Multi-License Discount Quote

Change Region

English
Threat Database HEUR Malware HEUR.Malware.FakeDoc.Generic

HEUR.Malware.FakeDoc.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank: 467
Threat Level: 100 % (High)
Infected Computers: 77,895
First Seen: March 20, 2021
Last Seen: April 15, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: HEUR.Malware.FakeDoc.Generic
Signature status: No Signature

Known Samples

MD5: 6bdc15a7dd5f6e356afc22801192b6a3
SHA1: a1f3778b5d6a2fbfe60158a820d8473e281f1a77
File Size: 85.50 KB, 85504 bytes
MD5: f1afe8ac241c4e53b62cdd0dd090d7e6
SHA1: f099aeea235efe639f39a96b4562af901a410df4
SHA256: 8BB37EB09E14ED5C528815FAC15C860FADAFAED18345FAC60E5A286386002908
File Size: 1.85 MB, 1849935 bytes
MD5: e4b276f4a7e604fb0cc5ce28dc5fbac4
SHA1: 7a0620f55c5a9a0036a76e9919a74f2d448d5b46
SHA256: DE2A15B78C02120E2729F0B4B04BE9B450EA7DEA9B3D0E169724F37ABE56E302
File Size: 1.58 MB, 1576960 bytes
MD5: dce4630acec4672d24d53a05ab76e73d
SHA1: 86194dfa40ee47bcf05e91df2afe335875fd7a49
SHA256: 5DD29AB09FF29811C4B152C74788E0A9782B7BD64C9A998E3E5F09E16F079FA4
File Size: 2.74 MB, 2741575 bytes
MD5: 5fb6c5de9a8545dcb928c5ae856e0551
SHA1: 8bbc2b3c13e6b3cf5cef757954e213eeb877c22e
SHA256: 5A32E6AEE7AF73D93C2663F6B1991CAA0EBEB6BEBFF61C798761669E88F8431F
File Size: 1.62 MB, 1617408 bytes
Show More
MD5: a77064aa5244491193e1076c8e6e2fdf
SHA1: 6ad29c699a44b87dc68ee195878afd0532823ccf
SHA256: E509E8B964E833F40755B8D21B4C0C34C84C3C9AC307CA64BA6EC9774C34D3E3
File Size: 575.49 KB, 575488 bytes
MD5: 5e8b24ad82767d2d2865cd2de4d1d8e8
SHA1: ca891c8ec257d3246b5f35dd58aeba68e573df7b
SHA256: E93683F61CF5F0BC491D7C7398D925C9AD340CFDD45832D9D6C6EBF4E1C40ED5
File Size: 5.46 MB, 5462301 bytes
MD5: 5a8cb1cdfe1ebdf2ddfa5b49583e474a
SHA1: c85b60c954b5a4e468e4696eaf58b013d31a8824
SHA256: 281D2B08888952D1C159A3F5676731E8C7A6CF1A1208C98F99C532AD5467E807
File Size: 61.44 KB, 61440 bytes
MD5: 3372c16041d1345d826158fbc6a14cfb
SHA1: 26eed8d48dc3362cd3436c3a0324cc1141fcc251
SHA256: 0780C179E185E35FF03A918C59FFE9BCAB19658DD6CF9BA08D4991B22A191E2B
