Multi-License Discount Quote

Change Region

English
Threat Database Viruses Virus.Wapomi

Virus.Wapomi

By CagedTech in Viruses

Threat Scorecard

Popularity Rank: 4,316
Threat Level: 80 % (High)
Infected Computers: 6,293
First Seen: March 21, 2012
Last Seen: April 6, 2026
OS(es) Affected: Windows

SpyHunter Detects & Remove Virus.Wapomi

File System Details

Virus.Wapomi may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. nla.dll cfb4e66b99b073451a384f702ab839f7 3

Analysis Report

General information

Family Name: Virus.Wapomi
Signature status: No Signature

Known Samples

MD5: d1b7601a0aaf462c604463100ccd6c41
SHA1: 983e8992020d0de2dbdef381ac81d30a4e0606b0
File Size: 31.23 KB, 31232 bytes
MD5: 89bce15f424c3ae6d250f4181a1791de
SHA1: fbc86d7019cc43ec878059e0a7cf163a9f5386dc
File Size: 68.61 KB, 68608 bytes
MD5: 9c13c75e527d7af76fc3be3da1922dea
SHA1: 5f64e4f6b6c4c2127d24a64ef125250cac0fa4da
File Size: 45.06 KB, 45056 bytes
MD5: 1c3ad51c91baec057bd8fc67ce37da55
SHA1: a395ba668525bd14d59ae9eca57624d54b90f747
SHA256: ECFB083277CE12BBC26CA424C889E681D4D0F62638A904B532C945DBBCE81CAD
File Size: 6.05 MB, 6053888 bytes
MD5: 6d049c906319cf987ee7d6d5c4dde46a
SHA1: b4e710ffbc12ff37847c1542f6b939c872175131
SHA256: 9667F11C370923AFB1AB02F71D9DB326021F6916A71AA148C01BFC53742E40CB
File Size: 309.76 KB, 309760 bytes
Show More
MD5: 9703a93cd7a48dfbb3afe845e8024896
SHA1: 6f6821e6625c4419b12e6c1f0bff7029b0c67d8b
SHA256: 50FD6A4B272BC989732B4592E5BFF7064E16A7E783B0CF884A4B2CB686C5F749
File Size: 41.47 KB, 41472 bytes
MD5: 980a6d47e236b297f2582e7d0b23ff86
SHA1: 96ccfb0f0240263537aced8e7a0042fef228fbf6
SHA256: F7C9A70E147786116BD146800D6F84097A0ADC0DA6BC50B443C1B12CF98ECF4D
File Size: 77.82 KB, 77824 bytes
MD5: b1fece9a3f72326baec62ec822cc8bb1
SHA1: 5d429395936ff83f128d5f7042554a0acc780406
SHA256: 8AAE397061D1C426FC0D2D1640CB644B7606A822F33C803DB7F6E31E7F38F101
File Size: 550.91 KB, 550912 bytes
MD5: 9fa6db6ccee120bef81d76b2dd517f60
SHA1: 9cd54fee059dc65c12f65d3cedcd2f041560615b
SHA256: 3B6AC3498C64C8BFD225DDDFC52CEA7040F7C0B0FCC547C284A254FD6BFD0468
File Size: 709.12 KB, 709120 bytes
MD5: e02b255fd15493da7b087475ce4f8d12
SHA1: de56187e05b2a86ce17c743a68512dd579eb56ac
SHA256: 388926D83858A27EB30A1EC939F9D53E5CB708E83B8A173607D9192CA26F24C5
File Size: 421.89 KB, 421888 bytes
MD5: 848746c4e3bd0fbe76b747630c41ae06
SHA1: bfdf8bf339692ac19f54dc466c1b929064841905
SHA256: 168B87175B5B13B4184A8FF85DF788933D07256C29144BF53CC4C6074E0B0392
File Size: 931.33 KB, 931328 bytes
MD5: c5b70a62dae6222997d4dee69b0fa861
SHA1: 09c60e2a2b5cdf6a7dae91373446315102350ca3
SHA256: 7C2688CB5FE372B7DC9E6B818325D95B51E54D3D49FA3D4E5CD1B15880D0A11B
File Size: 756.74 KB, 756736 bytes
MD5: 5665c9b8ad0204dd1efbd5088e0bc633
SHA1: 783d387aa261719241b242234fa19485527d3a5b
SHA256: AB1434E0E2B6A31FEE20E62EB75E174A1EBF47BDE363A5A42608F86EF62698B8
File Size: 2.07 MB, 2065408 bytes
MD5: 6d563dd54d7b3dcfd4a23119ecec945b
SHA1: f58569206a7596179371c69ce82674259d5c7ec0
SHA256: BAB89DF1F74FE9B2336B890D576C9E4C7EAD7A643DE9676B02F7EE2BCFFB33FF
File Size: 550.91 KB, 550912 bytes
MD5: 3d8f4cee023e3978fc32ae23e4866e00
SHA1: 2502834e1e5ed746a4bdecf3f4d2bc3ca7d57897
SHA256: 11D56DC6FE75FA01AEC94141B3C19F432B37F70EAC9D8927E2948B0936D7AA75
File Size: 113.66 KB, 113664 bytes
MD5: 829eda08e3d66250743610e53827be87
SHA1: 18b9222c59fce8fd9967d6b2cee27e2f01f3e11f
SHA256: 783CE49D8FDD9C27E1CD01D6C1F11AAC60E71753668697D746FE85B7EF829716
File Size: 278.02 KB, 278016 bytes
MD5: 3e860529d9f77ef3e33e693e7af33a87
SHA1: 4c9e70fe33349d7f21f531a7f8aeeee36b311db9
SHA256: BCC936B08EA58460CCBCC691FF08A8E04CF322A136D4C813F16E40B1132D6EC6
File Size: 1.18 MB, 1182208 bytes
MD5: 74f135114834308a78325e298d129b6f
SHA1: 1d435c27891c1678303f40873d46e1ba7bc9a5a4
