Multi-License Discount Quote

Change Region

English
Threat Database Trojans Win32/DownloadAdmin.G

Win32/DownloadAdmin.G

By Domesticus in Trojans

Threat Scorecard

Popularity Rank: 5,586
Threat Level: 10 % (Normal)
Infected Computers: 20,970
First Seen: April 17, 2013
Last Seen: April 13, 2026
OS(es) Affected: Windows

Win32/DownloadAdmin.G is a virus that is related to rootkits. Win32/DownloadAdmin.G is difficult to detect and uninstall by many anti-virus software. Win32/DownloadAdmin.G downloads other malware infections on the infected computer, such as spyware, adware, Trojans, and many other. Win32/DownloadAdmin.G can install it partially or in fill as it executes the loads with compromised Administrator's authorizations. Win32/DownloadAdmin.G may take over the hijacked Internet browser and lead to unwanted diversions to doubtful websites. Win32/DownloadAdmin.G may show disturbing pop-up advertisements while the target PC user is browsing the web.

Aliases

1 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG Generic.B09

SpyHunter Detects & Remove Win32/DownloadAdmin.G

File System Details

Win32/DownloadAdmin.G may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. UpdateAdmin.exe a2626b7668c0058fed2731b240f7a2ab 3
More files

Registry Details

Win32/DownloadAdmin.G may create the following registry entry or registry entries:
File name without path
http_www.downloadadmin.com_0.localstorage
http_www.downloadadmin.com_0.localstorage-journal
service.updateadmin[1].xml
www.downloadadmin[1].xml
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E
SOFTWARE\Classes\Installer\Features\5C59CF75147BC96468703BC9CE248342
SOFTWARE\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E
SOFTWARE\Classes\Installer\Products\5C59CF75147BC96468703BC9CE248342
SOFTWARE\Classes\Installer\UpgradeCodes\E71AAEE8659CC5148A67A8122969D921
Software\DownloadAdmin
Software\Escolade
Software\Microsoft\Internet Explorer\DOMStorage\downloadadmin.com
Software\Microsoft\Internet Explorer\DOMStorage\service.updateadmin.com
Software\Microsoft\Internet Explorer\DOMStorage\updateadmin.com
Software\Microsoft\Internet Explorer\DOMStorage\www.downloadadmin.com
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\E71AAEE8659CC5148A67A8122969D921
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateAdmin
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{07B4B423-E4DA-47D1-8327-B589EB4BEB58}
{2DDF4FAF-F9ED-4D76-BB6C-29027CE4202C}
{57FC95C5-B741-469C-8607-B39CEC423824}
{81F17B54-5D57-485E-88CC-F6D20D66B5E0}
{8F1CD30B-3A84-4B95-BFA4-CC0F885B8463}

Directories

Win32/DownloadAdmin.G may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
%ALLUSERSPROFILE%\Start Menu\Programs\UpdateAdmin
%APPDATA%\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
%LOCALAPPDATA%\UpdateAdmin
%USERPROFILE%\Local Settings\Application Data\UpdateAdmin

