26
SHA256: 5FA2D18470B498EE0B14C180B1FDE9CC3980E781692F4BE1067FEF1632C1A0A5
File Size: 115.71 KB, 115712 bytes
MD5: 8e3ff1edff82b55d54d81b17b89c98a0
SHA1: e07af757454dc9889b33179db6702986ac0eb736
SHA256: 4F1B7B08AFA2DC47E7E4FB5A5B6675BC20410EEA9669DF2356935F5765590C26
File Size: 46.91 KB, 46907 bytes
MD5: 45f765275926f6d30a42bccc96f41f35
SHA1: ae65044c2b7c7c65ffd5947d2dfcadbf52b62214
SHA256: 5DEF4D29810255D8E4F0EC6A46DC976A535BF69F3F90DB6B27AC9D7328DC2745
File Size: 115.71 KB, 115712 bytes
MD5: 2d2c5d24737795c9ad3b95ba9ea7f480
SHA1: 5d956b9953aca391833736a6eda4bc5f9a4b4d80
SHA256: 862CEE5DEF135F4B57A5E7FB7C1A73AF6E5C4FC6413798E486ADF5879B9B4DF0
File Size: 267.40 KB, 267403 bytes
MD5: f8b6737378cc57c22afae0e189db17d1
SHA1: 87ba3a26b7d46c8efafdd8effc558a8141decfbd
SHA256: 20D35D53126A8A146BA236FACC99A6D500E6532F53375AD71A128A7013F2D1C8
File Size: 115.71 KB, 115712 bytes
MD5: 8b4a86224e8825963375b283fed04ad0
SHA1: a643c7061d264e8a320abe1766ba95529ce11851
SHA256: 83AA2942C3781023F50E8F26FABCDE29DA1E8FF142706D7384FE5B81494917DE
File Size: 123.90 KB, 123904 bytes
MD5: 8f116433fdd4b6cb019d0331ebf7ac31
SHA1: 22cfa27ddd623d29321cc51896f1b7bbd75c3629
SHA256: 78D6B8482D4F4805B9C4748CF1C8A4AE99DEE26503B9E317656ADBD831BA45D9
File Size: 54.27 KB, 54272 bytes
MD5: d501c74fe2b6fd3cebb0b964ec6ad250
SHA1: 0408a989c0829123f6e28c85ff055e444d18c529
SHA256: 5039E0A38215D92CC466D1294AEE822B303C61E5CD04144A2CB8A1FD053AE9DE
File Size: 46.08 KB, 46080 bytes
MD5: 681a6fcd4cb569a6d8392614fad01b43
SHA1: b82d79970f4fcd0a6f336c4a4c254b1cf3d746ea
SHA256: B3A04334F8DE20B3AF00608D791785B9C6901A653C53E5B29573D723E61D7441
File Size: 44.54 KB, 44544 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is .NET application
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments AUTO DEFAULT SOUND DEVICE
Company Name
  • CREATED BY: POGZ™
  • Digital Atlantic Corp.
  • La Puce Informatique
  • NirSoft
  • Oleg N. Scherbakov
  • Thisisu
File Description
  • 7z Setup SFX (x86)
  • CDRoller SFX
  • Junkware Removal Tool
  • NirCmd
  • SPEAKER
File Version
  • 10.1.0.0
  • 2.86
  • 2.81
  • 2.75
  • 2.71
  • 2.10
  • 1.6.0.2712
  • 1.00
  • 1.0.0.0
Internal Name
  • 7ZSfxMod
  • CDRoller
  • NirCmd
  • SPEAKER.exe
  • TJprojMain
Legal Copyright
  • Copyright © 1999-2014 Digital Atlantic Corp.
  • Copyright © 2003 - 2008 Nir Sofer
  • Copyright © 2003 - 2012 Nir Sofer
  • Copyright © 2003 - 2013 Nir Sofer
  • Copyright © 2003 - 2016 Nir Sofer
  • Copyright © 2003 - 2019 Nir Sofer
  • Copyright © 2005-2012 Oleg N. Scherbakov
  • Copyright © 2024
  • HEMON Sylvain - La Puce Informatique .com
Legal Trademarks
  • Digital Atlantic Corp.
  • PogzMedalla™
Original Filename
  • 7ZSfxMod_x86.exe
  • cdroller.exe
  • NirCmd.exe
  • SPEAKER.exe
  • TJprojMain.exe
Private Build December 30, 2012
Product Name
  • 7-Zip SFX
  • CDRoller
  • NirCmd
  • Project1
  • SPEAKER
Product Version
  • 10.1
  • 6.4.4
  • 2.86
  • 2.81
  • 2.75
  • 2.71
  • 2.10
  • 1.6.0.2712
  • 1.00
  • 1.0.0.0