SHA256: 6282A64D622F86525C55833FA82F3CF2769EC8AD3E723D5399288F5A153EBF97
File Size: 46.08 KB, 46080 bytes
MD5: 7f2576d73e947475f34956b260a5a2d4
SHA1: 4b5bd2dccd8badfc7a0fc6ee01e43487f9d0c913
SHA256: A30B3D56AB38091B110B6A9D920F64B00C752A78AD7D627A7C8E6DBD88EDE251
File Size: 604.67 KB, 604672 bytes
MD5: 6d96f28d852923c479227a0a19d92ce1
SHA1: 1f8485ba38f2ee9cd83e656cb56826eec2dafa24
SHA256: 475EC56AA606242DDCD0D43F79D5FECF15C55C1907218E7C7EC53CFDAA3DACCA
File Size: 1.41 MB, 1413120 bytes
MD5: bef162431c565f49826a9c05f00005ff
SHA1: 959b854c572d66d14b57e9826a35f38e01cf45aa
SHA256: B9637A424EE6D7C1C58E1B40025E53BA47DDCC54B380B04A32746CE1DC298C2E
File Size: 738.30 KB, 738304 bytes
MD5: 57db0ed8e46011b19f2c2c63cc4dfdcd
SHA1: 8191a357265236c48caddf8846a55feaefbd739c
SHA256: DEEC7FD8702CF5EE81362EE2F426FD65AD87CF9AC059BF1C282A9BB076D41525
File Size: 294.91 KB, 294912 bytes
MD5: f4bbaee8c7d426b2ba690d349b5bc120
SHA1: 8aae122e06fe36a5b3c4c3235ca08ccbc0a6e2d4
SHA256: 4D20A7F1CFFE9C16A661A57E00F66184AA8C877032C9B41D0C772B828D277017
File Size: 262.14 KB, 262144 bytes
MD5: e6c2907414ec04e59f67083d4f61ddb8
SHA1: f67a1946c0aa03f76392a5d92cc489e579f7923f
SHA256: FE261207BD3BD0AE997F819DF9EFBA1CCF404FC512809827297855487389FA2F
File Size: 836.10 KB, 836096 bytes
MD5: de515cc20a7ad5c83b95c57e17fecabc
SHA1: 74ccc7c7a85ca4504ccfd573df3221229d24ce76
SHA256: 5D9BCE00FB176ED1CCD4F0818A7C1892BBE2A56656032CF64A4D414B284BBB3C
File Size: 1.22 MB, 1224704 bytes
MD5: e84a045b7be0561c2467287eebe11d33
SHA1: 1acffdab2b1afa58784119ca2acb8962696d3a34
SHA256: FE076045A5922BE482E971C5C7F23691C3D3EFF53AA3F723C477FF22E6762A21
File Size: 2.16 MB, 2160128 bytes
MD5: 11c953a9a1328734cae396e49d6c6c66
SHA1: 0c2f606d3af2b7759c03f79fbfb7e68adbd3ccef
SHA256: A94D0CCDE847E4CBE2B788FF96A1F0653F9BC25F281953EF64490CDCFE9B73EE
File Size: 405.50 KB, 405504 bytes
MD5: c5c93f80dae80cf24861d5a8a78c2f55
SHA1: 8d95fcb7e62176837eb7e48170c56e1a9115e895
SHA256: 93C3E4DAD2C74DBCA7D35628A046DF74C0FB2337390C021A1DE728AEA67B5E37
File Size: 34.30 KB, 34304 bytes
MD5: 3c940bf77ee7b2aec97209320c24b9eb
SHA1: 360a22c2b62cdd9b486c656ffe720b5f41d2b581
SHA256: FDAEF4F47ED034DFA2E3684AAE2A1CB9D49E60DC2A5A814DF1DDA7FEA8C21E9F
File Size: 28.16 KB, 28160 bytes
MD5: ace0716d074a4941484b8313ba8109d6
SHA1: b89893ce3175bcbec50ad3bc5f1cc386ba823900
SHA256: A0E451ADFFCAC362AFADA215298A1776A1B751E73C5C99BF9718A80081EB0683
File Size: 3.71 MB, 3708416 bytes
MD5: e5b72c9b56b8e04f642cc70abf7c4985
SHA1: 80ad1d882dfc454564bde7ea343f1b51e4e84180
SHA256: E7F254E1742432625D5381ECDDF8B77E0B4711F2922D7BADA714AEB285261AC1
File Size: 861.18 KB, 861184 bytes
MD5: 09298970b2239fe36666885103652e2a
SHA1: cdbdf05308afa8c25dda04c853d3b7716dcebad3
SHA256: 8576C25813CADA7A7046F6D665EF918287BC71B999D2E5892E914F344CFBFF1B
File Size: 811.52 KB, 811520 bytes
MD5: 007728d7f24a4b97898df341fb8ff0ff
SHA1: 8faaf3ad237518efa4467c630db8e6552c7b1b98
SHA256: C647571091055EADA73579BDC2515920332AC615FA28DD5E292B44525581A87C
File Size: 440.32 KB, 440320 bytes
MD5: f0c439fd60652fa1f16389ca6f9990d2
SHA1: d8e0ffbe6cdf565e8ff890dbbb6395f78e13fb3d
SHA256: F629BB4DE1479515DC3CCC7E7EAF5A8DD24A6E2B452A63DB97054CB14172A70F
File Size: 5.52 MB, 5517312 bytes
MD5: c50aa35390fe27ad00deda680d2925dc
SHA1: 19e3a5eae08b7dca8b7fd0f9b86e8f68b9e8a2fd
SHA256: 2C33ABF8B9E0A8029B40A17E98A546847F8100DCB20A1BD848AE0799716DC7F2
File Size: 4.03 MB, 4026880 bytes
MD5: 613a7fe19f55212eec16b3a1698797b8
SHA1: b128c555e1e7d3a75fbe1021cf35ee5bf15ebf16
SHA256: FAFABDA7612C0E067006311DE59489F6462880DE1C41999520C35D109A3D8FA6
File Size: 31.74 KB, 31744 bytes
MD5: b0c51b3d34c51817a8816b8d456db9f4
SHA1: f238ef7097de92b682a4a9dac0bd342096ffa642
SHA256: B7C5AB6F8233BA787F2344CFEB654CE7DBC9A74E9C669748BAD78A603E502051
File Size: 836.10 KB, 836096 bytes
MD5: 2e8635309ca8cfeda2c0d15f2df47b4b
