Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Spy.MSIL

Trojan.Spy.MSIL

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 1,298
Threat Level: 80 % (High)
Infected Computers: 16,485
First Seen: December 11, 2012
Last Seen: April 22, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Spy.MSIL
Signature status: No Signature

Known Samples

MD5: b223191862e61ec109d862c3f2dd4c09
SHA1: ca53636f6d635d8e9b181425fbb075d9d9830f58
File Size: 139.26 KB, 139264 bytes
MD5: 17ea1f47a1412ffc31fb1f19eb5a4a03
SHA1: 63b69c1c162f870455e857b87ab63df29ea754fa
SHA256: 72C0643D46DC6C1D0121E41DE5EE5F1F8FE2274B90B3AC6B11AFEF08457755A1
File Size: 797.70 KB, 797696 bytes
MD5: 17b1414843133c2577a5ed270c8e3766
SHA1: 941dfb26f3c83a99cc8e22ab1d8b6846d8ab19d2
SHA256: D858364EDEA53D5FC76EAB2F493703DD1EA8B5F9E208442F8A866EB5A185D225
File Size: 4.98 MB, 4984288 bytes
MD5: ffd35f384cbf113e9c7ce552b63d2fba
SHA1: ac9e751656fd2b88481b012182ea453f515a4c6b
SHA256: 62FC8D9B0137FE02A139E14514C5C881C731AA1D24BFB2BEA6E6D376FDAE6F4D
File Size: 9.94 MB, 9935872 bytes
MD5: c984740cc2cbcb88210da1c68e2418a9
SHA1: 1976d3c4e97e564314290e94f0547fb30f99b4f2
SHA256: 898CC657B30682AB01D285E8A1F14DDDEC2C7D671D50E193F77EF75AB70B337B
File Size: 2.33 MB, 2326528 bytes
Show More
MD5: c8790b4086a9c4b94e60ecf035b7b28f
SHA1: 0bec1d89d67cb46a25eed11870472e15fa02795f
SHA256: 9AD7F82E405424C49394881A5436EB06184BB86C7033925607F8B134B6237D77
File Size: 920.58 KB, 920576 bytes
MD5: b5ebe504788b986e323d5934f485be4d
SHA1: a63de5de3e5bd6c473426d7a70a81f5eba527407
SHA256: 538C55817952125571271F85FB7A7F68B75DBC73FAEFE31FC722BCBA345682A1
File Size: 5.15 MB, 5146112 bytes
MD5: 9042a37eb495b7d30a92a84e3bdfed29
SHA1: 577906bd5c3d72f4a3f2bfbc46fce44ceb210848
SHA256: 0AB0FA8A2DD6CE31ADB737FF45CBE3227A5143931E2F3214D3A5C6CA5266D57C
File Size: 1.33 MB, 1331719 bytes
MD5: 4e4fa4dfdd28121da51c5e1f74da3d73
SHA1: 11518fa72a7f5b26bb763c25e2f982c48a0d3d53
SHA256: DF09060FCF23BEDDD340FEF9D9B4E9DE30E572D46A732A91A599613CEAC9F261
File Size: 9.76 MB, 9760256 bytes
MD5: be977bb54f509271c219728a8b460577
SHA1: 89d1e8be97bb08c845ffdebea2a68500cd2e8d5b
SHA256: C435C2A972E45865A869AC37C67A34C4962DF3337587958DC064162E11F2852B
File Size: 921.10 KB, 921103 bytes
MD5: d085f72bd343719fb148810d1c8f25fd
SHA1: 89cb89734ed1db270f8ca5753e61aeceda0dd92e
SHA256: 52ABED3BDA70229CFE631E8E31AF9D7A054B2556C349AA250D9C511DA22E97FA
File Size: 1.94 MB, 1943040 bytes
MD5: 174145d9041714cb22e7d7cb7ed8c943
