MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CoinMiner


Vendor detections: 18


Intelligence 18 IOCs 1 YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b
SHA3-384 hash: 1c7aa69915e1f4734402b9448043346212564c44eef0c030bff4f07eb5cbb1660deb302ed1a72ec05527a77f0c847088
SHA1 hash: 67f826741439f083c69e2550471da3e1b0ee39ae
MD5 hash: 3d5d092c0a6a0bc5b38ec2d063ee5363
humanhash: network-harry-juliet-thirteen
File name:3d5d092c0a6a0bc5b38ec2d063ee5363.exe
Download: download sample
Signature CoinMiner
Create hunting rule
File size:4'951'552 bytes
First seen:2025-07-29 15:06:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 98304:ociBP9k8gVI4qzDSAo8IPOKom08qkh6/GLt4zkbmIRrKKueUf9HXQ:oc2P9zZrSADTmZ6/GRWQqeUfxXQ
Threatray 1'812 similar samples on MalwareBazaar
TLSH T15B363307A7E41176FCBC1BB951B7038719AB38A1B7A2CA561E26390F2D717F060747A3
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10522/11/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter abuse_ch
Tags:CoinMiner exe


Avatar
abuse_ch
CoinMiner C2:
196.251.88.52:66

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
196.251.88.52:66 https://threatfox.abuse.ch/ioc/1562047/

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
_83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b.exe
Verdict:
Malicious activity
Analysis date:
2025-07-29 15:17:25 UTC
Tags:
lumma stealer amadey botnet loader arch-exec rdp asyncrat
Link:
https://app.any.run/tasks/e8481d99-4571-4243-a740-faa9cff2fe3e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Lumma
Create hunting rule
Link:
https://www.capesandbox.com/analysis/17601/
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