SHA1: be31d582fcff2fa3ea2dfd74d123fb01966bd152
SHA256: E63DEF7C76213B1AA84602923BCAD3C0F8EEAC0C8DAB2E8131C4D849DFB011A5
File Size: 550.91 KB, 550912 bytes
MD5: 2fc3a18c1b891d2e853afbfddf9d072f
SHA1: 6d023ce23d692fbfa7a193d748b81f982010e1bd
SHA256: 0AB02FE332F01B3B2C830BCA4F862F8E69993DAB56475D7F94A3F7EA98F940D0
File Size: 912.38 KB, 912384 bytes
MD5: 0361546d3d2f0aec56140f97cd2047f7
SHA1: 145468b421b108a21c4f6e5c8f847c3bb1184539
SHA256: 37BF294EE72282A69A5F71F6C621B60B381F996D3BC439B15CD1B71773A43F34
File Size: 1.07 MB, 1065472 bytes
MD5: f60686937637125454b8e009ae9589a3
SHA1: b99fc5a7aa71ca696eaa8d954068406c3c815c33
SHA256: C22B7FD7D22F42E6FF0B1790FC5FBE132A0A497DB548C4C273621F0BB62352A1
File Size: 836.10 KB, 836096 bytes
MD5: e66209618d848da48189226260f12160
SHA1: 4fd05d8d2e203772899317a2a6984d03a7957f46
SHA256: 99FDADB5272EED3DD256F27A399247AEE48DBD9AF25F2D8963E38E3E73133EF6
File Size: 120.32 KB, 120320 bytes
MD5: 1fea68e83be8bb02884d2c39de5d09b7
SHA1: 860f623566a1db3505e3ac21fa757b7edc06fda9
SHA256: 3B81D252D79FE5C56D81B3BF45891A0D33D5E6F041BABC2CCBD48293DDB14545
File Size: 589.31 KB, 589312 bytes
MD5: 42c67c820426039697c69631a66c11e7
SHA1: 72403f845a0c5834f857737a6c3f165b134aca16
SHA256: 698A84F6F3FC054129F37699C870DC586D37CEB079F4E318AE806C29CE184C46
File Size: 108.54 KB, 108544 bytes
MD5: ea7db76ad428f5230a03bd6644ba1c55
SHA1: 7c06f01e13e77bf13b8cb88c8bb81bfbcb48347a
SHA256: A00331B7793AA53EED27C74A982211D5C93343A945278E34CFC292716BC3E9C0
File Size: 4.97 MB, 4968960 bytes
MD5: 307b7e14875379f8355caf842c4ae7e9
SHA1: eb659ca549cd5a263b0f7aa23f341a5dfa263139
SHA256: 197C9E720862B376EC9E2D51A99A3F1A0D64C383DC198E424774D30480182EE1
File Size: 1.80 MB, 1801216 bytes
MD5: 5a333fa232b1ffeec2b233fffeee0f2c
SHA1: ad22569f3a9c8d3febdfa6e7f55c2c3748d10716
SHA256: 475163328F94CC6C88F4BA8E48818CD60BBF78199EB0BB55AD1D75C9BE169599
File Size: 46.08 KB, 46080 bytes
MD5: 58a30c293d3a81fe283c3752344ea1d4
SHA1: 0a77acb3589a733ca6de6d429a59e252dbf7b0db
SHA256: E2A34DA4B48EBECC2B2E6A45CEF9C034C66DE1DBD34E087DB0FFDF97F6405928
File Size: 1.89 MB, 1885696 bytes
MD5: 62ce26cab1b197273b757572c1202603
SHA1: cec37fdddfa40f835a8208f3f3f4a621120fa598
SHA256: FB9137550C264B37498B0A40C054EEA4D171A1385EF40D4B8E92F889ED024C15
File Size: 334.34 KB, 334336 bytes
MD5: 8492ca09c32f8ae39e048387015b31bd
SHA1: c58dbc70ac9458460e8f353aee8e3a17920227e4
SHA256: 5257BC8543F88E2D38495390438D89F1C015A45E40167B4BEAA9CC6B2A5FD603
File Size: 836.10 KB, 836096 bytes
MD5: 8662338a4df773e93e4d42afd5e1a491
SHA1: 3e79380a74719818305b5730aebb21e1d5003d35
SHA256: AA91178D3A212AC8B0381D5172DE743B28BE1F1354092ABBDE705CCC7F442B68
File Size: 339.97 KB, 339968 bytes
MD5: 83b35b5bbe9434bff23857a8e52e0486
SHA1: 58efb921af453c98688e143eff54e2042ee32883
SHA256: C874844775012B1B427BAD6F89642C2AAF5196E89FC9CCA6E3FEC78901BED4B3
File Size: 836.10 KB, 836096 bytes
MD5: 5db8a6b7b78215d9ed9de1336225240d
SHA1: ec4443c14658abfd4d2e6b7443c264f99f1c9075
SHA256: BC8D76725150AC35D65F96A7B8098D0EFDE4AA42FB6224FBD73B6287C04DBEE6
File Size: 1.59 MB, 1589248 bytes
MD5: d8243d8fb704fb03f45a0066f65ea7ed
SHA1: 0211454514a6dff070d2899422f331f70c3e6bc9
SHA256: 1C8699A5AC7C7757887747167BA1A5AE3E1B0EECB4268026D991858BE8E3926C
File Size: 8.62 MB, 8615936 bytes
MD5: 31ef3fd16a8bbde68800719f7a34d1e2
SHA1: f992dce8e7dac2c213fdd59570222e4f73e826a4
SHA256: 90E8375C6A9C0DD821DF6EFF0AEC218C7A8A05701A97617E70C4A703B51B75FA
File Size: 3.69 MB, 3687936 bytes
MD5: 5678247b350737193db6718abbd6c199
SHA1: ad3a4ef826e109a029f5585f38f167d00533b43e
SHA256: D1E6A969E0CD5FF4AD295EFCC8DF0401327ADFBAC053A03E37318EC8A2B87C26
File Size: 5.99 MB, 5994496 bytes
MD5: ca04a1a45055ebc483ea48f569979d3e
SHA1: b8dacd183910656b49e50df66e627678fa95f826
SHA256: BC2AD1A07EBE63C08DABA4453AEE0EF8FF660FE1A023D5A2C519BAA9CA2588A1
