Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Zusy.AD

Trojan.Zusy.AD

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 1,741
Threat Level: 80 % (High)
Infected Computers: 1,486
First Seen: July 3, 2024
Last Seen: April 1, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Zusy.AD
Signature status: No Signature

Known Samples

MD5: 8114a984d976ff3ee80d0a51c10137b2
SHA1: 3a41c4cc943f8146eb678c88ff41bc3488e71c49
File Size: 9.27 MB, 9267954 bytes
MD5: e487bd43c685d66cda7627105db5554d
SHA1: 363bac499b3dd0275d6df7fa6da5a5df2e57d6d8
File Size: 8.07 MB, 8068475 bytes
MD5: 705b99683caf104b586d860521c7e09c
SHA1: 10bc059a2723042f05715a7b0711d3f95d1b87c9
File Size: 9.96 MB, 9957805 bytes
MD5: 346075b8a0b869cf7b6a6472b09b0e82
SHA1: ebb7834ba4ed1789a5dab5a9de30ba0f9d207441
File Size: 5.13 MB, 5128610 bytes
MD5: 4cbd5c82ebb7f262999de8908d628a32
SHA1: 73df14390b87f569f5a7e101e2a76547b922995e
SHA256: 37E61043EB1B6D4DBAE84C8389C97D85008282ED41C36B9A991E747B80B3B133
File Size: 8.93 MB, 8932679 bytes
Show More
MD5: ac32a8acbb321649e0ec91ad36ad29b6
SHA1: 8e00e1e5925c2ec3c0a5ba0f36f4693b5bc9fecc
SHA256: 463D304839D8111630CEDB3B76ACADD7C3888A7C442DEDF584CE8D621420B2A0
File Size: 7.97 MB, 7972128 bytes
MD5: 0b9b2385078c4dbee20ef294d3c8b543
SHA1: e812eb337ce3d50ff2450e75afa87951938dab8b
SHA256: 24C95C8916877655E95CFBF79AA80C7B1B515334E247109DA54D65E50C66598E
File Size: 2.77 MB, 2771643 bytes
MD5: 0a002e9e2aed0cee21e45f71e9e92c35
SHA1: 5e5c51c7ef2132414cdbdc119db622d54cf3dd2f
SHA256: EDABA10F84396A34E75FD79366B07F8846AF4890A22D6F5F3269143D213CA66F
File Size: 1.07 MB, 1074430 bytes
MD5: 340a143e271c937eeb84babb3a2423ad
SHA1: 839379b488c125df5a212580c25feaf6de3c55c7
SHA256: 3705DB0AF29B5231B654D8B9A140B854EFE82EF074C4A67DAA81050EDFC88042
File Size: 2.68 MB, 2676634 bytes
MD5: 92441f9119cbc34eff7efb123df98630
SHA1: b4e0871d33aaf70d6f04ea753dd0d0f543fae225
SHA256: E3BE213CE8B34F3AFB1EA804E17AC698E5902E095F0BBF25BAA04BB2944B3E4F
File Size: 7.18 MB, 7176235 bytes
MD5: a08261a2a6cc61ecfb9dd0c931e16c3b
SHA1: 660b6226e8356417f7264a066a08495de0090c2f
SHA256: A8BC052453685C7446FEA8F5A9534DBEA942AFB4E68065639B152F10E17A2ABB
File Size: 7.45 MB, 7454691 bytes
MD5: a1a9132765ebf89a8478d7afe28e82a9
SHA1: 7e75ce45d6b38f0c7e3d51d0bb56a01fd24d9f7d
SHA256: 6F0BD394BBF1AC0BD9F8AD84596EADEC687707E2BA765E33055596C3BB02B66B
File Size: 7.66 MB, 7662537 bytes
MD5: d33fe9a0bc9b9aabb9922d91414cbd12
SHA1: 5daa66d234095ceef98b312ed035020b0ea7f92f
SHA256: 77DE63C9558F7383BCBB29BDFC5F42730E626E460895F2EC4C1F561826A571F0
File Size: 1.84 MB, 1837774 bytes
MD5: dd16265944e1077370eab4c900ec7c63
SHA1: dab2632f810bee30ef3ce365cd33f6e3f2d5662b
SHA256: C70F41CDC9E0499EF04A782C38F92F14BE02E4B1848000E86A6CB14ACE0FB00F
File Size: 6.44 MB, 6441430 bytes
MD5: e00271e1665864692bbd372045c7ddde
SHA1: d1828174aed242f769eb756868feda1fbb548051
SHA256: B9F425AB26CA6671FB0E30E00CAF81F1C3E7B913B9E7C55348522B0B925DF159
File Size: 7.05 MB, 7046100 bytes
MD5: d432afec7aa17face8e54c4706156aa3
SHA1: eb543b33fab68b404827c5962436f0746660dab6
SHA256: 72C95104102544ACF8500145F31018B76A39A77B59F517DAB5C4FEC3D01F0DA7
File Size: 7.99 MB, 7985546 bytes
MD5: 6117676afb911f9b0bd8b4cf76f916f6