Win.Packed.Nanocore-9942160-0
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6888e3c1af3050dc8d3219b2
Tags:
vmdetect autorun autoit delphi
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Сreating synchronization primitives
Searching for analyzing tools
Behavior that indicates a threat
DNS request
Connection attempt
Sending a custom TCP request
Creating a window
Searching for the window
Searching for synchronization primitives
Creating a file
Running batch commands
Launching a process
Sending an HTTP POST request
Launching a service
Using the Windows Management Instrumentation requests
Query of malicious DNS domain
Enabling autorun by creating a file
Verdict:
Malicious
Labled as:
Crifi.Generic
Link:
https://www.hybrid-analysis.com/sample/83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8e336314-5afd-4346-8e11-f2d533e17da5
Result
Threat name:
Amadey, LummaC Stealer, Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1746403
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to start a terminal service
Detected unpacking (changes PE section rights)
Drops password protected ZIP file
Found API chain indicative of sandbox detection
Found malware configuration
Found strings related to Crypto-Mining
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Sigma detected: Invoke-Obfuscation STDIN+ Launcher
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: PUA - NSudo Execution
Suspicious powershell command line found
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Uses cmd line tools excessively to alter registry or file data
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the nircmd tool (NirSoft)
Yara detected Amadey
Yara detected Amadeys Clipper DLL
Yara detected LummaC Stealer
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1746403 Sample: UhdWrGgTZF.exe Startdate: 29/07/2025 Architecture: WINDOWS Score: 100 135 Found malware configuration 2->135 137 Malicious sample detected (through community Yara rule) 2->137 139 Antivirus detection for dropped file 2->139 141 17 other signatures 2->141 11 UhdWrGgTZF.exe 1 4 2->11         started        14 7ktLJl4w.exe 2->14         started        17 svchost.exe 2->17         started        19 7 other processes 2->19 process3 dnsIp4 111 C:\Users\user\AppData\Local\...\2L7107.exe, PE32 11->111 dropped 113 C:\Users\user\AppData\Local\...\1V49v2.exe, PE32 11->113 dropped 22 2L7107.exe 7 11->22         started        26 1V49v2.exe 11->26         started        175 Binary is likely a compiled AutoIt script file 14->175 29 cmd.exe 14->29         started        31 buoDVXO0.exe 14->31         started        33 cmd.exe 14->33         started        35 cmd.exe 14->35         started        177 Changes security center settings (notifications, updates, antivirus, firewall) 17->177 125 23.205.30.159 AKAMAI-ASN1EU United States 19->125 127 127.0.0.1 unknown unknown 19->127 file5 signatures6 process7 dnsIp8 97 C:\JPlY86q\h8MEBx21.exe, PE32 22->97 dropped 99 C:\JPlY86q\Kjddv808.exe, PE32 22->99 dropped 101 C:\JPlY86q\7ktLJl4w.exe, PE32 22->101 dropped 159 Antivirus detection for dropped file 22->159 37 cmd.exe 1 22->37         started        129 23.54.187.178 AKAMAI-ASUS United States 26->129 161 Detected unpacking (changes PE section rights) 26->161 163 Tries to detect sandboxes and other dynamic analysis tools (window names) 26->163 165 Tries to evade debugger and weak emulator (self modifying code) 26->165 171 3 other signatures 26->171 167 Suspicious powershell command line found 29->167 40 powershell.exe 29->40         started        42 conhost.exe 29->42         started        169 Contains functionality to start a terminal service 31->169 44 conhost.exe 33->44         started        46 h8MEBx21.exe 33->46         started        48 conhost.exe 35->48         started        50 schtasks.exe 35->50         started        file9 signatures10 process11 signatures12 149 Suspicious powershell command line found 37->149 151 Uses cmd line tools excessively to alter registry or file data 37->151 153 Bypasses PowerShell execution policy 37->153 157 2 other signatures 37->157 52 7ktLJl4w.exe 37->52         started        55 Kjddv808.exe 15 37->55         started        58 conhost.exe 37->58         started        155 Loading BitLocker PowerShell Module 40->155 process13 file14 143 Multi AV Scanner detection for dropped file 52->143 145 Binary is likely a compiled AutoIt script file 52->145 147 Found API chain indicative of sandbox detection 52->147 60 buoDVXO0.exe 1 48 52->60         started        65 cmd.exe 52->65         started        67 cmd.exe 1 52->67         started        69 cmd.exe 52->69         started        103 C:\Users\user\AppData\Local\...