File Size: 1.64 MB, 1644544 bytes
MD5: 32eb9d3d7958d2e7f23543dbfb2ab44b
SHA1: 6a6da555f7a7a45f976f6850cea0eb524fdc636a
SHA256: 9CF416196E329F28980E9A4FD9BB48B8CA8ADA08AEE0E4296B9D6BA599912359
File Size: 1.62 MB, 1617408 bytes
MD5: 07d5641b82992db5690388dc418cc432
SHA1: dc12bfa0de99015eeb2487aa391ea70af6f59cbf
SHA256: 9D75A93ECE3BBA3FE1B0CFB4F59F40F2899F64D85DE3A8D2014779EA4E44C0E3
File Size: 1.62 MB, 1617920 bytes
MD5: d433d6693657c4ea38f4a049dc4fddac
SHA1: 938a94e9edec146f0c094faa0929d971b3876def
SHA256: EAA6EDEFE14B28FB1B2649E846BE88C93FD8109586B9FB76374A696114EECD5E
File Size: 572.93 KB, 572928 bytes
MD5: 455f92df8ea10307e32767c1d73c167d
SHA1: 8df4d32e5a4a2f33a6318da707ccc91f595f0ebc
SHA256: 102402BA126C8782C7A1693B667CC3F8EFF751FF066653B225E1A17F085C0A4A
File Size: 3.32 MB, 3319357 bytes
MD5: ada5ed7bf18564bd983ae1ef19dd68f1
SHA1: 9da245b75f2af2a9b60f19aae9de159eb899d9f3
SHA256: E056FABD463F2F447EB62E233B98A7A252392D54F6CA4FE151A8EE316955911E
File Size: 9.56 MB, 9559818 bytes
MD5: 96b94dd920c27e4e3ef2ae59dbce5f30
SHA1: bd5747c404754e4ca88dd1afef961f855eba88b4
SHA256: C1A6F9DEF2CDA5766A089BED8BA1B4D34DF22ED9A07261429CCA0D6E94932511
File Size: 465.92 KB, 465920 bytes
MD5: 7132c4b85721fc6d19ceac0cedee5834
SHA1: 4c74feec9c8751f12239d87b57e560a9a86f56fe
SHA256: 07C01E16614C0F4BF022E16B7D235E7D5A3E8FE0F1A1E77E76E8F04CBB3EF9C8
File Size: 1.20 MB, 1198080 bytes
MD5: 9eed796c6351e080a9df147c801b1d4a
SHA1: 1545ddcdf98aa29f035a078c0c338c51cf89238c
SHA256: FBC353225EC1E74059F4579A9F23FADDFF1CAE28A13C3ABB559DB60486484FD3
File Size: 1.62 MB, 1617408 bytes
MD5: 808d1dcf2632cfd708994765bc546699
SHA1: 34fca6255bed64ef0f8c47cad5fa999501dc432d
SHA256: C57A6BF90D86081978BA7A7644868E4DDE7E88079A002DC67F9D515D947883DC
File Size: 451.17 KB, 451170 bytes
MD5: deed998147217f53ab4c21001b88e57a
SHA1: c7e33c137aaad1c59c67c35cda5c3b9da0833f63
SHA256: EC3ED7A080FDA52CC2CD226F4086CFE3DE9B1641D60755AB23100ACB33ECE2FC
File Size: 8.72 MB, 8720900 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