SHA1: 925f1a1c51ef6017e46f2c5ddfd4730cd5e40aa1
SHA256: C1528728BE9631B2B57E14DD3D3590129BB4911DC95EB57D406E00A7816B9677
File Size: 9.23 MB, 9225080 bytes
MD5: ee19df0aadf8ff589eb87a08dabd7cb8
SHA1: ab52d7c7e777cd267bd099f2cb99d3a61478f04d
SHA256: 9436EAF65DB1749A6A16E128335FE856C4D1E5CBB8F2312E925178F6A71C0205
File Size: 1.62 MB, 1616826 bytes
MD5: fed36c764a8df1e4b08f0fc7c585a1c1
SHA1: a653927585ee4df641b517f29300d897b8b0192e
SHA256: 1B273436D45518FF6611B468F202DF089C2AFE4CB54C0AEBD3982D476D61A4C3
File Size: 7.55 MB, 7549778 bytes
MD5: e7acbfb5b904ed3f8a26d19b2a0b504a
SHA1: 73575cc179ee2bbe6e6d55fa3e3500ce60a69361
SHA256: 09A3F0D6CD8C46E49A2E208BF405E79F4CF26D2D5406FD5142C325F3A30B3B44
File Size: 8.60 MB, 8597156 bytes
MD5: e9b9697da31438e0645f977c581b235d
SHA1: 0d60896f1ec251e19d903fc695ea5fa96c5294f5
SHA256: 2C13AEC3FBD9A7800AFC2408FE8587E7AE201B4ADF0C29152715552BA3006A1E
File Size: 8.54 MB, 8543712 bytes
MD5: d212b7a2bc91d01b990ed9ee1721001c
SHA1: 2dac757c916379e2ca642154a97206b0f4ea2eef
SHA256: BCC782F39381F7B0399F9CDD9407DDC4D731FA363B46E39113CEE3333EEE0BB3
File Size: 8.41 MB, 8410752 bytes
MD5: 0400e582d8432c14103d9e21b4b88dd8
SHA1: da539d843d666f0fe39ea7634e943fbcccc37498
SHA256: 8C9A972A38B6DD0C1643180B00F6573A99FAADB19B9DAAC26A7B8CE20D6567B8
File Size: 7.87 MB, 7869741 bytes
MD5: 17c7b93823f41193826f9fdcea3627f8
SHA1: cfd268b9da82c5f0ecfd8df5872a19a2dedc89e8
SHA256: 5855CB99105F0EF67F779C92CB6510C9D5BB0EAF4C20554FCA7113A9780068E8
File Size: 3.70 MB, 3695433 bytes
MD5: d0fca17c38280e921d848873109bfe07
SHA1: bd366273d1a95ba633b6c45e46bb122278c8e870
SHA256: 912DBB4B00BE4B5916F2F230A95F3F2BFC35FB13E36C48681CC7E3FDF5A44B0B
File Size: 8.08 MB, 8076604 bytes
MD5: 2f9210aea7f07ebcd7a724f98fefc49c
SHA1: 5abe8657aafa2e42951c8ca94d3fe5e1a992bcc4
SHA256: A6607D91A705E73F3DF71586B2B6FD33F2B743F59F329C6DD8DF1248B774571F
File Size: 8.46 MB, 8457658 bytes
MD5: 3cfef975a583f4a0984304854de91529
SHA1: d8fc98e70ade408e7f326c9e48168e12c3aa4777
SHA256: 3DC37996902EFBD251B61A7AA13955D1034621500F92F0872C4D8A69810563E2
File Size: 8.55 MB, 8550882 bytes
MD5: bcd7cf54b9514d5b94151a31b7dd2b77
SHA1: a30476460fa5935706bf108165badef8402c7040
SHA256: 3E8EEDF3E284D978B15F543A7D8046BF9F3758E05CB64220801EDBE802A5100E
File Size: 7.97 MB, 7965871 bytes
MD5: 26577f0825ccd499d5056d5a3ebab3e2
SHA1: 75d7fe0eae5fd78c18c0ec6c4d25d3751cb30053
SHA256: D764618EE53CD150A97EC14930EC2EBB6E42A1925FDCBE40C7E76B2125221556
File Size: 5.57 MB, 5574354 bytes
MD5: 76d5e78d94d9ff4f30e4c752821ed5d0
SHA1: f4078435c803cdd592fff180e787046403afa8a3
SHA256: D2546C39F657BED52B1B6AF6DDA0F689AD651F31279E92934A7A91E58BF47DED
File Size: 9.45 MB, 9449673 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • ithcy
  • shaun
File Description
  • mkvcleaner
  • Stereo Installation Program for Discord
File Version
  • 1.00
  • 1.0.3-pre
  • 1.0.1
Internal Name
  • mkvcleaner
  • myapp
  • TJprojMain
Legal Copyright
  • Released under the MIT License https://opensource.org/license/mit
  • © sh6un 2025
Original Filename
  • mkvcleaner
  • TJprojMain.exe
Product Name
  • mkvcleaner
  • Project1
Product Version
  • 1.00
  • 1.0.3-pre
  • 1.0.1