File Traits

  • .UPX
  • 2+ executable sections
  • HighEntropy
  • packed
  • upx
  • UPX!
  • x86

Block Information

Total Blocks: 275
Potentially Malicious Blocks: 165
Whitelisted Blocks: 108
Unknown Blocks: 2

Visual Map

x 0 x x x 0 x x x 0 0 x x x x 0 x 0 x x 0 0 x x 0 x x x x x x x x x x 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 x 0 x 0 0 x x x 0 x x 0 0 x x 0 x x 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 1 0 x 0 x 0 0 0 0 0 x x 0 x x x x x x x x x x 0 x x x 0 0 ? x x x x x x x x x x x x x x x x 1 x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x ? 0 x x x x x x x x x 0 0 0 x x x x x x x x x 0 x 0 0 x 0 x 0 x 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 x x x x x 0 x x x 0 0 0 x x 0 0 0 0 0 x x 0 x x x 0 x 0 0 x x x x x x 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.BKJ
  • Agent.KD
  • Autoclicker.SF
  • MSIL.BadJoke.KD
  • MSIL.BadJoke.XE
Show More
  • MSIL.Downloader.Tiny.CF
  • MSIL.Krypt.FRA
  • MSIL.Krypt.MKD
  • Passview.BB
  • Passview.BD
  • Startun.B

Files Modified

File Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\1064.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\1064.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\1086.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\1086.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\7x64.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\7x64.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\7x86.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\7x86.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\8x64.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\8x64.reg Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\2k10\bginfo\8x86.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\8x86.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bg.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bg.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bginfo.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bginfo.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bginfo420.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bginfo420.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bginfo64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\bginfo64.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\c9pe.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\c9pe.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\findstr.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\findstr.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\loger.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\loger.cmd Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\nircmdc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\nircmdc.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\pv.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\pv.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\reg.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\reg.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\win.bgi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\win.bgi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\winpe.bgi Generic Write,Read Attributes
c:\users\user\appdata\local\temp\2k10\bginfo\winpe.bgi Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\aidex.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\aidex.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.chm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.chm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.rus Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\cdroller.rus Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\drives.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\drives.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\dvdimage._ex Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\dvdimage._ex Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\dvdlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\dvdlib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\ident.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\ident.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\manual.pdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\manual.pdf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\nircmd.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\nircmd.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\rawdiskinst.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\rawdiskinst.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\rawdsk3.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\rawdsk3.sys Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\resume.lst Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\resume.lst Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\splitter.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\splitter.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\cdroller\starburn.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\cdroller\starburn.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\appinit64_null.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\appinit64_null.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\appinit_null.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\appinit_null.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ask.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ask.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\askclsid.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\askclsid.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\askregkey_x64.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\askregkey_x64.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\askregkey_x86.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\askregkey_x86.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\askregvalue_x64.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\askregvalue_x64.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\askregvalue_x86.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\askregvalue_x86.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\askservices.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\askservices.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\badappinit.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\badappinit.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\badfolders.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\badfolders.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\badfolderscom.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\badfolderscom.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\badfoldersstart.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\badfoldersstart.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\badlnk.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\badlnk.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\badvalues.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\badvalues.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\bho_clsid.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\bho_clsid.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\bho_name.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\bho_name.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\browsermngr_keys.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\browsermngr_keys.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\browsermngr_values.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\browsermngr_values.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\choice.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\choice.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\chr_extensions.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\chr_extensions.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\chr_open_x64.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\chr_open_x64.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\chr_open_x86.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\chr_open_x86.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\chrome.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\chrome.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\chrregkey_x64.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\chrregkey_x64.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\chrregkey_x86.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\chrregkey_x86.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\clean_shortcut.vbs Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\clean_shortcut.vbs Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\currentmd5.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\currentmd5.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\cut.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\cut.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\datamngr_del.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\datamngr_del.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\defaultscope.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\defaultscope.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\delfolders.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\delfolders.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ev_clear.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ev_clear.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ff_open_x64.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ff_open_x64.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ff_open_x86.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ff_open_x86.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffbrowsermngr.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffbrowsermngr.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffextensions.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffextensions.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffpluginreg.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffpluginreg.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffplugins.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffplugins.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffprefs.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffprefs.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffregkey_x64.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffregkey_x64.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffregkey_x86.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffregkey_x86.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffwhtlist.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffwhtlist.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffxml.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffxml.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ffxpi.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ffxpi.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\firefox.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\firefox.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\get.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\get.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\grep.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\grep.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ie_open_x64.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ie_open_x64.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ie_open_x86.reg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ie_open_x86.reg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\iewhtlst.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\iewhtlst.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\iexplore.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\iexplore.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\ifeo.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\ifeo.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\libiconv2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\libiconv2.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\libintl3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\libintl3.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\medfos.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\medfos.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\misc.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\misc.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\mws.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\mws.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\nircmd.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\nircmd.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\pcre3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\pcre3.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\prelim.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\prelim.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\regex2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\regex2.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\runvalues.bat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\runvalues.bat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\runvalues_x64.cfg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\jrt\runvalues_x64.cfg Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jrt\runvalues_x86.cfg Generic Write,Read Attributes

