We received the file WINDOWSTAB_UC.EXE and detected that WINDOWSTAB_UC.EXE is not good.
WINDOWSTAB_UC.EXE is Adware. You should remove the file WINDOWSTAB_UC.EXE.
Kill the process WINDOWSTAB_UC.EXE and remove WINDOWSTAB_UC.EXE from Windows.
Malware Analysis of WINDOWSTAB_UC.EXE
Full path on a computer: %Local Appdata%\windowstab\windowstab_uc.exe
Detected by UnHackMe:
WINDOWSTAB_UC.EXE
Default location: %Local Appdata%\windowstab\windowstab_uc.exe
Removal Results: Success
Number of reboot: 1
WINDOWSTAB_UC.EXE is known as:
Adware.Kraddare.HF, PUP.WindowsTap, probably a variant of Win32.Adware.Kraddare.FT, Trojan-Downloader
WINDOWSTAB_UC.EXE hash:
- MD5: 3b9befa24de056db58ee6c2134d5970c
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WINDOWSTAB_UC.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\windowstab_mon\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\windowstab_mon\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\windowstab_mon\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\windowstab_mon\ImagePath: “%Local Appdata%\windowstab\windowstab_mon.exe”
- HKLM\System\CurrentControlSet\Services\windowstab_mon\DisplayName: “Windows Tab Manager”
- HKLM\System\CurrentControlSet\Services\windowstab_mon\ObjectName: “LocalSystem”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WINDOWSTAB_UC: “”%Local Appdata%\windowstab\windowstab_uc.exe” /run ”
Folders:- %Local Appdata%\windowstab
Files:- %Local Appdata%\windowstab\windowstab.exe
- %Local Appdata%\windowstab\windowstab_mon.exe
- %Local Appdata%\windowstab\windowstab_uc.exe
- %Local Appdata%\windowstab\windowstab_unins.exe
- %Temp%\windowstab_ins.exe
- %Temp%\windowstab_recom.exe
- %Startup%\windowstab_uc.lnk