SHA1: a194f6336fbfc23a4c45b8c7e27cd8c0454a087d
SHA256: 4F78CEBB1AC1482DFA9A10C2063FEB55FDC13E0BC4D5D5E265D1F54F1128C52C
File Size: 1.67 MB, 1667584 bytes
MD5: ea4a4549328762db59d63cd20f55879a
SHA1: fe22c52a65d68005ce153c23213cbc3a9c8ab26e
SHA256: 2E047742BAF2F4FAA4CF60E31EC726E564972AB766A0AF026611CDBD0CCE26C8
File Size: 1.59 MB, 1588224 bytes
MD5: 5d63d3ba95f751240b13561391c0ca00
SHA1: 68f1da64dd1878596ed25e10db1256647633b44d
SHA256: 055857C78692EE9427AD440AF0BD4FE157E7B3F63A2C936D2F40264E1B332714
File Size: 65.25 KB, 65248 bytes
MD5: 08240a6f78ec21015e813ee33036247f
SHA1: 320ee811b6b69a63acf86699b88396df7c1e4139
SHA256: F62878D468975F9C54456670319AB77C98297172A68A1A37E4E2B67B3936A1B8
File Size: 236.54 KB, 236544 bytes
MD5: cddc66a0f7e659e3425efa64571b6e40
SHA1: a82e85d82cb37b2ceda40f192fc88173c6867644
SHA256: 48E57A4BF258A8D3221B6827BA01F743A0BA0E5B9BF1FC7F12F1790A1C1667F4
File Size: 8.02 MB, 8017408 bytes
MD5: 3e20bb7202faf6a201d4b0ca4d64b3ab
SHA1: 1cdf5c850fc6b4aa53cbc4f195e46bfe8bf7cb63
SHA256: 2D86E5457DC68EF8B8D5A028EBF2F44795379B50AC99FBFA838B1E1CDDE1BB45
File Size: 2.00 MB, 1999872 bytes
MD5: c502311bcbc5cd985e25903b05267e6f
SHA1: a0afc13de03b3697b13ee18bac406d81d627088c
SHA256: 3BF13E44AFC013ED0F69D50AAC22D876B9872B4C14BC8AAED9716111DBC13993
File Size: 8.06 MB, 8060928 bytes
MD5: 8dd0a2442dc1d5acd7599be87b1dc48c
SHA1: c8c8ce9b0a301f6dbfc718cf372160966f46e884
SHA256: 15D85BD1E7238742510BEB5092CC921E4DA5C4D1A1410E6E49A51C7B2B9F29E8
File Size: 7.65 MB, 7647232 bytes
MD5: e169668bfaa5dedafe0a72dbd7a327ca
SHA1: f09f0ab6b694daf74e473e4cd58fbd7e3bfc07e1
SHA256: FD4D63CCEA6F3946DB58B4AF8DE7D3E5BF0F6A7B3DC5667A460DBCE92FCE58E2
File Size: 1.10 MB, 1099776 bytes
MD5: 360e827bb745021eef5bf06e217c7463
SHA1: 6a27e9a0779ce6c5f376660bef4fa279fffd0a43
SHA256: C54049EE4F57EE18D71CF1F199F9E0115A42C5EA726DBBE5DD448496088357DD
File Size: 922.62 KB, 922624 bytes
MD5: 35ef60c2f80fa97b766caeaee994813c
SHA1: 5781232f3bed78aa4ee82edfba88f688b234fa61
SHA256: 7AB3AD59AFBF730A79EA35AB075D7263E972623248F7AE84FBC16D42F1F28A2E
File Size: 220.67 KB, 220672 bytes
MD5: 8724a4b27d7aa55a0508dc915dae0fb0
SHA1: 568b239ebac8b3c1bf6fcc536b90c2720bdd1ad9
SHA256: 37FA5DFDEE5990865FF5C31C781CB822DF7400C52FAF2E67090D6C1478A07652
File Size: 2.32 MB, 2323723 bytes
MD5: 70dfcadb35f287f6dfb4b1468f1200df
SHA1: 3adff7ac7a5f1dac7ab4ca35757ce5845078fe7a
SHA256: A45C4043C22B98DD529B77E73A416FA4A2811EE546DA7C62CA5A09196FB0AFAA
File Size: 3.82 MB, 3815424 bytes