61 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disabletaskmgr  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 y RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ƃ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://cikmayedekparca.com/images/logos.gifhttp://brucegarrod RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 ᅕ쒧 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 謭믨 RegNtPreCreateKey
HKCU\software\apcr::u2_1 擷牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 ꮧ꟩ RegNtPreCreateKey
HKCU\software\apcr::u2_2 サ RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 პ낭 RegNtPreCreateKey
HKCU\software\apcr::u2_3 䘺地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 Ȓ RegNtPreCreateKey
HKCU\software\apcr::u2_4 큥즕 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 鸫珊 RegNtPreCreateKey
HKCU\software\apcr::u2_5 娔㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 惜Ἀ RegNtPreCreateKey
HKCU\software\apcr::u2_6 꾺깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 ➞▢ RegNtPreCreateKey
HKCU\software\apcr::u2_7 㹆⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 蠅 RegNtPreCreateKey
HKCU\software\apcr::u2_8 뮣錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 ຣ㖺 RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᖘ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 벘 RegNtPreCreateKey
HKCU\software\apcr::u2_10 ꄧ矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 腈焋 RegNtPreCreateKey
HKCU\software\apcr::u2_11  RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\apcr::u1_12 ጪ轱 RegNtPreCreateKey
HKCU\software\apcr::u2_12 糋峁 RegNtPreCreateKey
HKCU\software\apcr::u3_12 ͕巂 RegNtPreCreateKey
HKCU\software\apcr::u4_12 楼峁 RegNtPreCreateKey
HKCU\software\apcr::u1_13 덌㎠ RegNtPreCreateKey
HKCU\software\apcr::u2_13 ﹶ켦 RegNtPreCreateKey
HKCU\software\apcr::u3_13 뛘츥 RegNtPreCreateKey
HKCU\software\apcr::u4_13 RegNtPreCreateKey
HKCU\software\apcr::u1_14 ؋ࣆ RegNtPreCreateKey
HKCU\software\apcr::u2_14 䞈䆌 RegNtPreCreateKey
HKCU\software\apcr::u3_14 㩏䂏 RegNtPreCreateKey
HKCU\software\apcr::u4_14 偦䆌 RegNtPreCreateKey
HKCU\software\apcr::u1_15 꼜 RegNtPreCreateKey
HKCU\software\apcr::u2_15 RegNtPreCreateKey
HKCU\software\apcr::u3_15 ꧲닲 RegNtPreCreateKey
HKCU\software\apcr::u4_15 쏛돱 RegNtPreCreateKey
HKCU\software\apcr::u1_16 䠆ꇪ RegNtPreCreateKey
HKCU\software\apcr::u2_16 ⷗♗ RegNtPreCreateKey
HKCU\software\apcr::u3_16 嵹❔ RegNtPreCreateKey
HKCU\software\apcr::u4_16 㝐♗ RegNtPreCreateKey
