HEUR.Malware.EniProt.Generic

By CagedTech in HEUR Malware, Malware

Threat Scorecard

Popularity Rank:	396
Threat Level:	100 % (High)
Infected Computers:	67,834

First Seen:	January 8, 2013
Last Seen:	April 9, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	HEUR.Malware.EniProt.Generic
Signature status:	No Signature

Known Samples

MD5: 969ec4a52a13ec0f0239c5939887d98a

SHA1: fa42dd3e0d197730acb19341716ea0f78099e1bf

File Size: 5.41 MB, 5407234 bytes

MD5: 2cbae7385b63309c1dc6c8c5787d0d93

SHA1: 0c1ca0ec9bf3030860f84a9f0757066723419fe6

File Size: 7.93 MB, 7929518 bytes

MD5: 6fc65f20ae5b184f083f4fd663e8050a

SHA1: a8a6c39a362b4030766f385ee99ecee1397241d7

File Size: 3.90 MB, 3901168 bytes

MD5: 978f0a08fb5d52437dcd0c4d85496167

SHA1: e393bcd0770ebc02eb84319d07b5e1ee9a590060

File Size: 827.39 KB, 827392 bytes

MD5: 8604cc54bcf5c40a13fd6d6be8e36ce1

SHA1: 08097890e13b9744205146c72464e2e162f221e8

File Size: 1.30 MB, 1304576 bytes

MD5: b60e02534f0d2bb19f4af035c6a0ae4f

SHA1: 3ef148ff4c647af347931b2137f7ac8f3dcc6e27

File Size: 1.28 MB, 1276928 bytes

MD5: 342608f6863e9d3deeed28e1358c2c3c

SHA1: 6cc8b737c211373838175a63b399d8930a3bfff8

File Size: 5.73 MB, 5727744 bytes

MD5: d0dbf61d6c8594381b49b7585f6cfb1e

SHA1: c4d0600fba15ddbb64f1b3018f9120141f960861

File Size: 4.25 MB, 4252672 bytes

MD5: af5eba2fdde0fda8d8f32285f4ac4994

SHA1: adbb1c716f1929f215909499b063c8566f5fb41e

File Size: 3.66 MB, 3660288 bytes

MD5: 32428c88b58742e92d9763e5d4b8d158

SHA1: d3671097a483f624b8849d3f4ef979abbf53ce0e

SHA256: 6C58592F969CA6CA26CCC6356611856438182EF07FE5CF50A4D9B7A1A15A65BD

File Size: 1.38 MB, 1377792 bytes

MD5: 0e600861ea8e4727c66975c187af1beb

SHA1: c844ca424a707e50098eb4631af9e0b2be586743

SHA256: 3FB2AFF48F9D6579CF1D32E062DD1F9F1EE6D969AECE48ECAFCCA46D6BD0D421

File Size: 2.73 MB, 2727424 bytes

MD5: c845457929af16bb971564c8a936689a

SHA1: 01b5dc6ab39ab15a4972f77b559d56b27796db05

SHA256: 0F79D7B4F0C443024B9D4C5CA7F2EA543680C49F68E49CEBB20C2EA17E227F51

File Size: 1.27 MB, 1270784 bytes

MD5: e561017cb0526b075436f27f4d94eb32

SHA1: 115e4fa534b6515cff0e8af6e7f44961224cf92c

SHA256: CEDE3F87C9B240652A05BB585CDD8DE1DBC0A20A9593A197B4D30E6C8998D875

File Size: 8.24 MB, 8242176 bytes

MD5: 4db0e1d91de4c692fbf050c9d0f9af50

SHA1: bb4eb1e4c1c1743cf0a6b459fb2862822f7f22c7

SHA256: 846BAC11375F55217122E16DDD4C18CA80FA21F85A173A1A005C87C319D66FCE

File Size: 4.97 MB, 4974080 bytes

MD5: 42ca75110959b01adbd51f4d0ae08ae3

SHA1: a2b98f6de7c699c4e001f833f12c640d748bdf1d

SHA256: 78C69CEA48D0FB89EF79A0975DF8EBD562C33748CD4AC2F1B4096384CEF13A58

File Size: 826.88 KB, 826880 bytes

MD5: 9eed964a46e18053c69f1d6465fb234e

SHA1: 06e7dd3ce225b71755d84c5587e32b74e65d590d