MD5: a220f3853b58475e83f09de0ea35c432
SHA1: 2f4a2638911e8cfdc4a0f0ced7ba628c488d9592
SHA256: D5D0D7F233B22C3C4FC292AB69CDA1F036FB715F65C00C6D5757A9974F2E8C14
File Size: 1.50 MB, 1504256 bytes
MD5: d80ce8f9fe60834f403e13b049a0c93b
SHA1: 3d491b2742e2dce7c5c5d991db22c87d07f71157
SHA256: 1389A71109DE7437D1468DA7B6AC6A7E6E235F0163E3755BAA50EECD7724F52B
File Size: 530.43 KB, 530432 bytes
MD5: dbeef6a5b9a578a9034252fc97770963
SHA1: 23d35173d4cad10aa584135af18f2f55b82d5254
SHA256: A9C70F5264474075E7C2628B27063A21171D9301C5EE6545125F9C600B21077F
File Size: 2.56 MB, 2562048 bytes
MD5: db03cc7805b0b468fe1dd62d0b70852e
SHA1: 66f9cc626c01e4aa662905fe385aacd08fdf9781
SHA256: E5D86C6B580F8762C458B7FF0FD039B31B483B5AFEC265F7B69A9F998F557EFE
File Size: 2.36 MB, 2362880 bytes
MD5: 191d06712c76c7c8ab07136984dba149
SHA1: 4bf853445e4d87deafb4256fdde97ddab41d9866
SHA256: 74192584EB5666D9AAAD58766E1649F900FE1FDCB1DA28C711D4B518C6C716D4
File Size: 1.84 MB, 1841152 bytes
MD5: 2f0b3851a3b0e9098989f409abf2e3f5
SHA1: 86dc10b16f2678d1560777b95ce8ba71283180d0
SHA256: 9A4485A9EDA0B8A77BF0530613C91429E7EB62F733EE47F29F2B5A5F15368060
File Size: 1.29 MB, 1290240 bytes
MD5: 1c0424aeb4cf21e500d5e1cbb18d30ef
SHA1: 63e46657201ed30c514fac2608f7ac5c81f8d36a
SHA256: C11948DD1362AF210450AA9FCE38B24FC6E4F31DB4D29715A72CC8597788ED93
File Size: 6.03 MB, 6025216 bytes
MD5: a7bac6987dfcad2823bcf8610f3f8c39
SHA1: 2571b9d97947f7032c1ff3290757072d43846587
SHA256: 140F9F4E640B4C2AA4978C5C5784B31C756786E726DE5BB3B5DAA3C66CF9F048
File Size: 5.02 MB, 5022296 bytes
MD5: a3a424dbc576cf2d2a829f9afb40476e
SHA1: 67499e9ffc9dfd400ccf1d9cce6bb15b0c759b72
SHA256: DD9ACCCC5249BD1AA966C9B769286780EA593AB6F10425888BB8CB7BE90E967A
File Size: 7.64 MB, 7642624 bytes
MD5: 70b8932674bfb8d1e3da2e724b527bd6
SHA1: 0296d641420e4249031d43e55e65b9b60102f3c6
SHA256: C013BA0E42BD1B2C55531B957FD34DBA10D05A2C88EA76C4FC26E50F4A201CF9
File Size: 1.63 MB, 1634304 bytes
MD5: 8b3ca8e166799bfff08629a69a0ce478
SHA1: bdf9bfc9830515cc0626ca9e9dd38866d7b799ad
SHA256: 06D4DFE01DAD866A40432782ED64826BFADD23E99B63F12F255FAC1FADA7141D
File Size: 9.64 MB, 9635840 bytes
MD5: ae89f3aaef13790f0be238d2fe3d9d3f
SHA1: b746a7e6a9b7047ebfcf2b058aefdce135babf86
SHA256: C7525C34E25FC29AE394AF1D6F9B0FFA59FAC50C521899CEE80DDAAEC126A496
File Size: 1.94 MB, 1935360 bytes
MD5: d566cc0fa2b98ff6e8ee4d0cc2bf494c
SHA1: 6d30329886795cea3c2a17222655d8d936f77382
SHA256: D9F0E737CCD5B5FE1CD9CB66A719F89B261AB1CCE93FCDC067A35C4757727EBB