Analysis Report

General information

Family Name: PUP.DownloadAdmin
Signature status: Modified signature

Known Samples

MD5: 7e9388d94b5bced839b65c1a70549772
SHA1: c74523a6007ccab3c75b60b291be7a253c9bc4f0
File Size: 439.56 KB, 439560 bytes
MD5: ba0158d9f7ba3a222564da4f82baf8d6
SHA1: 052ab38febdf7fe4c6a7dc00a44d3b8500f7ab98
File Size: 41.47 KB, 41472 bytes
MD5: 2589849345284b2921d207fa1238ba1a
SHA1: d022d48355134945f43030a46d34b203897c8fab
File Size: 843.08 KB, 843080 bytes
MD5: 920289435b894cad8cfab7a9d38f01fa
SHA1: 245d69059b6d4b617532516857e110a85af01f68
SHA256: 5DC56F3FF2AF23DA3AE588B8F7DB47C8F1217E91BEDD1E93E62833D563FF2604
File Size: 6.22 MB, 6221314 bytes
MD5: 39babe8fbfd96afc2180b7f152a07e02
SHA1: a3afed20b128c99281c3a1184f0464d7faaa4c2e
SHA256: CF88A9B1450FD8BBC7EC5473BFC658ABBD2BEAD337D253D8D4A4E7AA895758DE
File Size: 589.51 KB, 589512 bytes
Show More
MD5: e2b5f4cf1abbe5f717a5cd0b6ca7b375
SHA1: 3f247da2c6ec643eb832cbfdc3f47e1bd2d22039
SHA256: F808D182958C9350301013A58048C0C3FE51FEB252025CD14DECD98E7998CF34
File Size: 588.60 KB, 588600 bytes
MD5: bf126f0d512d39072f837d099a3cf3cf
SHA1: c627ead025ac4da57e652d095c3e108892ce54ff
SHA256: 1A38A34E09C179E0752D35691FA8DB1AE7ADD9AAA81BB72C08E8CFE252F2CCC6
File Size: 842.00 KB, 842000 bytes
MD5: 8908cc8f7187ccbcdf83e653cca1a397
SHA1: e9fb0a24f07b119dbce730dc3dc8d5c48bf28ae8
SHA256: 3FF3BCE3012ED2F0F6E4CDCB2594890D239B75843F3F377AF8F34F36CAB93D86
File Size: 857.10 KB, 857104 bytes
MD5: 6a3bbef0babe04f4ed5ccf02943d39eb
SHA1: 3f654e67795bec9444b4ddc648b8af97842b2bce
SHA256: EFE0E936B2EC302EBF2BC87CA34B75F9097764655794CED5D4AD4398BF2E768D
File Size: 479.24 KB, 479240 bytes
MD5: e475f20448eff1405bb6a406814c01c2
SHA1: 6246a11777d1b726d8005f396a608ca5c45fcfee
SHA256: 03609756C97844C960B731224D01DD70C743BC2B3BA60458802A8209641F3C2C
File Size: 833.86 KB, 833864 bytes
MD5: b4f9b5d28d8a9be9a65701a08b8209fe
SHA1: c68742bf5950ea5eb9e6eaf85c6e2fd71105880b
SHA256: 441CB52A5C24E839ED0647B12D230D2E3ACA74DA689050FD99A8759B2C6B1931
File Size: 589.62 KB, 589624 bytes
MD5: 0c68e2aa1109e54e58d2e278a106e14e
SHA1: 592f92ff81daa1451dd77c221eb8046aaa49943b
SHA256: F5DCD38DA72C489330BE78B4F3F25C43A2AB5FA2EE887AE968B21735E938056D
File Size: 4.99 MB, 4992128 bytes
MD5: e4b1af2ee8f12bfd3f2673f6064228e7
SHA1: 51b320f2ed11abb216239212056c2250a4c7368e
SHA256: 796A680D54C703241F86276043195DF5925D4F9521CC212442F219ADB37C430B
File Size: 618.91 KB, 618912 bytes
MD5: d1f9834fa896197fd044758b7a9f1fe1
SHA1: b049ba7aaebdb14cc43ecb00387d364e9c6555a9
SHA256: 1025B6201759518F7EA168FC680BF83066E81FD50284FADC832A4CACF3924ED6
File Size: 887.52 KB, 887520 bytes
MD5: 7087f1d1fcf0ecc1f9f56530255d54ee
SHA1: 8daa9fc5c48114a40b6d81d75804d050875b0372
SHA256: 545B37C4F664DF2EEA76AAD75803C841A9F262D8C93A2399232442FAC7CCB5F0
File Size: 505.12 KB, 505120 bytes
MD5: 6c2a6cfd28c11b6f2b9750d492e52c3e
SHA1: 8035e9b96623cfc6261898d00e67f38e35635a4b
SHA256: 0307119063F6ACAD188CA0C790CEA882150218D66F3AF242D8EEFCC86993F1CC
File Size: 618.91 KB, 618912 bytes
MD5: 6f3637056fbf4681d28aa637f719e338
SHA1: b4388d021aa894dda05083746a1c4342c8a8a3f9
SHA256: E02C834497FA645DA449CC0F2D16EBAE4FD37D7805B2DDA3072129814F92A0DD
File Size: 222.72 KB, 222720 bytes
MD5: 69c3ae5aacf7c979986fb8995aca6d9c
SHA1: f527708496fd73aec6f80a49397469a142a4ae0c