SHA256: 32AEA289271DD4B921F50E96FC00E56E6A956F59484FD14220665716A7CDCA9E

File Size: 8.71 MB, 8708522 bytes

MD5: c3bb97ecff6c9dac0c46d0dd3e127ab6

SHA1: b8ba8d34eb4a0cca6ee1bacd746205bd6777545d

SHA256: 39858A92B5B4EBF9C5B2565A73087529A87977DA17F70979030E612709F7AB61

File Size: 3.13 MB, 3132416 bytes

MD5: c941dc9fc8403fb4b56d55178c3da567

SHA1: 93013d7afa69a359f6eefa77623b11c52f081351

SHA256: BF72A34461208B1CE898E06DCE0AD48D36895E079B983C53BC9FE36C499B37C4

File Size: 825.86 KB, 825856 bytes

MD5: dc6359444985637501e20553cb2febb5

SHA1: 2ca4ec8de8df1bff7bb7bd487856e81af44fd561

SHA256: 20AA3CC930B38A478ABAB74596DF39264143782C999F7611B7234E1E59F7A3E0

File Size: 1.30 MB, 1298432 bytes

MD5: 5e28a146b86d32a9fb454a9a43c11edd

SHA1: e8614553a49cbb5d5c349ad8859727634f3b1029

SHA256: E00E10FD4B0FF1C42F7F95CF8F301EF7AD16B20570B768651C5198F9B7EBA834

File Size: 8.78 MB, 8778822 bytes

MD5: e3643fb51b907bcaed54ac02b8fd6e1f

SHA1: a762806f49af93e6be51446ba850c8ca27eca08d

SHA256: 9C5E54364F2350796153B75871E911DA9B073A680F0DC553C191395A222D5D60

File Size: 1.28 MB, 1276416 bytes

MD5: ba7d48e89cfb499eb9b6105b8de7179d

SHA1: d537327a1b1d02a009369a1f14571bea51ea243d

SHA256: E17B0BCDC4BA63C05F29D92DC3C1D7C4BA5B8D67C15D621F20C9EDE951B06485

File Size: 7.82 MB, 7815168 bytes

MD5: 838f490c99485d8bea7d22c363fc7e4a

SHA1: dd309410c06d7c2b31fc589e8df922d6bf57d8d2

SHA256: 0828BF8547911E3ABB633D8B5D2AB378EF87F475826876BE1109628D4AB2D8EF

File Size: 3.98 MB, 3984896 bytes

MD5: 924ce1e9bc934e22cea14c13535e4f6f

SHA1: a68b16d208259e2561a4407232f0e263df53a197

SHA256: DFA893788AD4B85B16925C694E70A257627513D2ED242EFA89AC8823050905ED

File Size: 3.92 MB, 3920384 bytes

MD5: d9edd1e3dac0c8528bc98f7a1d997ed7

SHA1: 06fdc9b0a8e41e3d99f20bc480fd0208c23f000f

SHA256: F9380EE4CD0019E069DBFEBEEAC300E6D3E88788B1EDE4EDA684AE49E3705ED8

File Size: 1.30 MB, 1301504 bytes

MD5: 209ba4b610041fef7949df4f73685ed5

SHA1: 225c3da5817649379a94d0d562fe0779335f5dde

SHA256: 5E300F7F84CB0D3E6078BA609E000E0209B9F322184736A91F69030F447EBC1A

File Size: 8.39 MB, 8387072 bytes

MD5: 3ad2dfbe2e5d55d7636e0fd253f290b3

SHA1: 26762b999d5174923d08f34a0c6fb2cdf907ff33

SHA256: 4A2EB16C063FA3D237A864DB618907E4649FFB82D13BAF30139A980D039C8F88

File Size: 2.47 MB, 2466304 bytes

MD5: 2d9c17ba395a8ba6241c3f2b9c2fa431

SHA1: 7ed73610d3a9c95d967e4622ae7776a0024c8c35

SHA256: C5E7B822AC8778D1AC2559B1A62B6AE158BEABAD6798F2A4FDC8BF53676FA5D1

File Size: 1.47 MB, 1465344 bytes

MD5: 924abe4b44086ef603a68ce2b2f26b67

SHA1: 6670fe07e3c50a821047eaf5512fd7894ff2255d

SHA256: 7F8F887F8AB952B0128BB681E61E9C524938D1138C3234D12D49D62E03DF16CD

File Size: 1.31 MB, 1309696 bytes