File Size: 473.09 KB, 473088 bytes
MD5: 9c67b9825e9c403ec04c4681b9e58168
SHA1: f6cdc2da11cc24a8bc10f1cb98dba45a468e5ee6
SHA256: AA767FEB7373C61532FFA2AD793AA27249C1088F5B8E1FC0E839C60C6094E240
File Size: 2.00 MB, 1995264 bytes
MD5: 2daccff36f2ef686bfc4223928812c4b
SHA1: 36325e65d7611a64392f91f28c4c067e93702d3f
SHA256: CF4EBF57EDCAEC9AA7399D77707020329947ED745F2DF603C57AF5E024F278F6
File Size: 568.83 KB, 568832 bytes
MD5: 87dfc178a2339c30b478c6ca08a2153d
SHA1: 388c5f61810d5ea0e4f5eca0ac069cc3ed49c823
SHA256: 6BF043F044F7756C3410CF19AEACD037965F32851C4496213D152D5D9E5FA466
File Size: 57.86 KB, 57856 bytes
MD5: f4a91426d33dc476881e93ea38612137
SHA1: 3135c2a54000aabc9395e983a4f62c72e470e4f6
SHA256: E9B6A59B1D90A4ADDFA965D78CC0EDF89152A2011738814A87D04951E2544C21
File Size: 1.51 MB, 1514496 bytes
MD5: fe92d74634288bc7f62451b2097df84a
SHA1: c59a2429ebd2cb62f50725c7a853f4b3ac16bad5
SHA256: 624501847F1B10B13DF3402DBF86FE936BED7188A99FA731A7FAC5EB227571DB
File Size: 2.52 MB, 2522624 bytes
MD5: d892b6de14f9bad47e367ebda10d4003
SHA1: e04969f2baecfe2443301fe74e259887dcaca2bf
SHA256: 50B29A30035B1608FDFE3596913CAF320F070153DECEA9CEA972F3736074427C
File Size: 718.34 KB, 718336 bytes
MD5: 0d6b80bbcd3cf706fef2cde45e7e1e5b
SHA1: bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c
SHA256: C9E6696F8AD7065AA2E2339BC396921E41A1E93A25C0A66206E7D3E338E38774
File Size: 6.31 MB, 6309430 bytes
MD5: b831badebaa55eeb0f5bca62fecdcf1c
SHA1: 6ce464aa416d3bd9189d044e058162afe7b857d2
SHA256: EC3F8E99B208A2FA3B42AA526D590E12C066222C197C6DC9532EC39EFF431AA6
File Size: 2.96 MB, 2964992 bytes
MD5: 1142ce8e28897dab86807c94cc059c8d
SHA1: 1aaeb60d24504fd918b9fdd6f9ba7474f106290c
SHA256: 7A66F7C9EA28B9C2353108D7A3BE73048008BD440F910806114B326DD7545B55
File Size: 1.50 MB, 1504768 bytes
MD5: 707e57f5b466c5213afff712d3d6aac9
SHA1: bf54807712e6a12a1b9bef03520c6f837cdc9bab
SHA256: ED335044BE6AEAAD503BB2D2BE70EDEA23123E84F300BD64E9FB0C5A73F4527E
File Size: 5.15 MB, 5153280 bytes
MD5: 230296c6e1d5a0cb79e7cd40c2f42db4
SHA1: 76fdc5cf1e60a8373cc53efb585d44d4084d6516
SHA256: 934F32264A329377BA58894FCA7D1D2B960C31F94761BF9B1068A2B4C621E954
File Size: 1.94 MB, 1943040 bytes
MD5: 8248b958654f21c5d092ab7e62f05eff
SHA1: 11b94b01869cf4d545f77d9cdbb34600d450420d
SHA256: 9A8104845C2075286ACD86C089631649E8B6F1121CFF4A7FDC6B8902FA1FF977
File Size: 1.29 MB, 1294336 bytes
MD5: 6539803a040d63a876bc027d7b0b21fc
SHA1: 7588ed7a39168ee0a6a5c3d773042804d4596a38