SHA256: F1FD40F254AA95A2895692090D96C816569E2B99A0C2B9E68A4D20A084BFCBBF
File Size: 824.10 KB, 824104 bytes
MD5: 80600ef1afb783e8bc2e8a651c523877
SHA1: 9b51cfd01c2d22d5de9a135337b10270e8b1bd65
SHA256: B15976FBE4B9FD5D573A652FD321DE21408C302CC7D9B620E62E713ADE3E49B2
File Size: 1.03 MB, 1025800 bytes
MD5: e4ad494463d63cd4d339eff255ab2c4e
SHA1: 6039b0177037ccb8f303ee94ba9421642635358f
SHA256: 5AE4B263FAEA7DCD8ADFD2DEBD4A96AFC401184F9A23D8D990A1F1EEB1F89361
File Size: 1.06 MB, 1061248 bytes
MD5: e1fe7d93508abf69000cc84b41950b60
SHA1: 24ce074f0271c7f8df06547edc44fe782bb1e4a4
SHA256: 2DFA035BE51C2736AAA6EDABDDBC5F4BAD8045BE1EC11ACDA74CD0E00D854329
File Size: 589.53 KB, 589528 bytes
MD5: c6a7fcc82a80f20742b5edc0ad196b43
SHA1: cf7f12eb971a64aaa0f725e5fee9e8faaf615f1c
SHA256: 81C02B13F1877686BAB7282945D0B76FA92C911E73E3518EB8C85EC367C1C48F
File Size: 1.21 MB, 1212472 bytes
MD5: 09279c896ca9759dbcfc9b37ddbab9c2
SHA1: a7144315c0cef44d508876ce4ebf68022011f676
SHA256: 9596BA3BE91CC230FC308105CE283A053A49F5CB4D2BA9C56685DB83D30C723D
File Size: 5.18 MB, 5181528 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Comments
  • Cmnts
  • Created with Setup Factory 8.0
  • OCSClient v5.0
  • This installation was built with Inno Setup.
Company Name
  • Devhancer LLC
  • Elit -e - Company
  • Supersonic Smooth Software Installer
  • Tomorrow Software
File Description
  • Description is empty
  • Download Manager
  • Lim Таймер выключения Setup
  • Porro est quia 664ac38c98e4e5b8a35138508373bf7c id
  • Setup Application
  • StarMule
  • Supersonic Smooth Software Installer
  • Tomorrow Software Installer
File Version
  • 83.5.6.6387
  • 8.2.1.0
  • 5.8.0.0
  • 4.3.3
  • 3, 5, 13, 0
  • 2.0.0.1
  • 1.00
  • 1, 3, 3, 98
Internal Name
  • Download Manager
  • ocsclient
  • setup.exe
  • suf80_launch
  • TnT
  • tomorrow-setup.exe
Legal Copyright
  • 2014
  • Copyright (C) 2015
  • Setup Engine Copyright © 2004-2009 Indigo Rose Corporation
  • � Devhancer LLC
Legal Trademarks
  • No
  • Setup Factory is a trademark of Indigo Rose Corporation.
Original Filename
  • DHelper
  • ocsclient.exe
  • setup.exe
  • suf80_launch.exe
  • tomorrow-setup.exe
Product Name
  • CHummer
  • Download Manager
  • Lim Таймер выключения
  • OCSClient
  • Setup Factory 8.0 Runtime
  • StarMule
  • Supersonic Smooth Software Installer
  • Tomorrow Software Installer
  • Totam
Product Version
  • 83.5.6.6387
  • 8.2.1.0
  • 4.3.3
  • 3, 5, 13, 0
  • 2.0.0.1
  • 1.5.1.10
  • 1.00
  • 1, 3, 3, 98
Special Build 3, 5, 13, 0
Com.build.date
  • 1/31/2014
  • 2/5/2013
  • 4/5/2013
  • 5/31/2013
  • 7/24/2014
  • 8/27/2014
Com.build.dir
  • C:\BM\2.5-Static\WebTemplates
  • C:\BM\2.5\WebTemplates
  • C:\BundleManager\25\WebTemplates
Com.build.id
  • 1c75a51319f7c57a76e3f5511f624ea77b3911d9
  • 8a2d1789e4ab6a8770ec9c50af8fe6b66a155ed3
  • 949be3fbe7804e2ef8adb61ad916831456747fb8
  • 4946ae9bff8b490953f0d12f0c10060b7c0d7826
  • dcd928aa00774a794633df957ed93c5589d79c9a
  • ea9d979dcbb4c5ffd1cbea8eff65e4806ada1b92
Com.build.machine
  • BASEVM-PC
  • DENISE-X230
  • DENISE-X240
  • TESTINGASUS1-PC
Com.build.skin
  • .
  • SkinTucows
Com.build.time
  • 3:04:22 PM
  • 3:24:27 PM
  • 3:27:00 PM
  • 10:03:10 AM
  • 11:50:06 AM
  • 12:10:56 PM
Com.build.user $%USER%