21 additional icons are not displayed above.

Windows PE Version Information

Name Value
Assembly Version 1.0.1.2
Comments
  • Geacata
  • This installation was built with Inno Setup.
Company Name
  • Flexera Software LLC
  • Future systems AI
  • Microsoft
  • Microsoft Corporation
  • Microsoft Corporation
  • Orlando's VBA and Excel Site
  • Project Brick
  • VMware, Inc.
  • VOICELIVEEDITOR.COM
  • Windows
Debugger 0
File Description
  • CostQuest-GoQVLU Setup
  • Geacata
  • InstallShield
  • Mata Nui Online Game
  • Microsoft Word
  • Nvidia nvapi library, version. nvidia optix ray tracing engi
  • QuizInterativo
  • Setup/Uninstall
  • VMware Horizon Stub Application Launcher 32-bit
  • VMware Horizon Stub Application Launcher 64-bit
Show More
  • Word application converted by DOCtoEXE utility.
File Version
  • 70.22.98
  • 51.1052.0.0
  • 23.0.288
  • 16.0.17932.20602
  • 16.0.17231.20182
  • 16.0.14332.20461
  • 16.0.14326.20454
  • 8.13.1 build-11490723527
  • 8.13.0 build-9986028157
  • 8.5.0 build-19543108
Show More
  • 2.00.0001
  • 1.3.0
  • 1.09.0005
  • 1.00
  • 1.0.1.2
Internal Build Number 169350
Internal Name
  • Braggat0
  • DOCtoEXE
  • Mata Nui Online Game
  • QuizInterativo.exe
  • vmware-appstub.exe
  • Win
  • WinWord
  • _IsIcoRes.exe
Legal Copyright
  • Copyright (c) 2016 Flexera Software LLC. All Rights Reserved.
  • Copyright 2001 The LEGO Group and Templar Studios LLC. Unofficial release by Project Brick.
  • Copyright © 1998-2022 VMware, Inc.
  • Copyright © 1998-2024 VMware, Inc.
  • Copyright © 2003-2011 Fco Orlando Magalhaes Filho. All rights reserved.
  • Copyright © 2009-2023 Ian Cowdery (VoiceLiveEditor.com)
  • Copyright © 2013 Future systems AI
  • Copyright © 2016
  • Microsoft Corporation. All rights reserved.
Legal Trademarks Microsoft® Word is a registered trademark of Microsoft Corporation.
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Original Filename
  • Braggat0.exe
  • DOCtoEXE.exe
  • Mata Nui Online Game.exe
  • QuizInterativo.exe
  • vmware-appstub.exe
  • Win.exe
  • WinWord.exe
  • _IsIcoRes.exe
Product Name
  • aocl64
  • CostQuest-GoQVLU
  • DOCtoEXE
  • InstallShield
  • Mata Nui Online Game
  • Microsoft Office
  • Orphancy
  • QuizInterativo
  • VL3 Editor (Free Edition)
  • VMware Horizon View
Show More
  • Win
Product Version
  • 70.22.98
  • 23.0
  • 16.0.17932.20602
  • 16.0.17231.20182
  • 16.0.14332.20461
  • 16.0.14326.20454
  • 10.0.14393.01
  • 8.13.1 build-11490723527
  • 8.13.0 build-9986028157
  • 8.5.0 build-19543108
Show More
  • 2.00.0001
  • 1.9.1.g
  • 1.3
  • 1.09.0005
  • 1.00
  • 1.0.1.2

File Traits

  • .NET
  • 2+ executable sections
  • big overlay
  • GetConsoleWindow
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • No Version Info
Show More
  • Py-installer
  • vb6
  • VirtualQueryEx
  • x64
  • x86
  • zlib (In Overlay)
  • zlib overlay

Block Information

Total Blocks: 2,280
Potentially Malicious Blocks: 23
Whitelisted Blocks: 2,250
Unknown Blocks: 7

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FDD
  • Emotet.CDD
  • FakeDoc.A
  • Injector.AK
  • Innomod.A
Show More
  • Lumma.GFD
  • Mint.B
  • PSW.Delf.A
  • Rugmi.IA
  • Sheloader.A
  • Stealer.KF

Files Modified

File Attributes
\device\namedpipe\46a9cbd7-15c4-44d7-a660-dd80f2816db6 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1559924177.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\1559924177.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\1559924177.tmp Synchronize,Write Data
c:\users\user\appdata\local\temp\_mei30042\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_hashlib.pyd Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\_mei30042\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\_elementpath.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\builder.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\etree.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\html\diff.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\rng\iso-schematron.rng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_abstract_expand.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_dsdl_include.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_message.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_skeleton_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_svrl_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\rng2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\isoschematron\resources\xsl\xsd2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\objectify.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\lxml\sax.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\python39.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei30042\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\_elementpath.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\builder.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\etree.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\html\diff.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\rng\iso-schematron.rng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_abstract_expand.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_dsdl_include.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_message.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_skeleton_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_svrl_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\rng2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\isoschematron\resources\xsl\xsd2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\objectify.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\lxml\sax.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\python39.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei31802\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\_elementpath.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\builder.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\etree.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\html\diff.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\rng\iso-schematron.rng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_abstract_expand.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_dsdl_include.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_message.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_skeleton_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_svrl_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\rng2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\isoschematron\resources\xsl\xsd2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\objectify.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\lxml\sax.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\python39.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei38802\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\lxml\_elementpath.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\lxml\builder.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\lxml\etree.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\lxml\html\diff.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei55682\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\_elementpath.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\builder.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\etree.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\html\diff.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\rng\iso-schematron.rng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_abstract_expand.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_dsdl_include.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_message.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_skeleton_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_svrl_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\rng2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\isoschematron\resources\xsl\xsd2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\objectify.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\lxml\sax.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\python39.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei75202\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_asyncio.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_multiprocessing.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_overlapped.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\libcrypto-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\libffi-7.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\libssl-1_1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\_elementpath.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\builder.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\etree.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\html\diff.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\rng\iso-schematron.rng Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_abstract_expand.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_dsdl_include.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_message.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_schematron_skeleton_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\iso_svrl_for_xslt1.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\rng2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\isoschematron\resources\xsl\xsd2schtrn.xsl Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\objectify.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\lxml\sax.cp39-win32.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\pyexpat.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\python39.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei77202\vcruntime140.dll Generic Write,Read Attributes