SHA256: F831B4A858DB6BDF617DF94B19B7C220D22C163AF205C54F7573B22DC50DC419
File Size: 202.75 KB, 202752 bytes
MD5: f08c8d29bd3e13c3a0426c8d187bfb8a
SHA1: 13a015bfa9009d20f31cfb1d79090e67a8af48d7
SHA256: FB711007615191FC175A94260FCF377A40302BB70510192565082AB26B6BC58D
File Size: 360.48 KB, 360479 bytes
MD5: 6769a26479d04b72bfa40bfd140bc9de
SHA1: fc9e1f17fa172b639050903a65607ffbc069444a
SHA256: ED15E96C6600A9F7DCB10063D1448375DA5B9219D9EF4958C7D3B8C338208C53
File Size: 7.27 MB, 7266816 bytes
MD5: fd508abfea36a4e802b45a6a52495101
SHA1: e840fe746dec9d3321cb7fc39a44373fb53363f5
SHA256: 6EA04358BCA54A2EBB7C730768E101917FE3C317BE606C522705E8929CC3CC76
File Size: 718.34 KB, 718336 bytes
MD5: 799be0dbaeb4204ecf49ff4d3e593ffa
SHA1: 67c522854bfe8441489a695eda2945d9f73b35c3
SHA256: DBDC542B635A0AE8BF013B704369993F4571EE4E936888F82A70D2C4A1CC1713
File Size: 3.83 MB, 3834167 bytes
MD5: b47a96e4a7568cf52fc1bcb5181831e0
SHA1: b6f426fc6ed04b1b970e39c6a62fdcc05f398ca7
SHA256: 1624C8759E9DFDDA883A06D9EB9201FCA2165493E068067F90C088B25B0CE26E
File Size: 7.88 MB, 7879168 bytes
MD5: a35bce35cfba9e85ea2cab8dfc5e9962
SHA1: 00cda6928231dff4cbf3a18ccabe569b588d776b
SHA256: 4C0C48558754FC8EFEBCF9E6EC41A1D0E145FDF2A7F6E76D340E2E7E1BDC2487
File Size: 2.12 MB, 2123776 bytes
MD5: 1a0dfee0a9c9dcb605e9473ef435d61c
SHA1: 3f57e04d3949c0651067e36450d53d92947cc641
SHA256: 740DBF8B5031CA283B25936F46337B80401495C7219947FD6D35BC553E191847
File Size: 631.43 KB, 631433 bytes
MD5: cf271c6fdcc847fce62e9fb918d60ae7
SHA1: cd55b0e814aafb8286819e9ea006d176eae33f7b
SHA256: 45D4D7570F9ED14F02C61D8F4091AF5A87305CB923270D55062FB3DA118F6810
File Size: 1.96 MB, 1963520 bytes
MD5: 5f8fb61521eff85bb034716a8cc66231
SHA1: b1b0b11fb70ab0b57f41bcfa36acc4cfe1200877
SHA256: C0ADACD0352624DC1046E66B4A07BF3D1516310364F8EDEF077585DFAF3C9C9E
File Size: 4.19 MB, 4188160 bytes
MD5: 66a0e4f848bdba8d8c60e988a519f711
SHA1: 1f9bc08b195f768b534bf1498d166022f7914720
SHA256: 87A382BA26EFB86B5860B23B6094F79ABA169DCF1E1FF40A0231750F3836419D
File Size: 623.10 KB, 623104 bytes
MD5: 7531c1219397a53cc6903bdcab0b3033
SHA1: 6682cc62c4e6d512221ecfffc77e594dfedf288a
SHA256: 700D53E7811C19E4A795198F252B8090ADB22F161C0FE3A449D82B779C52E315
File Size: 557.06 KB, 557056 bytes
MD5: 6a23b2088e5e90d6318b8d50c32bbd42
SHA1: 45617fb42d5624a25e948203c83c4f8c69783def
SHA256: 2956D85B41274E90F5CD29637514DDD3E0E74BC68CEC0ABF58CBFCAEF0D451F1
File Size: 1.33 MB, 1328640 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

