Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.PSW.Agent.WA

Trojan.PSW.Agent.WA

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,356
Threat Level: 80 % (High)
Infected Computers: 473
First Seen: August 16, 2023
Last Seen: January 3, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.PSW.Agent.WA
Signature status: No Signature

Known Samples

MD5: 675e9318c2376b5577cb53b732db83db
SHA1: e30cf521ad9fb5fa73ab74f9eb1fecdc82f4521c
SHA256: C9F358290433D34A8D66CD4C5A731A50CF0503452D263B061A2FF6E75B8069EA
File Size: 7.78 MB, 7775232 bytes
MD5: 22e3cf473d4759359d0076d5df5cb697
SHA1: 462022e16910ae8cfc817883c2ad568926ecaf8a
SHA256: 9C2AE09DAF68B987DB2EF065BCF92153A47B56D2D30AA2A5CA2A1AE8DFF8B413
File Size: 9.14 MB, 9136128 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • HighEntropy
  • No Version Info
  • x64

Block Information

Total Blocks: 653
Potentially Malicious Blocks: 21
Whitelisted Blocks: 628
Unknown Blocks: 4

Visual Map

0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 1 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x x 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 ? x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 ? ? ? 2 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\_tkinter.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\certifi\cacert.pem Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\lifeicon3.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\patcher.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\python311.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl86t.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl8\8.4\platform-1.0.18.tm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl8\8.4\platform\shell-1.1.4.tm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl8\8.5\msgcat-1.6.1.tm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl8\8.5\tcltest-2.5.3.tm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl8\8.6\http-2.9.5.tm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\auto.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\clock.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\ascii.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\big5.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cns11643.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1250.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1251.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1252.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1253.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1254.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1255.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1256.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1257.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp1258.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp437.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp737.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp775.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp850.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp852.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp855.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp857.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp860.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp861.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp862.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp863.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp864.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp865.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp866.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp869.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp874.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp932.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp936.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp949.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\cp950.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\dingbats.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\ebcdic.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\euc-cn.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\euc-jp.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\euc-kr.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\gb12345.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\gb1988.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\gb2312-raw.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\gb2312.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso2022-jp.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso2022-kr.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso2022.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-1.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-10.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-11.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-13.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-14.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-15.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-16.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-2.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-3.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-4.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-5.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-6.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-7.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-8.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\iso8859-9.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\jis0201.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\jis0208.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\jis0212.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\koi8-r.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\koi8-u.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\ksc5601.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\maccenteuro.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\maccroatian.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\maccyrillic.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macdingbats.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macgreek.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\maciceland.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macjapan.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macroman.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macromania.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macthai.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macturkish.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\macukraine.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\shiftjis.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\symbol.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\encoding\tis-620.enc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\history.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\http1.0\http.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\http1.0\pkgindex.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\init.tcl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\af.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\af_za.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ar.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ar_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ar_jo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ar_lb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ar_sy.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\bg.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\bn.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\bn_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ca.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\cs.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\da.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\de.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\de_at.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\de_be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\el.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_au.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_bw.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_ca.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_gb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_hk.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_ie.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_nz.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_ph.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_sg.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_za.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\en_zw.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\eo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_ar.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_bo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_cl.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_co.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_cr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_do.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_ec.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_gt.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_hn.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_mx.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_ni.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_pa.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_pe.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_pr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_py.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_sv.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_uy.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\es_ve.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\et.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\eu.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\eu_es.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fa.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fa_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fa_ir.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fi.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fo_fo.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fr_be.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fr_ca.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\fr_ch.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ga.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ga_ie.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\gl.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\gl_es.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\gv.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\gv_gb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\he.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\hi.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\hi_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\hr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\hu.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\id.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\id_id.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\is.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\it.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\it_ch.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ja.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\kl.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\kl_gl.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ko.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\ko_kr.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\kok.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\kok_in.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\kw.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\kw_gb.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\lt.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\lv.msg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\onefile_1968_134118889736115713\tcl\msgs\mk.msg Generic Write,Read Attributes

763 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
Show More
  • ntdll.dll!NtAlpcDisconnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject

27 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

C:\Users\Srbullhc\AppData\Local\Temp\onefile_2972_134024094496682684\script.exe c:\users\user\downloads\e30cf521ad9fb5fa73ab74f9eb1fecdc82f4521c_0007775232
C:\Users\Oxblrkav\AppData\Local\Temp\onefile_1968_134118889736115713\patcher.exe "c:\users\user\downloads\462022e16910ae8cfc817883c2ad568926ecaf8a_0009136128"

Trending

Most Viewed

Loading...