File Size: 135.17 KB, 135168 bytes
MD5: c619a9839201acd5ca27972651b083cc
SHA1: 57338a60295dabae9c40985bb5b601b45ac45210
SHA256: BDD0769CD8F959AFA6A42FF943F6FF5C84D1765B3C2C14EF6B1D091A4D04FF4B
File Size: 113.66 KB, 113664 bytes
MD5: 3d27de8aa2fa8aa6c31479e9e81f81b6
SHA1: f57086433d4b9b1d767795a1c1e194a87e5a26ac
SHA256: 2A7C4A45DAA91E7223798BF5A300C1CBEB55B19AABD07A476D74AE3C25A17E6F
File Size: 1.67 MB, 1666048 bytes
MD5: 47f55b5c79e812da4d06795591ff9ad7
SHA1: c23e9374673f7c4446ec4d82d0e4bcdeb38eeb2c
SHA256: DAD80AB019D905B94EC8B3ABA3E4125F84F967788D6105FDEE3C6BF32A1AE245
File Size: 31.74 KB, 31744 bytes
MD5: bc2e8c5705b4f64a362aa027d9fead71
SHA1: 619a9bb58bc7bcf18bebfa03cbbc5ac791ceb211
SHA256: 966B63D0629B508E5F90BCE70A8B9B11FE00D1BDEC05D978F6C79A44EDA02DBC
File Size: 34.30 KB, 34304 bytes
MD5: 1a27e654ed1e2922ea559eaf87448497
SHA1: 460346d3fd5a4b5b783a4ac9abff99b7fb5da042
SHA256: AE07E7C3D74CA5349EF9F0A4D33DC24B33CE08AF776F794F9F556804C04C6C00
File Size: 55.30 KB, 55296 bytes
MD5: 4ddf8b8b935c02fcea4d05dfdc01b3fc
SHA1: 258bf7564e25471d14a4f08ee0299615af0d024b
SHA256: 265F246993079303CCC78075CD5D075BC32CEE29F1C2BCBCEBED00D8CE3A955B
File Size: 3.15 MB, 3151872 bytes
MD5: dcb87b92a404ab8b1ca06b0c4287c80c
SHA1: d4c221052c83b1cf1460adde123aaffb67f0ab6c
SHA256: 66A4499566F0A9DE954531CB6B7511D31FEECD5B5E92DDA48A584835F1B6F8DE
File Size: 491.52 KB, 491520 bytes
MD5: aff1aba022541a32c8e7e8a28d34bf84
SHA1: d68e85b0e30b3c14300557ba523793f82ae14f21
SHA256: F6BECBA5A98CF990102A3A56D4B41561414E024F0C83493D20843713BAFED80E
File Size: 667.14 KB, 667136 bytes
MD5: a2a045a615987d761dee3f394232bf40
SHA1: afd8e54b609298e51d41470f1ddbce56f6a904c8
SHA256: 3C6C75B8AF5A482017E6B83799A1F3C8465A287721185317BF4B1C0F41D855A4
File Size: 130.56 KB, 130560 bytes
MD5: 22fe366e3415965853c680efc160d4ac
SHA1: cf4ec4826d1ad7307d38b43e4df5315a3e6257b5
SHA256: E2EF24658BB15011BBC1B41F6DCC51C97337F8D188EE280FF10FE31DBC2E3122
File Size: 167.94 KB, 167936 bytes
MD5: 8feaf94c5c91e371acb73976ae1cc318
SHA1: a48cda66797c8e18bbe90b5652e89bab54ec4b90
SHA256: 08231167A642896B44A46AF66BF47D0370E56BC471494C7C134422CAB987BAE2
File Size: 756.74 KB, 756736 bytes
MD5: a7c004643d30dd42588ddb264d2caf57
SHA1: 984482565d59382176211df1afff3d71a9ee1cd6
SHA256: 27BCC6D81E5C2AD6155C58A9E8B2F15C3E8C583DB918D796CAE59C2DE6307CB6
File Size: 32.26 KB, 32256 bytes
MD5: 7224f0e470e4459b4268d0bb1c77cceb
SHA1: cc6ec4ac566f30fa0437ec7a8615d40515d7b0be
SHA256: 3F97EEEFEB6C57C7163BB23851CE387F7342D1EBAC2A6D053C465E6F73C937E5
File Size: 3.08 MB, 3084288 bytes
MD5: 24aeb4cc062c53e12889938a05f98e8a
SHA1: 34777f8d7cac942716b984e69750b750ab2dc8f4
SHA256: 91A2C978E23ABE8D93A5B1BF1FAEAABDDB84347C9E5862384B22610ED4658E73
File Size: 35.33 KB, 35328 bytes
MD5: 2dbc8813994dad92d3c5882011587fc3
SHA1: c1c050b6a96681c36f5e6549058bca1910b142c8
SHA256: 836DA2A473C1000D5F110CB28C17DD8A12B45906FF0787C37E086D1AFF3BD95C
File Size: 114.69 KB, 114688 bytes
MD5: 2032fde45a513493d365596ea636de97
SHA1: 32b1339dfdee1e9d51c133d38b5979e61f87b152
SHA256: C1EF636C703E19CEDCB050DCB48344CA004BA56F039DEF903DCEC8A3F75A1E13
File Size: 374.27 KB, 374272 bytes
MD5: d2961106d95068a1a86a49e9d48339c5
SHA1: eaf997b3b85d5099d7addcf1cb75320ca3c56080
SHA256: EA4A3EEC1B09F506CBA3A85E99F1DFD118B8294862F7E1150522E2AF04C0CFE5
File Size: 31.74 KB, 31744 bytes
MD5: d0a5a3d094f6b2482cc423ed84bdd28c
SHA1: 7c8e6faa672da48f2369fce808926ddfaa8d2117
SHA256: CE21E7FC31B403D25ACA58031D270ADECD830CB2A074B567271480B828F2A844
File Size: 249.86 KB, 249856 bytes
MD5: c70d3de199e65e18dd57c6b3e14781b2
SHA1: c83d7dcf9b569b5e31bc978e9ebc57c90b11ed16
SHA256: B1FC968F4933A1A3888520AD342CC2C2CA63C5381E3A8221B9C94F4D1DCD6475
File Size: 258.05 KB, 258048 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