\nircmd.exe, PE32+ 55->103 dropped 105 C:\Users\user\AppData\Local\...\cecho.exe, PE32 55->105 dropped 107 C:\Users\user\AppData\Local\...107SudoLG.exe, PE32+ 55->107 dropped 109 2 other malicious files 55->109 dropped 71 cmd.exe 55->71         started        signatures15 process16 dnsIp17 131 94.154.35.25 SELECTELRU Ukraine 60->131 133 176.46.158.8 ESTPAKEE Iran (ISLAMIC Republic Of) 60->133 115 C:\Users\user\AppData\Local\...\Tx3oIcs.exe, PE32+ 60->115 dropped 117 C:\Users\user\AppData\Local\...\Klxh3ii.exe, PE32 60->117 dropped 119 C:\Users\user\AppData\Local\...\random2.exe, PE32 60->119 dropped 121 20 other malicious files 60->121 dropped 179 Multi AV Scanner detection for dropped file 60->179 181 Contains functionality to start a terminal service 60->181 183 Suspicious powershell command line found 65->183 73 powershell.exe 65->73         started        76 conhost.exe 65->76         started        78 h8MEBx21.exe 2 67->78         started        81 conhost.exe 67->81         started        83 conhost.exe 69->83         started        85 schtasks.exe 69->85         started        185 Uses cmd line tools excessively to alter registry or file data 71->185 87 cmd.exe 71->87         started        89 reg.exe 71->89         started        91 18 other processes 71->91 file18 signatures19 process20 file21 173 Loading BitLocker PowerShell Module 73->173 123 C:\JPlY86q\buoDVXO0.exe, PE32 78->123 dropped 93 tasklist.exe 87->93         started        95 Conhost.exe 89->95         started        signatures22 process23
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b/
Verdict:
Malicious
Threat:
VHO:Trojan-PSW.Win32.Lumma
Link:
https://tip.neiki.dev/file/83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b
Threat name:
Win32.Trojan.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2025-07-26 18:34:00 UTC
File Type:
PE (Exe)
Extracted files:
147
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpryood2gpro2dfhr4r2tyqoddxgwver272uqrrwbc6tmcsgprnq._file
Verdict:
malicious
Label(s):
admintool_nircmd
Create hunting rule
amadey
Create hunting rule
unc_loader_051
Create hunting rule
admintool_nsudo
Create hunting rule
lummastealer
Create hunting rule
Similar samples:
3189e5fd5c5ad071968b0966525581bdab5ca86d16af194d9a38452279c60543
CoinMiner
38e769addc2d07c0aaba3bf8fa9044da97ca1723b9efc3dd8ceb166d7f811cde
CoinMiner
502714051f40a9ad7faf861e43514769da5c61da47005ac4ac3dd8883fb9e916
CoinMiner
9cde09a53bc455b9f22d8e8a3f54460fee58adfe365e85f7cc3f7bbe96947b46
CoinMiner
9f78f23917333e4e4ee095e36f159d24d29117296c458b748831d4c0ede6b938
CoinMiner
dab0d575cb650dae64243a3e53d3e2de98e25d819d1f87212fcbe38e54135cc0
CoinMiner
ef35bb50d1328df4526a49ef3e02e2bf2a52629508ad6d767944a614606c36bc
CoinMiner
error
CoinMiner
fb490bbd9f7d9b7365486282fdc05fe808535f1277a3fbfac50c35130b9e2620
CoinMiner
fe08452040cf960e4d27560e18d8a8d6148301fb12ffb3024e5b33ff98f807ab
CoinMiner
fe182a0706aa566412d2278ad6910720e7bc8dc5f3a411ba41472e013a24fa1e
CoinMiner
+ 1'802 additional samples on MalwareBazaar
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:amadey family:gurcu family:lumma family:xmrig family:xworm botnet:fbf543 defense_evasion discovery execution miner persistence pyinstaller rat spyware stealer trojan
Link:
https://tria.ge/reports/250729-shgy7syqv2/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Kills process with taskkill
Modifies data under HKEY_USERS
Modifies registry class
Modifies registry key
Modifies system certificate store
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Browser Information Discovery
Detects Pyinstaller
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks for VirtualBox DLLs, possible anti-VM trick
Launches sc.exe
AutoIT Executable
Enumerates processes with tasklist
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Obfuscated Files or Information: Command Obfuscation
Power Settings
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Identifies Wine through registry keys
Loads dropped DLL
Modifies file permissions