HKCU\software\apcr::u1_17 ᢘ튽 RegNtPreCreateKey
HKCU\software\apcr::u2_17 똢颼 RegNtPreCreateKey
HKCU\software\apcr::u3_17 샬馿 RegNtPreCreateKey
HKCU\software\apcr::u4_17 ꫅颼 RegNtPreCreateKey
HKCU\software\apcr::u1_18 멃瓆 RegNtPreCreateKey
HKCU\software\apcr::u2_18 㷫ଢ RegNtPreCreateKey
HKCU\software\apcr::u3_18 琓ਡ RegNtPreCreateKey
HKCU\software\apcr::u4_18 Ḻଢ RegNtPreCreateKey
HKCU\software\apcr::u1_19 䞈 RegNtPreCreateKey
HKCU\software\apcr::u2_19 蓅綇 RegNtPreCreateKey
HKCU\software\apcr::u3_19 ﮆ粄 RegNtPreCreateKey
HKCU\software\apcr::u4_19 醯綇 RegNtPreCreateKey
HKCU\software\apcr::u1_20 彪儖 RegNtPreCreateKey
HKCU\software\apcr::u2_20 ☧ RegNtPreCreateKey
HKCU\software\apcr::u3_20 漍 RegNtPreCreateKey
HKCU\software\apcr::u4_20 Ԥ RegNtPreCreateKey
HKCU\software\apcr::u1_21 痺 RegNtPreCreateKey
HKCU\software\apcr::u2_21 曆扒 RegNtPreCreateKey
HKCU\software\apcr::u3_21 ኰ捑 RegNtPreCreateKey
HKCU\software\apcr::u4_21 碙扒 RegNtPreCreateKey
HKCU\software\apcr::u1_22 塑伞 RegNtPreCreateKey
HKCU\software\apcr::u2_22 磻풷 RegNtPreCreateKey
HKCU\software\apcr::u3_22 蘧햴 RegNtPreCreateKey
HKCU\software\apcr::u4_22 풷 RegNtPreCreateKey
HKCU\software\apcr::u1_23 꿍棝 RegNtPreCreateKey
HKCU\software\apcr::u2_23 䑠䜝 RegNtPreCreateKey
HKCU\software\apcr::u3_23 㖪䘞 RegNtPreCreateKey
HKCU\software\apcr::u4_23 徃䜝 RegNtPreCreateKey
HKCU\software\apcr::u1_24 ꆡ궃 RegNtPreCreateKey
HKCU\software\apcr::u2_24 쩿릂 RegNtPreCreateKey
HKCU\software\apcr::u3_24 룑뢁 RegNtPreCreateKey
HKCU\software\apcr::u4_24 틸릂 RegNtPreCreateKey
HKCU\software\apcr::u1_25 RegNtPreCreateKey
HKCU\software\apcr::u2_25 搐⯨ RegNtPreCreateKey
HKCU\software\apcr::u3_25 ⱄ⫫ RegNtPreCreateKey
HKCU\software\apcr::u4_25 䙭⯨ RegNtPreCreateKey
HKCU\software\apcr::u1_26 RegNtPreCreateKey
HKCU\software\apcr::u2_26 ꐟ鹍 RegNtPreCreateKey
HKCU\software\apcr::u3_26 폋齎 RegNtPreCreateKey
HKCU\software\apcr::u4_26 맢鹍 RegNtPreCreateKey
HKCU\software\apcr::u1_27 RegNtPreCreateKey
HKCU\software\apcr::u2_27 ㅯႳ RegNtPreCreateKey
HKCU\software\apcr::u3_27 䝾ᆰ RegNtPreCreateKey
HKCU\software\apcr::u4_27 ⵗႳ RegNtPreCreateKey
HKCU\software\apcr::u1_28 튕ⵝ RegNtPreCreateKey
HKCU\software\apcr::u2_28 뮿茘 RegNtPreCreateKey
HKCU\software\apcr::u3_28 쫥舛 RegNtPreCreateKey
HKCU\software\apcr::u4_28 ꃌ茘 RegNtPreCreateKey
HKCU\software\apcr::u1_29 昘⸞ RegNtPreCreateKey
HKCU\software\apcr::u2_29 ޳ RegNtPreCreateKey
HKCU\software\apcr::u3_29 繨 RegNtPreCreateKey
HKCU\software\apcr::u4_29 ᑁ RegNtPreCreateKey