99 additional icons are not displayed above.

Windows PE Version Information

Name Value
Build Time 5:20:25 AM - 06/09/2016
Comments
  • http://www.internetdownloadmanager.com
  • mtkclient-gui
  • Use IDM forever without cracking
Company Name
  • Adobe Systems Incorporated
  • AMD
  • AutoHotkey Foundation LLC
  • Blizzard Entertainment
  • Blue Ripple Sound Limited
  • Brother Industries, Ltd.
  • Creative Technology Ltd
  • EFD Software
  • http://libusb-win32.sourceforge.net
  • Igor Pavlov
Show More
  • Insyde Software Corp.
  • Intel Corporation
  • J2TeaM
  • Microsoft Corporation
  • MPC-HC Team
  • mtkclient-gui
  • Nx ACS
  • Simple Launcher User
  • Super Win Software
  • TODO: <公司名>
  • Tonec Inc.
  • Trend Micro Inc.
  • Лаборатория Касперского, 2007-2015
  • 网龙天晴数码
File Description
  • 7-Zip Console
  • 7-Zip Standalone Console
  • 7-Zip Uninstaller
  • Adobe Acrobat SpeedLauncher
  • AutoHotkey Unicode 32-bit
  • AutoPatch Tqdigital APP
  • BNUpdate
  • CTRegSvr
  • HD Tune
  • HijackThis
Show More
  • HotFix install
  • HotKey Filter Driver Installer
  • Inf catalog and signing tool
  • installShell
  • Intel(R) Installation Framework
  • Intel(R) Management Engine Components installer
  • Internet Download Manager (IDM)
  • Launcher
  • MPC-HC
  • mtkclient-gui
  • QuickSFV Application
  • Rapture3D - Speaker Layout
  • SA-MP launcher
  • Simple Launcher Executable
  • Status Monitor Application
  • TODO: <文件说明>
  • Use IDM forever without cracking
  • Windows PowerShell
  • WinRescue
  • Антивирусная утилита AVZ
  • 网络游戏魔域客户端执行程序
File Version
  • mtkclient-gui
  • 2022.3.44.12824073
  • 26.00
  • 25.01
  • 22.01
  • 19.00
  • 18.01
  • 10.0.22621.3085 (WinBuild.160101.0800)
  • 9.2.0.124
  • 6, 42, 42, 2
Show More
  • 4.45.0.104
  • 3.1.0.0
  • 2.7.4cm
  • 2.1.0.4
  • 2.00.0004
  • 2.0.3.0
  • 2, 72, 0, 0
  • 2, 5, 5, 0
  • 2, 3, 6, 0
  • 2, 1, 32, 0
  • 1.9.24 (ffe50c0c7)
  • 1.8.36.61
  • 1.2.0.0
  • 1.1.727.43
  • 1.1.37.02
  • 1.1.0.14
  • 1.00
  • 1.0.3.0
  • 1.0.0.1
  • 1.0.0.0
  • 1, 5702, 1, 193
  • 1, 4, 5, 0
  • 1, 0, 3, 3
  • 1, 0, 0, 3
  • 1, 0, 0, 1
  • 0.0.0.0
Internal Name
  • 7z
  • 7za
  • AutoHotkey
  • AutoPatch
  • BNUpdate
  • BrStMonW
  • CTRegSvr
  • dpscat.exe
  • HD Tune
  • HijackThis
Show More
  • HKFltrInstaller.exe
  • Hotfix_install.exe
  • ICCS
  • IDM Trial Reset.exe
  • installS
  • Internet Download Manager
  • launch3
  • Launcher.exe
  • ME
  • MiLoginT.exe
  • mpc-hc
  • mtkclient-gui
  • POWERSHELL
  • QuickSFV
  • SHURIKEN 3
  • soul.exe
  • t32.exe
  • Uninstall
  • User Layout
  • w32.exe
  • Антивирусная утилита AVZ
Legal Copyright
  • (c) 2005-2024 Unity Technologies. All rights reserved.
  • (c) 2007 Trend Micro Inc
  • (C) 2016 idmresettrial All rights reserved.
  • Copyright (C), Intel Corporation. All rights reserved.
  • Copyright (c) 1999-2018 Igor Pavlov
  • Copyright (c) 1999-2022 Igor Pavlov
  • Copyright (c) 1999-2025 Igor Pavlov
  • Copyright (c) 1999-2026 Igor Pavlov
  • Copyright (C) 2003-2008
  • Copyright (C) 2003-2013
Show More
  • Copyright (C) 2004 Brother Industries, Ltd.