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Sets service image path in registry
Stops running service(s)
Identifies VirtualBox via ACPI registry values (likely anti-VM)
XMRig Miner payload
Amadey
Amadey family
Detect Xworm Payload
Disables service(s)
Gurcu family
Gurcu, WhiteSnake
Lumma Stealer, LummaC
Lumma family
Modifies WinLogon for persistence
Xmrig family
Xworm
Xworm family
xmrig
Malware Config
C2 Extraction:
https://nortlmm.com/riwq
https://molefkx.com/xalo
https://sponfht.com/xrie
https://runuxs.org/zpla
https://follcp.org/atnr
https://remotuw.org/xiza
https://boltex.net/xpao
https://detrewb.net/aqyw
https://berijng.net/otir
https://soberano.top/wert
https://mastwin.in/qsaz/api
https://precisionbiomeds.com/ikg
https://physicianusepeptides.com/opu
https://inkermen.top/nuxe
https://htsfhtdrjbyy1bgxbv.cfd/vcd
https://xurekodip.com/qpdl
https://utvp1.net/zkaj
https://orienderi.com/xori
http://94.154.35.25
regone.dnsframe.com:66
https://api.telegram.org/bot7556719086:AAEXfiZRJSYr7Mwj2V_N8uCC3PNjJHmoO9U/sendDocumen
Verdict:
Malicious
Tags:
stealer redline Win.Packed.Nanocore-9942160-0
YARA:
win_redline_wextract_hunting_oct_2023
Link:
https://app.threat.zone/submission/ae81487c-85d1-4692-97a3-4a82b9ae03b3
Unpacked files
SH256 hash:
83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b
MD5 hash:
3d5d092c0a6a0bc5b38ec2d063ee5363
SHA1 hash:
67f826741439f083c69e2550471da3e1b0ee39ae
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
5c70b512360d31f4b0c3629134a7242d93baff45adb1d7049075f6f3243eac95
MD5 hash:
94654662875e0ec4fc7e57c0dbe52d39
SHA1 hash:
db71d327fd56b0831c941e8869d4171ec0d3a341
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
4e2ca929db244b2e5037c62fd25010dfe28cb9807ba67917cacaba2e66e7e228
MD5 hash:
101a2d3972f4c4c8f00cd85daf0c3c0f
SHA1 hash:
e220eb8b3915839ddcd2aa7bf585241ca255d565
Detections:
Amadey
Create hunting rule
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
c23e505d300c65e4c9b76fb2d6200ac937004bf06f4619b2170b5c76487bc258
MD5 hash:
4f64a7f3d92a1af0d73bf9b379fe7725
SHA1 hash:
37587832be65afa22496a15f9a4df98041c9eba2
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
ca530c248a823ba2249bb93da103e4df84cf0accbd11d512246b797a4450d718
MD5 hash:
fbe22e53cefff5dda8d4a65885b2294e
SHA1 hash:
f6643ad6a7b24088884d0b5a71410d3ae6c885c8
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
7fcd256eb3b557bec6a30435348d3792df18f0d7a06905be329f674f15c9addf
MD5 hash:
468cadf30f284fb475490bbb32d3d07c
SHA1 hash:
7cc0fffbee968ac44b8613db11fb4fcdb0ade2e6
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
3c7959d26a0e983a65a0f0cb9501567ad6b7149f9052e649649d1f4f8390480a
MD5 hash:
d6a28e90544f88191342edd75cd1732b
SHA1 hash:
25f16dc288f9f819b113f090227c32f36704c6d1
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
13d8e6e9300f7ed761e92df016f3e8c8f86e126452b403f3c6082bf312bdb339
MD5 hash:
1b12f809ea045fc07de58587ac819b05
SHA1 hash:
08325093b4262ff917b3d9dc96121ce564a7d503
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
SH256 hash:
84650e28d06640c00b558b1a80fac3dbb80e6f94b26bdaeee0eb80f1c58fb0f4
MD5 hash:
b64e019681970678d241fd96e184a73a
SHA1 hash:
f340dd298b3bc6e6c26fab53b2930b3db511c868
Link:
https://www.unpac.me/results/ea70d5a4-d4e2-4114-a1e2-6969b1fd256a/
Malware family:
Amadey
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/83e387387a33/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/83e387387a33e2ed0ca78f23a9e20e18ee6b5491d7f548463608bd360a467c5b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques
Rule name:win_lumma_generic
Create hunting rule
Author:dubfib
Rule name:win_redline_wextract_hunting_oct_2023
Create hunting rule
Author:Matthew @ Embee_Research
Description:Detects wextract archives related to redline/amadey

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/17601/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::EqualSid
ADVAPI32.dll::FreeSid
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::GetDriveTypeA
KERNEL32.dll::GetVolumeInformationA
KERNEL32.dll::GetSystemInfo
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileA
KERNEL32.dll::GetWindowsDirectoryA
KERNEL32.dll::GetSystemDirectoryA
KERNEL32.dll::GetFileAttributesA
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegQueryInfoKeyA
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::PeekMessageA

Comments