File Traits

  • GetConsoleWindow
  • Installer Version
  • No Version Info
  • Py-installer
  • x64
  • zlib (In Overlay)
  • zlib overlay

Block Information

Total Blocks: 865
Potentially Malicious Blocks: 11
Whitelisted Blocks: 854
Unknown Blocks: 0

Visual Map

0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\_mei10722\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\langcodes\data\language-subtag-registry.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\langcodes\py.typed Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\langcodes\tests\readme.md Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\_mei10722\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\python312.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10722\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\python312.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10842\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-console-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-datetime-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-debug-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-errorhandling-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-file-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-file-l1-2-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-file-l2-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-handle-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-heap-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-interlocked-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-libraryloader-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-localization-l1-2-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-memory-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-namedpipe-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-processenvironment-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-processthreads-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-processthreads-l1-1-1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-profile-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-rtlsupport-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-string-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-synch-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-synch-l1-2-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-sysinfo-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-timezone-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-core-util-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-conio-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-convert-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-environment-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-filesystem-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-heap-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-locale-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-math-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-process-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-runtime-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-stdio-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-string-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-time-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\api-ms-win-crt-utility-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\certifi\cacert.pem Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\certifi\py.typed Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\charset_normalizer\md.cp312-win_amd64.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\charset_normalizer\md__mypyc.cp312-win_amd64.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\libssl-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\python312.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\ucrtbase.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei10922\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\_ssl.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\certifi\cacert.pem Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\certifi\py.typed Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\charset_normalizer\md.cp312-win_amd64.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\charset_normalizer\md__mypyc.cp312-win_amd64.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\coincurve\_libsecp256k1.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\libssl-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\py.typed Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\chinese_simplified.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\chinese_traditional.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\czech.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\english.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\french.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\italian.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\japanese.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\korean.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\portuguese.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\russian.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\spanish.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\mnemonic\wordlist\turkish.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\python3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\python312.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11042\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-console-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-datetime-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-debug-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-errorhandling-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-file-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-file-l1-2-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-file-l2-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-handle-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-heap-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-interlocked-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-libraryloader-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-localization-l1-2-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-memory-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-namedpipe-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-processenvironment-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-processthreads-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-processthreads-l1-1-1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-profile-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-rtlsupport-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-string-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-synch-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-synch-l1-2-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-sysinfo-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-timezone-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-core-util-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-conio-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-convert-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-environment-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-filesystem-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-heap-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-locale-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-math-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-process-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-runtime-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-stdio-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-string-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-time-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\api-ms-win-crt-utility-l1-1-0.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\python312.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\ucrtbase.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei1122\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\python311.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei11282\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\langcodes\data\language-subtag-registry.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\langcodes\py.typed Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\langcodes\tests\readme.md Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\python312.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12322\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12402\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12402\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12402\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12402\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12402\_queue.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei12402\_socket.pyd Generic Write,Read Attributes

5869 additional files are not displayed above.