Digital Signatures

Signer Root Status
Electronic Team, Inc AddTrust External CA Root Hash Mismatch
Electronic Team, Inc. AddTrust External CA Root Hash Mismatch
Tucows Inc. AddTrust External CA Root Root Not Trusted
Download Admin Class 3 Public Primary Certification Authority Root Not Trusted
Hamrick Software DigiCert Assured ID Root CA Hash Mismatch
Show More
All Team Interactive Go Daddy Root Certificate Authority - G2 Root Not Trusted
Files Info Go Daddy Root Certificate Authority - G2 Root Not Trusted
Zen Bros Media Go Daddy Root Certificate Authority - G2 Root Not Trusted
Digital Republic Media Group GmbH Go Daddy Secure Certificate Authority - G2 Self Signed
Prospera Software Inc. USERTrust RSA Certification Authority Root Not Trusted
Chip Xonio Online GmbH UTN-USERFirst-Object Root Not Trusted
Luftix Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Sanflex VeriSign Class 3 Code Signing 2010 CA Root Not Trusted
Skymonk Solutions Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Download Admin VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Full Spectrum Interactive VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
TEA TIME BISCUITS VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Web Install VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Micronames Corp, thawte SHA256 Code Signing CA Self Signed

File Traits

  • 2+ executable sections
  • HighEntropy
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • nosig nsis
  • VirtualQueryEx
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 25
Potentially Malicious Blocks: 1
Whitelisted Blocks: 4
Unknown Blocks: 20

Visual Map

? ? ? x ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • DownloadAdmin.B
  • DownloadAdmin.E
  • DownloadAdmin.G
  • Fareit.AI
  • Fareit.L
Show More
  • Fugrafa.J
  • Gamehack.FFO
  • Zusy.CB

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\extramod.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\loading_screen.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\lua51.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\nsis7z.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\nsisunz.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\4sf0yrgpt9xieb9bdz5\shared_library.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\temp\_ir_sf_temp_0\] Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\] Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\irsetup.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\_ir_sf_temp_0\rzÉÕ0oéhæØr:üÙ8&Í\òc¡}Ðzáåë"Àv?´^åÃgãar×]eÍ5 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_ir_sf_temp_0\rzÉÕ0oéhæØr:üÙ8&Í\òc¡}Ðzáåë"Àv?´^åÃgãar×]eÍ5 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-lfk20.tmp\245d69059b6d4b617532516857e110a85af01f68_0006221314.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nhpsp.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-nhpsp.tmp\enim.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-nhpsp.tmp\enim.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa5d1f.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa5f40.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsa5f41.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd6207.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd65aa.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5bb6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf60e7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf60e8.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\__web.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\__web.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\advancedtests.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\advancedtests.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\browsercontrol.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\browsercontrol.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\bundleinstall.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\bundleinstall.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\callbackproxy.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\callbackproxy.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\definitions.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\definitions.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadlist.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadlist.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloads.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloads.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadthread.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\downloadthread.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\eagerinstall.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\eagerinstall.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\env.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\env.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\events.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\events.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\extension.tlb Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\extension.tlb Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\floatingprogress.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\floatingprogress.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\accept_green.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\accept_green.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\animatedprogress.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\animatedprogress.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\close.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\close.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\decline.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\decline.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\exit.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\exit.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\generic_icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\open.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\open.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\run.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\run.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\save.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\save.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\show.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\show.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\tucow_bga1.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\genericdlm\tucow_bga1.gif Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\guiinit.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\guiinit.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\integratedoffer.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\integratedoffer.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\json.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\json.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\lua51.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\lua51.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luabridge.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luacom.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luacom.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\ltn12.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\ltn12.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\mime.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\mime.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\ftp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\ftp.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\http.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\http.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\smtp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\smtp.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\tp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\tp.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\url.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\lua\socket\url.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\mime Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\mime\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\mime\core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\socket Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\socket\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luasocket\socket\core.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml_lib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\luaxml_lib.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\notifyicon.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\notifyicon.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsis7z.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsis7z.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsisunz.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\nsisunz.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\processfreefile.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\processfreefile.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\common.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\jquery.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\jquery.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\knockout.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\res\knockout.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\sandbox.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\sandbox.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\scheduler.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\scheduler.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uacinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uacinfo.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uistate.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\uistate.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\un.package.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\un.package.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\utils.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\utils.lua Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf60e8.tmp\version.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\0\download.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\__localxml.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\__web.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\custombrandingurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\customnsweb.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\definitions.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\floatingprogress.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\guiinit.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\lua51.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\ltn12.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\mime.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\ftp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\http.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\smtp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\tp.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\lua\socket\url.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\mime\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luasocket\socket\core.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luaxml.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\luaxml_lib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\un.package.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff72f.tmp\utils.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg60e6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsg60e7.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh62bb.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsh63a5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsh63a6.tmp\luabridge.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\api_substitution.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\async_tracking.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\bit.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\browserutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\bundleinstall.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\callbackproxy.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\conditional_engine.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\data_injection.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\data_stores.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\definitions.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\downloadlist.lua Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi1125.tmp\downloads.lua Generic Write,Read Attributes