47 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 풡ȁ℄龡^Ũ紘Çƍ獖}Ű좟Ê RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 墥Œĸ⬉ʾ鈉øꌉĶꄍ阎Ľ鬎ʂ먎ÍԏÞ阐†䈑Âø밓Ɣ똕ĥ츕ë䈛x䤝Ē猟ɢ䀣ʲ찣ŏ갤Ç숤ʨ春ʐ븥ė椧ĒꄨěสĹ뜪Ģ윪Þ㴬倰ĥ䠱Oⰵɝ혺ɲ츻Ĵ噀ñ끀Ī덂®䡆¶賂¦홌ʅ቎ĤÁꝒª穔R띔Ü录Ī乖ʗ瑜ť፡Ĥ陣w걣ʛづŔ퍥h坧ʡ㹭ŃŁ詰ʜ䁱£ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::mls "C:\Users\Rhrjjosw\AppData\Roaming\RAC\mls.exe" -s RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\program files (x86)\windows nt\accessories\wordpad.exe.friendlyappname WordPad RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\program files (x86)\windows nt\accessories\wordpad.exe.applicationcompany Microsoft Corporation RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::wrap  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::showstatusbar  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::showruler  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::units RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::maximized RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::framerect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::pagemargin ܈֠܈֠ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::printpagenum  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::defaultformat  RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecute
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryInformationThread
Show More
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Anti Debug
  • OutputDebugString
Network Winsock2
  • WSAStartup
Process Manipulation Evasion
  • NtUnmapViewOfSection
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • socket

Shell Command Execution

c:\users\user\downloads\a1f3778b5d6a2fbfe60158a820d8473e281f1a77_0000085504\a1f3778b5d6a2fbfe60158a820d8473e281f1a77_0000085504.exe c:\users\user\downloads\a1f3778b5d6a2fbfe60158a820d8473e281f1a77_0000085504\a1f3778b5d6a2fbfe60158a820d8473e281f1a77_0000085504.exe
"C:\Users\Fcbasvur\AppData\Local\Temp\is-LGR4I.tmp\ca891c8ec257d3246b5f35dd58aeba68e573df7b_0005462301.tmp" /SL5="$40056,1455905,914944,c:\users\user\downloads\ca891c8ec257d3246b5f35dd58aeba68e573df7b_0005462301"
(NULL) c:\users\user\downloads\ca891c8ec257d3246b5f35dd58aeba68e573df7b_0005462301 /VERYSILENT /PASSWORD=e7c7ea58-26a5-4bd2-a4b6-9f832237233e
open 26eed8d48dc3362cd3436c3a0324cc1141fcc251_0001644544.docx
open C:\Users\Rhrjjosw\AppData\Roaming\RAC\mls.exe -s
Show More
c:\users\user\downloads\9da245b75f2af2a9b60f19aae9de159eb899d9f3_0009559818 "c:\users\user\downloads\9da245b75f2af2a9b60f19aae9de159eb899d9f3_0009559818"
"C:\Users\Zbrmuafe\AppData\Local\Temp\is-YW2WBSGA95.tmp\c7e33c137aaad1c59c67c35cda5c3b9da0833f63_0008720900.tmp" /SL5="$5032E,2386886,992768,c:\users\user\downloads\c7e33c137aaad1c59c67c35cda5c3b9da0833f63_0008720900"
(NULL) c:\users\user\downloads\c7e33c137aaad1c59c67c35cda5c3b9da0833f63_0008720900 /VERYSILENT /PASSWORD=957bc87b-5058-4bb8-a815-9e59092ede20

Trending

Most Viewed

Loading...