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtFreeVirtualMemory
Show More
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

c:\users\user\downloads\363bac499b3dd0275d6df7fa6da5a5df2e57d6d8_0008068475.exe "c:\users\user\downloads\363bac499b3dd0275d6df7fa6da5a5df2e57d6d8_0008068475.exe"
c:\users\user\downloads\10bc059a2723042f05715a7b0711d3f95d1b87c9_0009957805.exe "c:\users\user\downloads\10bc059a2723042f05715a7b0711d3f95d1b87c9_0009957805.exe"
c:\users\user\downloads\73df14390b87f569f5a7e101e2a76547b922995e_0008932679 "c:\users\user\downloads\73df14390b87f569f5a7e101e2a76547b922995e_0008932679"
c:\users\user\downloads\8e00e1e5925c2ec3c0a5ba0f36f4693b5bc9fecc_0007972128 "c:\users\user\downloads\8e00e1e5925c2ec3c0a5ba0f36f4693b5bc9fecc_0007972128"
c:\users\user\downloads\b4e0871d33aaf70d6f04ea753dd0d0f543fae225_0007176235 "c:\users\user\downloads\b4e0871d33aaf70d6f04ea753dd0d0f543fae225_0007176235"
Show More
c:\users\user\downloads\660b6226e8356417f7264a066a08495de0090c2f_0007454691 "c:\users\user\downloads\660b6226e8356417f7264a066a08495de0090c2f_0007454691"
c:\users\user\downloads\7e75ce45d6b38f0c7e3d51d0bb56a01fd24d9f7d_0007662537 "c:\users\user\downloads\7e75ce45d6b38f0c7e3d51d0bb56a01fd24d9f7d_0007662537"
c:\users\user\downloads\d1828174aed242f769eb756868feda1fbb548051_0007046100 "c:\users\user\downloads\d1828174aed242f769eb756868feda1fbb548051_0007046100"
c:\users\user\downloads\eb543b33fab68b404827c5962436f0746660dab6_0007985546 "c:\users\user\downloads\eb543b33fab68b404827c5962436f0746660dab6_0007985546"
c:\users\user\downloads\925f1a1c51ef6017e46f2c5ddfd4730cd5e40aa1_0009225080 "c:\users\user\downloads\925f1a1c51ef6017e46f2c5ddfd4730cd5e40aa1_0009225080"
c:\users\user\downloads\a653927585ee4df641b517f29300d897b8b0192e_0007549778 "c:\users\user\downloads\a653927585ee4df641b517f29300d897b8b0192e_0007549778"
c:\users\user\downloads\73575cc179ee2bbe6e6d55fa3e3500ce60a69361_0008597156 "c:\users\user\downloads\73575cc179ee2bbe6e6d55fa3e3500ce60a69361_0008597156"
c:\users\user\downloads\2dac757c916379e2ca642154a97206b0f4ea2eef_0008410752 "c:\users\user\downloads\2dac757c916379e2ca642154a97206b0f4ea2eef_0008410752"
c:\users\user\downloads\da539d843d666f0fe39ea7634e943fbcccc37498_0007869741 "c:\users\user\downloads\da539d843d666f0fe39ea7634e943fbcccc37498_0007869741"
c:\users\user\downloads\bd366273d1a95ba633b6c45e46bb122278c8e870_0008076604 "c:\users\user\downloads\bd366273d1a95ba633b6c45e46bb122278c8e870_0008076604"
c:\users\user\downloads\5abe8657aafa2e42951c8ca94d3fe5e1a992bcc4_0008457658 "c:\users\user\downloads\5abe8657aafa2e42951c8ca94d3fe5e1a992bcc4_0008457658"
c:\users\user\downloads\d8fc98e70ade408e7f326c9e48168e12c3aa4777_0008550882 "c:\users\user\downloads\d8fc98e70ade408e7f326c9e48168e12c3aa4777_0008550882"
c:\users\user\downloads\a30476460fa5935706bf108165badef8402c7040_0007965871 "c:\users\user\downloads\a30476460fa5935706bf108165badef8402c7040_0007965871"
c:\users\user\downloads\f4078435c803cdd592fff180e787046403afa8a3_0009449673 "c:\users\user\downloads\f4078435c803cdd592fff180e787046403afa8a3_0009449673"

Trending

Most Viewed

Loading...