  • Copyright (C) 2005
  • Copyright (C) 2006
  • Copyright (C) 2008
  • Copyright (C) 2012, Intel Corporation
  • Copyright (c) 2018 Insyde Software Corp. All Rights Reserved.
  • Copyright (C) 2022
  • Copyright (C) 2023
  • Copyright (c) Creative Technology Ltd., 2001-2002. All rights reserved.
  • Copyright (C) Simple Launcher User
  • Copyright 1984-2009 Adobe Systems Incorporated and its licensors. All rights reserved.
  • Copyright 2002-2022 clsid2 and others
  • Copyright © 1996-2003
  • Copyright © 2007-2016 Richard W.E. Furse
  • mtkclient-gui
  • Tonec FZE, Copyright © 1999 - 2025
  • © Microsoft Corporation. All rights reserved.
  • © T. Robinson 2010-2012
  • Антивирусная утилита AVZ
  • 版权所有 (C) 2002
  • 版权所有 (C) 2006
Legal Trademarks
  • Intel Corporation
  • Internet Download Manager
  • mtkclient-gui
  • ©
Original Filename
  • 7z.exe
  • 7za.exe
  • AcroSpeedLaunch.exe
  • AutoHotkey.exe
  • AutoPatch.EXE
  • avz.exe
  • BNUpdate.exe
  • BrStMonW.exe
  • CTRegSvr.exe
  • dpscat.exe
Show More
  • HDTune.EXE
  • HijackThis.exe
  • HKFltrInstaller.exe
  • Hotfix_install.exe
  • IDMan.exe
  • IDM Trial Reset.exe
  • installShell.exe
  • Launcher.exe
  • MiLoginT.exe
  • mpc-hc.exe
  • mtkclient-gui
  • PowerShell.EXE
  • QuickSFV.exe
  • RDCfg.exe
  • rescue.exe
  • sa_mp.exe
  • Setup.exe
  • SHURIKEN 3.exe
  • t32.exe
  • Uninstall.exe
  • UserLayout.exe
  • w32.exe
  • 魔域.exe
Private Build mtkclient-gui
Product Name
  • 7-Zip
  • Adobe Acrobat
  • AutoHotkey
  • AutoPatch Tqdigital APP
  • Blizzard Update Program
  • CTRegSvr
  • dpscat.exe
  • Game Launcher
  • HD Tune
  • HijackThis
Show More
  • IDM Trial Reset
  • installShell
  • Intel(R) Installation Framework
  • Intel(R) Management Engine Components
  • Internet Download Manager (IDM)
  • launch3 Application
  • Microsoft® Windows® Operating System
  • MPC-HC
  • mtkclient-gui
  • Project1
  • QuickSFV Application
  • Rapture3D - Speaker Layout
  • RDCfg
  • Simple Launcher
  • Status Monitor Application
  • TODO: <产品名>
  • Universal HotKey Filter Driver Installer
  • WinRescue
  • Антивирусная утилита AVZ
  • 魔域客户端执行程序
Product Version
  • mtkclient-gui
  • 2022.3.44f1 (c3ae09b9f03c)
  • 26.00
  • 25.01
  • 22.01
  • 19.00
  • 18.01
  • 11.0.6.1194
  • 10.0.22621.3085
  • 9.2.0.124
Show More
  • 6, 42, 42, 2
  • 4.45
  • 3.1.0.0
  • 2.7.4cm
  • 2.1.0.4
  • 2.00.0004
  • 2.0.3.0
  • 2, 72, 0, 0
  • 2, 5, 5, 0
  • 2, 3, 6, 0
  • 1.9.24 (ffe50c0c7)
  • 1.2.0.0
  • 1.1.727.43
  • 1.1.37.02
  • 1.1.0.14
  • 1.08.36.0
  • 1.00
  • 1.0.0.1
  • 1.0.0.0
  • 1, 4, 5, 0
  • 1, 0, 3, 3
  • 1, 0, 0, 3
  • 1, 0, 0, 1
  • 0.0.0.0
Special Build mtkclient-gui
Website https://junookyo.blogspot.com/

File Traits

  • 2+ executable sections
  • AutoHK
  • Default Version Info
  • fptable
  • HighEntropy
  • imgui
  • Installer Manifest
  • Installer Version
  • JMC
  • No Version Info
Show More
  • ntdll
  • packed
  • SusSec
  • upx
  • UPX!
  • vb6
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 390
Potentially Malicious Blocks: 1
Whitelisted Blocks: 258
Unknown Blocks: 131