613 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Bruxubmm\AppData\Local\Temp\nsn44A8.tmp\floatingprogress.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Bruxubmm\AppData\Local\Temp\nsn44A8.tmp\floatingprogress.dll\??\C:\Users\Bruxubmm\AppData\Local\Temp\nsn44A8.tmp\ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\ RegNtPreCreateKey
HKCU\software\ocs::cid 2fe650d0-7d11-4b38-bdc5-43c076c2c68f RegNtPreCreateKey
HKCU\software\ocs::pid chipde RegNtPreCreateKey
HKCU\software\ocs::lastpid chipde RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\ocs::cid 4db09816-7e87-4512-8238-92214b346968 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闳ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃龡^濖̃賬̃ 獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeఆ엦1/¶i ꙥžr֢ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
Network Winsock
  • getaddrinfo
  • getnameinfo
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
User Data Access
  • GetUserObjectInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Other Suspicious
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
Show More
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Process Terminate
  • TerminateProcess

Shell Command Execution

c:\users\user\downloads\d022d48355134945f43030a46d34b203897c8fab_0000843080.exe "c:\users\user\downloads\d022d48355134945f43030a46d34b203897c8fab_0000843080.exe"
"C:\Users\Qgeovfga\AppData\Local\Temp\is-LFK20.tmp\245d69059b6d4b617532516857e110a85af01f68_0006221314.tmp" /SL5="$5003A,5508614,721408,c:\users\user\downloads\245d69059b6d4b617532516857e110a85af01f68_0006221314"
"C:\Users\Qgeovfga\AppData\Local\Temp\is-NHPSP.tmp\Enim.exe" 664ac38c98e4e5b8a35138508373bf7c
c:\users\user\downloads\c627ead025ac4da57e652d095c3e108892ce54ff_0000842000 "c:\users\user\downloads\c627ead025ac4da57e652d095c3e108892ce54ff_0000842000"
c:\users\user\downloads\e9fb0a24f07b119dbce730dc3dc8d5c48bf28ae8_0000857104 "c:\users\user\downloads\e9fb0a24f07b119dbce730dc3dc8d5c48bf28ae8_0000857104"
Show More
c:\users\user\downloads\6246a11777d1b726d8005f396a608ca5c45fcfee_0000833864 "c:\users\user\downloads\6246a11777d1b726d8005f396a608ca5c45fcfee_0000833864"
C:\Users\Jttinjgl\AppData\Local\Temp\OCS\ocs_v71.exe -install -54437584 -chipde -669aa1bb16904649ac1503f9bba63331 - -BLUB2 -xwxmhgjicshvdjmh -1902116
c:\users\user\downloads\b049ba7aaebdb14cc43ecb00387d364e9c6555a9_0000887520 "c:\users\user\downloads\b049ba7aaebdb14cc43ecb00387d364e9c6555a9_0000887520"
C:\Users\Wunphgxa\AppData\Local\Temp\OCS\ocs_v71.exe -install -60828874 -chipde -965132c999b74aaa88d77eb649956a11 - -ChromeBundle -rglounjdngkgqqkh -393584
open C:\Users\Mklouapt\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe __IRAOFF:662050 "__IRAFN:c:\users\user\downloads\f527708496fd73aec6f80a49397469a142a4ae0c_0000824104" "__IRCT:2" "__IRTSS:0" "__IRSID:S-1-5-21-3119368278-1123331430-659265220-1001"

Trending

Most Viewed

Loading...