31 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version
  • 2025.12.18.3
  • 2025.11.11.3
  • 5.4.0.0
  • 5.0.0.0
  • 3.1.0.0
  • 3.0.0.0
  • 2.7.0.0
  • 2.4.5.0
  • 2.3.0.0
  • 2.1.0.0
Show More
  • 1.5.6.0
  • 1.3.6.9
  • 1.2.3.0
  • 1.2.0.0
  • 1.1.4.0
  • 1.1.1.1
  • 1.1.0.0
  • 1.0.0.0
  • 0.0.0.0
Comments
  • AREPATOOL A12
  • Audio Services Update
  • iPhone Activation Tool
  • SpiderPRO
  • The Ultimate Xbox 360 Modding Tool
  • This installation was built with Inno Setup.
  • XCoder
  • ZeroSecurity0
  • [SM] Launcher For DayZ
Company Name
  • @ChristianMuhi7
  • AREPATOOL A12
  • Audio Services
  • d3velopersteam.com
  • DDtank World
  • faou.free.bg
  • iSkorpion.com
  • KZ Tecnologia
  • OPFlashTool
  • SkyNet A12+
Show More
  • Unknown Development Inc.
  • ZeroKnoxRemoval
  • [Server Manager]
File Description
  • A12 Tool
  • AREPATOOL A12
  • asdas2dasd
  • Audio Services
  • Auth
  • Black MythWukong
  • BYPASS
  • Bypass
  • csrss
  • DayzZona Launcher
Show More
  • DDtank World
  • DevTeamPRO A12 Tool
  • FANKAR REG V 1.1
  • FAOU ACTIVATOR
  • FFH4X MOD DESIRE
  • Fortnite
  • H-Malware Builder V5
  • HFZ Activator A12+ Premium
  • Horizon
  • iBypass LPro A12+
  • KZPROG Setup
  • Launcher Dignot
  • Launcher MelhorOT
  • Launcher Mythera
  • Launcher Valdraken
  • Mafi Ai Aimbot !!
  • Motov05
  • myprivatebypass
  • OBS Studio
  • OPFlashTool
  • REYD FREE
  • Sheet Rat
  • SpiderPRO
  • Uid Bypass Loader
  • vison free
  • ZeroKnoxRemoval
File Version
  • 2025.12.18.3
  • 2025.11.11.3
  • 5.4.0.0
  • 5.0.0.0
  • 3.1.0.0
  • 3.0.0.0
  • 2.7.0.0
  • 2.4.5.0
  • 2.3.0.0
  • 2.1.0.0
Show More
  • 1.5.6.0
  • 1.3.3.9
  • 1.2.3.0
  • 1.2.0.0
  • 1.1.4.0
  • 1.1.1.1
  • 1.1.0.0
  • 1.00
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • AMARRENEX.exe
  • AREPATOOL A12.exe
  • Audio Services.exe
  • Auth.exe
  • Black MythWukong.exe
  • Bypass.exe
  • Cz Ai Aimbot !!.exe
  • DayzZona Launcher.exe
  • DDTank World.exe
  • DevteamproA12.exe
Show More
  • FAOU ACTIVATOR.exe
  • H-Malware Builder V5.exe
  • HDN Uid Bypass Loader.exe
  • HeadShoot Storefps.exe
  • HFZ Activator A12+ Premium.exe
  • Horizon.exe
  • i-RTA12.exe
  • iBypass LPro A12+.exe
  • IMMORTAL 1.0.exe
  • Launcher.exe
  • Launcher Dignot.exe
  • Launcher MelhorOT.exe
  • Launcher Mythera.exe
  • Launcher Valdraken.exe
  • MainV.exe
  • MicrosoftEdge_X64_121.0.2277.106_121.0.2277.98.exe
  • MotoTool.exe
  • OPFlashTool.exe
  • REYD FREE.exe
  • SAM XX 2.6.8 C#.exe
  • Server.exe
  • SkyNet A12+.exe
  • SolaraBootstrapper.exe
  • SpiderPRO A12+.exe
  • Steal1.exe
  • Steal3.exe
  • TJprojMain