Visual Map

0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? ? 0 ? 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? 0 ? 0 0 0 1 0 x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.ACB
  • Agent.EN
  • Agent.FDJ
  • Agent.MP
  • Agent.OFHA
Show More
  • Agent.ZL
  • AutoHotkey.B
  • BadJoke.XA
  • Badda.A
  • Banker.GF
  • Chapak.DA
  • Convagent.I
  • Crytex.B
  • DarkGate.B
  • Downloader.Agent.ZK
  • Draobo.A
  • Ekstak.AN
  • Expiro.IE
  • Expiro.KA
  • Expiro.P
  • Farfli.N
  • Gamehack.HCE
  • Gamehack.HKCE
  • Gamehack.YF
  • Injector.KPP
  • Injector.MFA
  • KeyLogger.B
  • Kryptik.DGE
  • Kryptik.GSJ
  • Lamer.B
  • MSIL.Stealer.BV
  • Malat.A
  • Qhost.MA
  • Resur.B
  • Saviour.A
  • Stealer.BPE
  • Trickster.LC
  • Ulise.A
  • Ursnif.AD
  • VCrypt.A Ransomware

Files Modified

File Attributes
Generic Read,Write Data,Write Attributes,Write extended,Append data
Synchronize,Write Attributes
\\ Generic Read,Write Data,Write Attributes,Write extended,Append data
\\ Synchronize,Write Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ie0lso7.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ie0lso7.exe Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ijkdrh7.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ijkdrh7.exe Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ivz02qf.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$ivz02qf.exe Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$re0lso7.exe Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rjkdrh7.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rjkdrh7.exe Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rvz02qf.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$rvz02qf.exe Synchronize,Write Attributes
c:\5890.tmp\58a1.tmp\58a2.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b7a3.tmp\b7a4.tmp\b7a5.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\cuassistant\culauncher.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\cuassistant\culauncher.exe Synchronize,Write Attributes
c:\program files\microsoft update health tools\expediteupdater.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\expediteupdater.exe Synchronize,Write Attributes
c:\program files\microsoft update health tools\uhssvc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\uhssvc.exe Synchronize,Write Attributes
c:\program files\rempl\sedlauncher.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\rempl\sedlauncher.exe Synchronize,Write Attributes
c:\program files\ruxim\dtudriver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\dtudriver.exe Synchronize,Write Attributes
c:\program files\ruxim\plugscheduler.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\plugscheduler.exe Synchronize,Write Attributes
c:\program files\ruxim\ruximics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\ruximics.exe Synchronize,Write Attributes
c:\program files\ruxim\ruximih.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\ruxim\ruximih.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\classification\sensece.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\classification\sensece.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\mssense.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\mssense.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseap.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseap.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseaptoast.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseaptoast.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensecm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensecm.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensedlpprocessor.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensedlpprocessor.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensegpparser.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensegpparser.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseidentity.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseidentity.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseimdscollector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseimdscollector.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseir.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseir.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensendr.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensendr.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetracer.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetracer.exe Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetvm.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetvm.exe Synchronize,Write Attributes
c:\program files\windows defender\configsecuritypolicy.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\configsecuritypolicy.exe Synchronize,Write Attributes
c:\program files\windows defender\mpcmdrun.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\mpcmdrun.exe Synchronize,Write Attributes
c:\program files\windows defender\msmpeng.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\msmpeng.exe Synchronize,Write Attributes
c:\program files\windows defender\nissrv.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\nissrv.exe Synchronize,Write Attributes
c:\program files\windows defender\offline\offlinescannershell.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\offline\offlinescannershell.exe Synchronize,Write Attributes
c:\program files\windows mail\wab.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wab.exe Synchronize,Write Attributes
c:\program files\windows mail\wabmig.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wabmig.exe Synchronize,Write Attributes
c:\program files\windows photo viewer\imagingdevices.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows photo viewer\imagingdevices.exe Synchronize,Write Attributes
c:\program files\windows security\browsercore\browsercore.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows security\browsercore\browsercore.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentproxy\agentproxy.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentproxy\agentproxy.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentrelay\agentrelay.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\agentisolationenvironment.agentrelay\agentrelay.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\copilot.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\copilot.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\copilotcontext.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\copilotcontext.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\copilotwidgets.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\copilotwidgets.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.copilot_1.25121.84.0_x64__8wekyb3d8bbwe\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstaller.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\winget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.430.0_x64__8wekyb3d8bbwe\winget.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstaller.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerfulltrustappserviceclient.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\configurationremotingserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\configurationremotingserver\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\winget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.26.510.0_x64__8wekyb3d8bbwe\winget.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstaller.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\winget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\winget.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\appinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\appinstaller.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\winget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.460.0_x64__8wekyb3d8bbwe\winget.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstaller.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstaller.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerprotocolshim.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\authenticationmanager.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\winget.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\winget.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\gethelp.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.22951.0_x64__8wekyb3d8bbwe\gethelp.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\createdump.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\gethelp.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\gethelp.exe Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.33293.0_x64__8wekyb3d8bbwe\createdump.exe Generic Read,Write Data,Write Attributes,Write extended,Append data

