psapi.dll
It runs as a separate (within the context of its own process) windows Service named “Registry control service”. The file has been seen being downloaded from cfsapatch.z8games.com and multiple other hosts.
MD5:
bc2432b0c085142ad707ed2ef20d3d0f
SHA-1:
9e80d0f76660cf7d5371f6d1e5ba923a9ce93e0c
SHA-256:
46e2096b907947368d310929303a04005b39c4a278e3a7de2225c355b4522694
Scanner detections:
0 / 68
Status:
Clean (as of last analysis)
Analysis date:
11/6/2024 2:00:26 AM UTC (today)
File size:
22.5 KB (23,040 bytes)
File type:
Dynamic link library (Win64 DLL)
Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\psapi.dll
2 Drivers
Display name:
Apple Mobile Device Ethernet Service
Type:
Kernel device driver (KernelDriver)
Display name:
Nuvoton HID CIR Receiver
Service name:
nuvotonhidcir
Type:
Kernel device driver (KernelDriver)
Service
Display name:
Registry control service
Description:
Allows to control integrity of the registry database and if data are well-formed for the value type when a key is added or modified.
The file psapi.dll has been discovered within the following programs.
www.bluejeans.com
About 8% of users remove it
Publisher's description - “EVEREST Home Edition is a system information, system diagnostics and benchmarking solution for home PC users, based on the award-winning EVEREST Technology.”
www.lavalys.com
About 9% of users remove it
SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.
www.linkury.com/faq/s/faq.aspx?company=SafeFinder
67% remove it
Powered by Should I Remove It?
The file psapi.dll has been seen being distributed by the following 6 URLs.
http://cfsapatch.z8games.com/xtrap/.../psapi.dll
http://cfpatch.z8game.com/xtrap/.../psapi.dll
http://cfsapatch.z8games.com/xtrap/.../psapi.dll
http://cfpatch.z8game.com/xtrap/.../psapi.dll