  • TRX PREMIUM 1.0.exe
  • TStool.exe
  • VG Version 3.1.exe
  • VISON FREE.exe
  • winPEAS.exe
  • ZeroKnoxRemoval.dll
Legal Copyright
  • Copyright FuckYouAll© 2025
  • Copyright © 1907
  • Copyright © 2013
  • Copyright © 2019
  • Copyright © 2022
  • Copyright © 2023
  • Copyright © 2024
  • Copyright © 2025
  • Copyright © 2025
  • Copyright © 2025 Gus
Show More
  • Copyright © 2025 GusCEO
  • Copyright © 2026
  • Copyright © DDtank World Sync 2024
  • Copyright © Developersteam.com 2025
  • Copyright © FAOU. 2025
  • Copyright © iSkorpion.com. 2025
  • Copyright © Mw soluçoes digitais me
  • Copyright © SkyNet. 2025
  • Copyright © Unknown Development Inc. 2017
  • Zero Security
Legal Trademarks
  • @d3velopersteam
  • @iSkorpionOfficial
  • @SkyNet
  • @TND95
  • AREPATOOL A12
  • SpiderPRO
  • [SM]
Original Filename
  • AMARRENEX.exe
  • AREPATOOL A12.exe
  • Audio Services.exe
  • Auth.exe
  • Black MythWukong.exe
  • Bypass.exe
  • Cz Ai Aimbot !!.exe
  • DayzZona Launcher.exe
  • DDTank World.exe
  • DevteamproA12.exe
Show More
  • FAOU ACTIVATOR.exe
  • H-Malware Builder V5.exe
  • HDN Uid Bypass Loader.exe
  • HeadShoot Storefps.exe
  • HFZ Activator A12+ Premium.exe
  • Horizon.exe
  • i-RTA12.exe
  • iBypass LPro A12+.exe
  • IMMORTAL 1.0.exe
  • Launcher.exe
  • Launcher Dignot.exe
  • Launcher MelhorOT.exe
  • Launcher Mythera.exe
  • Launcher Valdraken.exe
  • MainV.exe
  • MicrosoftEdge_X64_121.0.2277.106_121.0.2277.98.exe
  • MotoTool.exe
  • OPFlashTool.exe
  • REYD FREE.exe
  • SAM XX 2.6.8 C#.exe
  • Server.exe
  • SkyNet A12+.exe
  • SolaraBootstrapper.exe
  • SpiderPRO A12+.exe
  • Steal1.exe
  • Steal3.exe
  • TJprojMain.exe
  • TRX PREMIUM 1.0.exe
  • TStool.exe
  • VG Version 3.1.exe
  • VISON FREE.exe
  • winPEAS.exe
  • ZeroKnoxRemoval.dll
Product Name
  • A12
  • AREPATOOL A12
  • asdas2dasd
  • Audio Services
  • Auth
  • Auto Update
  • Black MythWukong
  • BYPASS
  • Bypass
  • csrss
Show More
  • DDtank World
  • DevTeamPRO A12 Tool
  • FANKAR REG V 1.1
  • FFH4X MOD DESIRE
  • Fortnite
  • H-Malware Builder V5
  • HFZ Activator A12+ Premium
  • Horizon
  • iBypass LPro A12+
  • iSkorpionA12
  • KZPROG
  • Launcher
  • Mafi Ai Aimbot !!
  • Motov05
  • myprivatebypass
  • OPFlashTool
  • Project1
  • Sheet Rat
  • SkyNet A12+
  • SpiderPRO
  • update console loader
  • ZeroKnoxRemoval
Product Version
  • 2025.12.18.3
  • 2025.11.11.3
  • 5.4.0.0
  • 5.0.0.0
  • 3.8
  • 3.1.0.0
  • 3.0.0.0
  • 2.7.0.0
  • 2.4.5.0
  • 2.3.0.0
Show More
  • 1.5.6.0
  • 1.2.3.0
  • 1.2.0.0
  • 1.2.0
  • 1.1.4.0
  • 1.1.1.1
  • 1.1.0.0
  • 1.00
  • 1.0.0.0
  • 1.0.0
  • 0.0.0.0

