Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Downloader.Gen.BY

Trojan.Downloader.Gen.BY

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 10,657
Threat Level: 80 % (High)
Infected Computers: 12
First Seen: November 27, 2025
Last Seen: April 28, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Downloader.Gen.BY
Signature status: Hash Mismatch

Known Samples

MD5: b6299145009e19412777b20cbbf99771
SHA1: 2c3517d490792a52b1e283457a1d31c417ba5e37
SHA256: 6DA36358A6D614BD0C98973EE18B7963054C7EF085414E7E45F110FA9308EF74
File Size: 3.72 MB, 3722050 bytes
MD5: 8bb477ca7228f99ec3cbff5e5de1d848
SHA1: 35c42cac5dae0f0b712efb295ba1b54b90ae2340
SHA256: C97A902271CF980DBA5DD009936216F7CE153CAA51FBEAADC45E5FAFC8BD9821
File Size: 454.53 KB, 454528 bytes
MD5: 48b2633a065ca36c2a8053c1c9c3b48a
SHA1: 06da1af4e4b7219e7dc57b548221f5bd7555dd85
SHA256: D287DEEAA808E488F882395D66D87C31BA9B5DCEA90BE75728FBEC3F5FDD7CBF
File Size: 1.57 MB, 1573648 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments This installation was built with Inno Setup.
Company Name Microsoft Corporation
Division Name Natural Language Group
File Description
  • Natural Language Thesaurus Service
  • Sputum Setup
  • Tenorshare SoftwareLog Library
File Version
  • 14.0.4763.1000
  • 8.3.0.0
  • 3,0,0,82
Internal Name
  • msth7fr
  • SoftwareLog.dll
Legal Copyright
  • Copyright (c) 2007-2021 Tenorshare Co.,Ltd.
  • © 2010 Microsoft Corporation. All rights reserved.
Legal Trademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2 Windows® is a registered trademark of Microsoft Corporation.
Original Filename
  • msth7fr.dll
  • SoftwareLog.dll
Product Name
  • Natural Language Components
  • Sputum
  • Tenorshare Product Library
Product Version
  • 14.0.4763.1000
  • 7.6
  • 3,0,0,82

Digital Signatures

Signer Root Status
Tenorshare Co., Ltd. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Tenorshare Co., Ltd. DigiCert Trusted Root G4 Hash Mismatch
Microsoft Corporation Microsoft Code Signing PCA Hash Mismatch

File Traits

  • dll
  • x64

Block Information

Total Blocks: 6,049
Potentially Malicious Blocks: 6
Whitelisted Blocks: 5,857
Unknown Blocks: 186

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 ? 0 ? ? ? 0 0 ? 0 0 0 ? 0 0 0 0 0 ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 0 0 1 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 ? 0 0 0 0 0 0 0 0 0 0 x 1 1 0 0 0 0 0 0 0 ? 0 0 0 0 0 1 0 0 0 0 ? ? 0 0 ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 ? 0 ? ? ? 0 ? x 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 ? 0 0 0 ? 0 0 0 0 0 0 ? 0 ? ? ? 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 ? 0 ? ? ? ? ? 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? 0 ? 0 0 ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? 0 ? 0 ? 0 ? 0 0 0 ? ? 0 ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? ? 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 x ? x ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Rugmi.IFA

Files Modified

File Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\_isetup\_setup64.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-7pgmd.tmp\adapter_ext.rc Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\facomp10.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\frameworkbase.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\hashrate_architect.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\msvcp140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\nativecontrols8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\runtimectx77.sys Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-7pgmd.tmp\vcruntime140_1.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\is-amokk.tmp\2c3517d490792a52b1e283457a1d31c417ba5e37_0003722050.tmp Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\.sng:: Song File RegNtPreCreateKey
HKLM\software\classes\.sng::content type nTrack/song RegNtPreCreateKey
HKLM\software\classes\song file:: n-Track Studio Song File RegNtPreCreateKey
HKLM\software\classes\song file\defaulticon:: C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe,2 RegNtPreCreateKey
HKLM\software\classes\song file\shell:: open,shell,command RegNtPreCreateKey
HKLM\software\classes\song file\shell\command:: Command RegNtPreCreateKey
HKLM\software\classes\song file\shell\command\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\song file\shell\open:: &Open RegNtPreCreateKey
HKLM\software\classes\song file\shell\open\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\song file\shell\shell:: Shell RegNtPreCreateKey
Show More
HKLM\software\classes\song file\shell\shell\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\.sgw:: Song File RegNtPreCreateKey
HKLM\software\classes\.sgw::content type nTrack/song RegNtPreCreateKey
HKLM\software\classes\song file:: n-Track Studio Song File RegNtPreCreateKey
HKLM\software\classes\song file\defaulticon:: C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe,2 RegNtPreCreateKey
HKLM\software\classes\song file\shell:: open,shell,command RegNtPreCreateKey
HKLM\software\classes\song file\shell\command:: Command RegNtPreCreateKey
HKLM\software\classes\song file\shell\command\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\song file\shell\open:: &Open RegNtPreCreateKey
HKLM\software\classes\song file\shell\open\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\song file\shell\shell:: Shell RegNtPreCreateKey
HKLM\software\classes\song file\shell\shell\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\.sngw:: Song File RegNtPreCreateKey
HKLM\software\classes\.sngw::content type nTrack/song RegNtPreCreateKey
HKLM\software\classes\song file:: n-Track Studio Song File RegNtPreCreateKey
HKLM\software\classes\song file\defaulticon:: C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe,2 RegNtPreCreateKey
HKLM\software\classes\song file\shell:: open,shell,command RegNtPreCreateKey
HKLM\software\classes\song file\shell\command:: Command RegNtPreCreateKey
HKLM\software\classes\song file\shell\command\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\song file\shell\open:: &Open RegNtPreCreateKey
HKLM\software\classes\song file\shell\open\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\song file\shell\shell:: Shell RegNtPreCreateKey
HKLM\software\classes\song file\shell\shell\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\.npk:: Peak file RegNtPreCreateKey
HKLM\software\classes\.npk::content type nTrack/peak RegNtPreCreateKey
HKLM\software\classes\peak file:: n-Track Studio wav peak file RegNtPreCreateKey
HKLM\software\classes\peak file\defaulticon:: C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe,3 RegNtPreCreateKey
HKLM\software\classes\peak file\shell:: open,shell,command RegNtPreCreateKey
HKLM\software\classes\peak file\shell\command:: Command RegNtPreCreateKey
HKLM\software\classes\peak file\shell\command\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\peak file\shell\open:: &Open RegNtPreCreateKey
HKLM\software\classes\peak file\shell\open\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey
HKLM\software\classes\peak file\shell\shell:: Shell RegNtPreCreateKey
HKLM\software\classes\peak file\shell\shell\command:: "C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\ntrack.exe" "%1" RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
Show More
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

"C:\Users\Yiqmqzof\AppData\Local\Temp\is-AMOKK.tmp\2c3517d490792a52b1e283457a1d31c417ba5e37_0003722050.tmp" /SL5="$120344,3334215,121344,c:\users\user\downloads\2c3517d490792a52b1e283457a1d31c417ba5e37_0003722050"
"C:\Users\Yiqmqzof\AppData\Local\Temp\is-7PGMD.tmp\Hashrate_Architect.exe"

Trending

Most Viewed

Loading...