478 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\wow6432node\interface\{0000000c-0000-0000-c000-000000000046}\nummethods::  RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 얓㎒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ︸ᐌ㏩ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.200.31.10#amas::_labelfromdesktopini RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc::exepath c:\users\user\downloads\0211454514a6dff070d2899422f331f70c3e6bc9_0008615936 RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings::audioboost RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\internal filters::tra_wmv RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings\fullscreenautochangemode::enable RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings\fullscreenautochangemode::applydefaultmodeatfsexit  RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings\fullscreenautochangemode::restoreresafterexit  RegNtPreCreateKey
Show More
HKCU\software\mpc-hc\mpc-hc\settings\fullscreenautochangemode::delay RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings::disablesubtitleanimation RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings::subtitlerenderer RegNtPreCreateKey
HKCU\software\mpc-hc\mpc-hc\settings::settingsversion  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::program C:\WINDOWS\WINDOWS.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidefileext  RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • NtWriteVirtualMemory
  • VirtualAllocEx
Network Urlomon
  • URLDownloadToFile
Process Shell Execute
  • CreateProcess
  • WinExec
  • WriteConsole
Process Terminate
  • TerminateProcess
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Other Suspicious
  • AdjustTokenPrivileges
  • SetWindowsHookEx
Keyboard Access
  • GetKeyboardState
  • GetKeyState

Shell Command Execution

C:\Users\Jyctrlsy\AppData\Local\Temp\3B2064F3.exe
C:\Users\Jyctrlsy\AppData\Local\Temp\7C466CED.exe
C:\Users\Jyctrlsy\AppData\Local\Temp\7A5E38E4.exe
C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /c tool_amd64.exe /PATH . /LM /SW
C:\Users\Qewyebjp\AppData\Local\Temp\091826B0.exe
Show More
C:\Users\Qewyebjp\AppData\Local\Temp\48722EAA.exe
C:\Users\Qewyebjp\AppData\Local\Temp\50E27AA1.exe
C:\Users\Qewyebjp\AppData\Local\Temp\0C37029B.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (NULL)
"C:\WINDOWS\sysnative\cmd" /c "\5890.tmp\58A1.tmp\58A2.bat c:\users\user\downloads\2502834e1e5ed746a4bdecf3f4d2bc3ca7d57897_0000113664"
"C:\WINDOWS\sysnative\cmd" /c "\B7A3.tmp\B7A4.tmp\B7A5.bat c:\users\user\downloads\18b9222c59fce8fd9967d6b2cee27e2f01f3e11f_0000278016"
C:\WINDOWS\System32\Wbem\WMIC.exe wmic pagefileset create name="C:\\pagefile.sys"
C:\WINDOWS\system32\shutdown.exe shutdown /r /t 5
C:\Users\Yehufkdc\AppData\Local\Temp\7B567813.exe
C:\Users\Pbucqect\AppData\Local\Temp\6CD816C1.exe
C:\Users\Pbucqect\AppData\Local\Temp\30571EBB.exe
C:\Users\Kezujgwc\AppData\Local\Temp\2BBD58B1.exe
C:\Users\Kezujgwc\AppData\Local\Temp\6CD260AB.exe
C:\Users\Lbupefho\AppData\Local\Temp\728C33C2.exe
C:\Users\Lbupefho\AppData\Local\Temp\2EBF3BBC.exe
C:\Users\Qjpjlxnq\AppData\Local\Temp\1AC741C7.exe
C:\Users\Qjpjlxnq\AppData\Local\Temp\19A90DBE.exe
C:\Users\Icqacfuj\AppData\Local\Temp\5BDB2011.exe
C:\Users\Icqacfuj\AppData\Local\Temp\194E280B.exe
C:\Users\Josoqfoi\AppData\Local\Temp\65DE1307.exe
C:\Users\Josoqfoi\AppData\Local\Temp\63015EFE.exe
C:\Users\Omvstkoh\AppData\Local\Temp\42BC500F.exe
C:\Users\Omvstkoh\AppData\Local\Temp\7DB05809.exe
C:\Users\Lhfrgvsj\AppData\Local\Temp\2E6E4216.exe
C:\Users\Lhfrgvsj\AppData\Local\Temp\34BA0E0D.exe
C:\Users\Yoxlevay\AppData\Local\Temp\21F97AC3.exe
C:\Users\Yoxlevay\AppData\Local\Temp\1F1F46BA.exe
C:\Users\Yoxlevay\AppData\Local\Temp\60EF4EB4.exe
C:\Users\Yoxlevay\AppData\Local\Temp\1E8B22A5.exe
C:\Users\Zghexgrs\AppData\Local\Temp\0EE464E1.exe
C:\Users\Zghexgrs\AppData\Local\Temp\0A7830D8.exe
C:\Users\Ostjkaop\AppData\Local\Temp\5E30718E.exe
C:\Users\Ostjkaop\AppData\Local\Temp\1E197988.exe
C:\Users\Fbevwjsi\AppData\Local\Temp\4B9C52EA.exe
C:\Users\Fbevwjsi\AppData\Local\Temp\0F6A5AE4.exe
C:\Users\Uofmjyyl\AppData\Local\Temp\65D16D6F.exe
C:\Users\Uofmjyyl\AppData\Local\Temp\5D823966.exe
WriteConsole: Copyright(c) 201
WriteConsole: Portions Copyrig
WriteConsole:
WriteConsole: c:\users\user\do
C:\Users\Qpwmahit\AppData\Local\Temp\1CCE55B8.exe
C:\Users\Qpwmahit\AppData\Local\Temp\16BA21AF.exe
C:\Users\Gsmiwbnj\AppData\Local\Temp\7C4E2738.exe
C:\Users\Gsmiwbnj\AppData\Local\Temp\385D2F32.exe
C:\Users\Gsmiwbnj\AppData\Local\Temp\7847372C.exe
C:\Users\Mmoumfpo\AppData\Local\Temp\3B7C40D4.exe
C:\Users\Mmoumfpo\AppData\Local\Temp\38B60CCB.exe
C:\Users\Qasgfzvk\AppData\Local\Temp\577905E5.exe
C:\Users\Qasgfzvk\AppData\Local\Temp\527451DC.exe

Trending

Most Viewed

Loading...