Digital Signatures

Signer Root Status
AO Kaspersky Lab GlobalSign Code Signing Root R45 Hash Mismatch
Harpy Cert Harpy Cert Self Signed
Kaspersky Lab Kaspersky Lab Hash Mismatch

File Traits

  • .NET
  • 2+ executable sections
  • Agile.net
  • big overlay
  • CreateThread
  • CryptUnprotectData
  • Fody
  • Goliath
  • HighEntropy
  • MZ (In Overlay)
Show More
  • NewLateBinding
  • No CryptProtectData
  • ntdll
  • Nullsoft Installer
  • RijndaelManaged
  • Run
  • SmartAssembly
  • VirtualQueryEx
  • vmp section variant
  • WriteProcessMemory
  • x64
  • x86
  • Yano
  • ZYXDN

Block Information

Total Blocks: 1,597
Potentially Malicious Blocks: 54
Whitelisted Blocks: 766
Unknown Blocks: 777

Visual Map

0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? 0 ? 0 ? 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 0 x ? ? 0 0 ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 ? 0 0 0 ? ? ? ? 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 x 0 0 ? 0 0 ? ? x ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? ? 0 0 0 ? ? ? ? 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? x x ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 ? 0 0 0 ? 0 0 0 ? ? 0 0 ? ? 0 0 0 0 0 0 0 ? ? 0 x 0 ? 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 x ? ? x ? ? ? ? 0 0 ? 0 0 0 x ? 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? ? ? 0 ? ? 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? x 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 ? x 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? x x ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 ? 0 0 0 0 ? ? ? ? 0 0 x 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? 0 ? 0 ? ? ? ? x 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 x 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? 0 0 ? 0 0 0 ? 0 0 ? ? ? ? ? 0 ? ? ? ? x x 0 x ? 0 0 0 0 0 ? 0 0 0 0 0 x 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x ? ? ? 0 ? ? ? ? ? ? ? ? ? x x 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? x x ? ? x ? ? ? ? ? ? ? ? ? ? ? 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 ? ? 0 ? 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 ? ? ? 0 0 0 0 0 0 x 0 0 ? x 0 ? 0 ? ? 0 ? 0 ? 0 ? ? 0 ? ? ? 0 x 0 ? 0 0 ? 0 ? 0 ? 0 ? 0 ? 0 0 ? 0 ? ? 0 ? 0 0 0 0 ? 0 ? 0 ? 0 0 ? 0 0 ? 0 ? ? 0 ? 0 0 0 x 0 ? 0 0 ? 0 ? 0 ? 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 ? ? ? ? 0 0 ? 0 ? ? ? 0 ? ? 0 ? ? ? 0 0 0 ? 0 ? x 0 ? 0 ? 0 ? 0 ? 0 ? ? ? 0 ? 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? x ? ? x ? x 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? x x 0 0 ? 0 0 0 ? 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 ? ? ? x x x x x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x x x 0 ? ? 0 ? 0 ? ? ? 0 0 ? ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\ddtworld\logs\checkupdate.log Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.blf Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\d737a8eb3e29ecb2162fdd9b4dea427a\d737a8eb3e29ecb2162fdd9b4dea427a.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hello.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ijxds.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-fhmrq.tmp\bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c_0006309430.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rcxa8ed.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rcxa9b8.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\rcxaab2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rcxe05b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rcxf79.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\zgokr00.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zgokr00.exe Synchronize,Write Data
c:\users\user\downloads\crash.log Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve.log1 Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2 Read Data,Write Data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::black mythwukong "c:\users\user\downloads\3adff7ac7a5f1dac7ab4ca35757ce5845078fe7a_0003815424" RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetComputerName
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserObjectInformation
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock2
  • WSAConnect
  • WSASend
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Keyboard Access
  • GetKeyState
Syscall Use
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
Show More
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtGetContextThread
  • ntdll.dll!NtGetWriteWatch
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtQueryWnfStateNameInformation
  • ntdll.dll!NtQueueApcThread
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResetWriteWatch
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetContextThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetSystemInformation
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey

18 additional items are not displayed above.

Process Shell Execute
  • CreateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory

Shell Command Execution

C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe dw20.exe -x -s 804
"C:\Users\Sbyssnnx\AppData\Local\Temp\is-FHMRQ.tmp\bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c_0006309430.tmp" /SL5="$60304,5490584,780800,c:\users\user\downloads\bf7b2ad4ddec8c0aab67d984cdaf8db77a2d685c_0006309430"

Trending

Most Viewed

Loading...