HKCU\software\apcr::u1_30 껻履 RegNtPreCreateKey
HKCU\software\apcr::u2_30 鬈柣 RegNtPreCreateKey
HKCU\software\apcr::u3_30 曠 RegNtPreCreateKey
HKCU\software\apcr::u4_30 螶柣 RegNtPreCreateKey
HKCU\software\apcr::u1_31 腾蔝 RegNtPreCreateKey
HKCU\software\apcr::u2_31 RegNtPreCreateKey
HKCU\software\apcr::u3_31 RegNtPreCreateKey
HKCU\software\apcr::u4_31 RegNtPreCreateKey
HKCU\software\apcr::u1_32 导誨 RegNtPreCreateKey
HKCU\software\apcr::u2_32 睧䲮 RegNtPreCreateKey
HKCU\software\apcr::u3_32 ҉䶭 RegNtPreCreateKey
HKCU\software\apcr::u4_32 溠䲮 RegNtPreCreateKey
HKCU\software\apcr::u1_33 ੌ倎 RegNtPreCreateKey
HKCU\software\apcr::u2_33 郞뼓 RegNtPreCreateKey
HKCU\software\apcr::u3_33 蠼븐 RegNtPreCreateKey
HKCU\software\apcr::u4_33 뼓 RegNtPreCreateKey
HKCU\software\apcr::u1_34 RegNtPreCreateKey
HKCU\software\apcr::u2_34 亪ㅹ RegNtPreCreateKey
HKCU\software\apcr::u3_34 㾣ぺ RegNtPreCreateKey
HKCU\software\apcr::u4_34 喊ㅹ RegNtPreCreateKey
HKCU\software\apcr::u1_35 ؼ洭 RegNtPreCreateKey
HKCU\software\apcr::u2_35 RegNtPreCreateKey
HKCU\software\apcr::u3_35 ꋖꋝ RegNtPreCreateKey
HKCU\software\apcr::u4_35 죿ꏞ RegNtPreCreateKey
HKCU\software\apcr::u1_36 嵒 RegNtPreCreateKey
HKCU\software\apcr::u2_36 ◲ᙄ RegNtPreCreateKey
HKCU\software\apcr::u3_36 噝ᝇ RegNtPreCreateKey
HKCU\software\apcr::u4_36 㱴ᙄ RegNtPreCreateKey
HKCU\software\apcr::u1_37 ힾ൥ RegNtPreCreateKey
HKCU\software\apcr::u2_37 녨袩 RegNtPreCreateKey
HKCU\software\apcr::u3_37 엀親 RegNtPreCreateKey
HKCU\software\apcr::u4_37 꿩袩 RegNtPreCreateKey
HKCU\software\apcr::u1_38 뇚 RegNtPreCreateKey
HKCU\software\apcr::u2_38 ݸ﬏ RegNtPreCreateKey
HKCU\software\apcr::u3_38 䥷兀 RegNtPreCreateKey
HKCU\software\apcr::u4_38 ⍞﬏ RegNtPreCreateKey
HKCU\software\apcr::u1_39 잞䨃 RegNtPreCreateKey
HKCU\software\apcr::u2_39 衰浴 RegNtPreCreateKey
HKCU\software\apcr::u3_39 ﳺ汷 RegNtPreCreateKey
HKCU\software\apcr::u4_39 雓浴 RegNtPreCreateKey
HKCU\software\apcr::u1_40 ๶ RegNtPreCreateKey
HKCU\software\apcr::u2_40 RegNtPreCreateKey
HKCU\software\apcr::u3_40 RegNtPreCreateKey
HKCU\software\apcr::u4_40 RegNtPreCreateKey
HKCU\software\apcr::u1_41 磮ό RegNtPreCreateKey
HKCU\software\apcr::u2_41 媐刿 RegNtPreCreateKey
HKCU\software\apcr::u3_41 ប匼 RegNtPreCreateKey
HKCU\software\apcr::u4_41 綽刿 RegNtPreCreateKey
HKCU\software\apcr::u1_42 呏㾇 RegNtPreCreateKey
HKCU\software\apcr::u2_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u3_42 鬛얧 RegNtPreCreateKey
HKCU\software\apcr::u4_42 쒤 RegNtPreCreateKey
HKCU\software\apcr::u1_43 㸝Д RegNtPreCreateKey

1785 additional registry modifications are not displayed above.

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
Show More
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry

102 additional items are not displayed above.

Network Winsock2
  • WSAStartup
Network Winsock
  • freeaddrinfo
  • getaddrinfo
  • gethostbyname
  • inet_addr
Network Icmp
  • IcmpCreateFile
  • IcmpSendEcho2Ex
Process Terminate
  • TerminateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

(NULL) BG.cmd
C:\Users\Afrckdqi\AppData\Local\Temp\2K10\BGInfo\reg.exe reg.exe add \"HKCU\Software\Sysinternals\PsList\" /v EulaAccepted /t REG_DWORD /d 1 /f"
WriteConsole: The operation co
C:\Users\Afrckdqi\AppData\Local\Temp\2K10\BGInfo\reg.exe reg.exe export "hkcu\Control Panel\Desktop" "C:\Users\Afrckdqi\appdata\local\temp\2k10\bginfo\Desktop.reg" /y
(NULL) C:\Users\Jegzfgbo\AppData\Local\Temp\jrt\get.bat
Show More
C:\WINDOWS\system32\taskkill.exe taskkill /f /im reg.exe
C:\WINDOWS\system32\taskkill.exe taskkill /f /im taskkill.exe
C:\Users\Jegzfgbo\AppData\Local\Temp\jrt\nircmd.dat "C:\Users\Jegzfgbo\AppData\Local\Temp\jrt\NIRCMD.DAT" killprocess reg.exe
WriteConsole: Checking for upd
C:\WINDOWS\system32\PING.EXE PING -n 1 www.google.com
C:\Users\Jegzfgbo\AppData\Local\Temp\jrt\wget.dat "C:\Users\Jegzfgbo\AppData\Local\Temp\jrt\WGET.DAT" -q "http://thisisudax.org/downloads/md5/newmd5.txt"
WriteConsole: ===============
WriteConsole: [
WriteConsole: [ Ju
WriteConsole: [ Info
WriteConsole: [ Please save
WriteConsole: [ Your deskto
WriteConsole: [ A W
WriteConsole: [ Th
WriteConsole: [ Thi
WriteConsole: [ warran
WriteConsole: [ Click the
WriteConsole:
WriteConsole: Press any key to
(NULL) cmd /c copy /y "C:\Users\Dpsavjbz\AppData\Roaming\CDRoller\*.*" CDRoller\
WriteConsole: The system canno
(NULL) cmd /c del /Q /F "C:\Users\Dpsavjbz\AppData\Roaming\CDRoller\*.*"
(NULL) LPI_OEM_Infos_v1.6\LPI_OEM_Infos_LAUNCHER.bat
WriteConsole: C:\Users\Gszleot
WriteConsole: echo
WriteConsole: off
C:\Users\Gszleots\AppData\Local\Temp\LPI_OEM_Infos_v1.6\nircmd.exe C:\Users\Gszleots\AppData\Local\Temp\LPI_OEM_Infos_v1.6\nircmd.exe elevatecmd runassystem C:\Users\Gszleots\AppData\Local\Temp\LPI_OEM_Infos_v1.6\LPI_OEM_Infos.bat

Trending

Most Viewed

Loading...