MD5: 302e627b20ae347249d9bbe1128ed611

SHA1: 9c5e9c91944a3f943429728e7a14ebf825726646

SHA256: 70370DABD690B70EAAEF2FBD53CA3450E6999656F572618A7D7967E5755CCF44

File Size: 1.27 MB, 1272832 bytes

MD5: 183c75ecfc65de5cea8f080cdf3861c7

SHA1: 8247664b76276532eda842b2691932e63fd674e5

SHA256: 9B9B7CE3F14AFF76524B9C6DC0646AD6635B469F51C16A30DBFF6D9F7AA7467C

File Size: 826.88 KB, 826880 bytes

MD5: 5861fe575dc0e81b0adbbcfd4e9924a9

SHA1: 739d3e2de1b286cc537e8beb425caf962d6129a9

SHA256: 0E2DC307E9E997E845DF0CC7E0E9BCAC8DFC7D19DE20734A44F0DEC277A8D511

File Size: 7.36 MB, 7357952 bytes

MD5: 7e08e791bea8bf3c6733ac21dfa54ed9

SHA1: 1aa06788dbc4b7b52de2f7c6050a265df864631e

SHA256: 773FC9162A104D92FFD5E8D40C418CC0AA23DB9B1E7F32597F6DEE26AE1D7352

File Size: 1.68 MB, 1678336 bytes

MD5: a5a811ba731aeab2d2dc61e0681a0932

SHA1: 418b7bcdb824fdfaae71d40b7fe50fb0836009c6

SHA256: 3C16724E49CB9A3BF1F8A2567660D1D5666EDFB037DC841AEC05DE2C41B97500

File Size: 4.64 MB, 4644352 bytes

MD5: a52c230d2f6b312391af82232d89c75b

SHA1: 02e1cf607cc8179d3b12a65b5f22d1cfa42bea1a

SHA256: 166BA417CD9C20F3D32501B29EDE6D9674B4A692A68CE34A82B5923DD2253B87

File Size: 995.33 KB, 995328 bytes

MD5: 6ecf8377f8266d54aabca541ec557d69

SHA1: d9f411b92f6fc4af50abbeb9eb52821a45cca257

SHA256: 1EF34AB7B72A5BD4E5623797918D5FBFBBF9773FFF0C972225A47163CD929303

File Size: 9.18 MB, 9181696 bytes

MD5: 7ee45eefcb0d311b4977944bae2d5c50

SHA1: 29e38e8dd84027d1160b03aecd0b6ed2be298e08

SHA256: 5A9CD9CBAAC59AF8D780386D3153D811A165033BD6F6A26E1A0185ECFE946896

File Size: 2.05 MB, 2052203 bytes

MD5: 86604efad675ce2a82ad8ffc6de74432

SHA1: 363a8afc3786346bfdcc3685106800cc766732ac

SHA256: 740A6A6685A7F5DEE96DB9CB948C753C9A2F737504DC0090C913FF94E3707A58

File Size: 4.92 MB, 4922880 bytes

MD5: aa1044d64a018235c8e528652dff6c44

SHA1: 947a476a5eae0f7c9ebe838dac36550bc3314e46

SHA256: F751325CCFC987807FE367D72DEC40E5891BA8C78BA41C312155F96D31787C68

File Size: 3.76 MB, 3756032 bytes

MD5: 6f91e9c9e30216560359a89bcbab3cda

SHA1: f75572ed967d9cc0eeabe6d74811ab40e6093cbc

SHA256: FB3CE9F43A7AF43B54E7D419D1F79BC6679D24437997A399D7221C0B83059C51

File Size: 1.63 MB, 1634816 bytes

MD5: 6552ce90be8e46dedc48a12e3a7632fc

SHA1: 79614cd35cb42cd92431079ba7a09cd9fcf8b183

SHA256: BAB9D59AA05A233E78B803DD6DCD4CF2F06E1DBD280DF5215BDAB5BEC369A926

File Size: 1.27 MB, 1267200 bytes

MD5: be1691040f54fc2cb59ed6c38cefc355

SHA1: 287cf5ad89d4df7b5ba45398137865bba8fd94bb

SHA256: F595D7A8F4F566CFA3BCFED5945862A051A6C708D3DCB5DA46645978EE96D829

File Size: 9.16 MB, 9160704 bytes

MD5: 20be0d8bec22a060a0803db7f8ed9742

SHA1: e8322feadb837fa6f3410b76556f19d3af7f53d2

SHA256: AE0C1C6A917412100CBD527DBBD340FD5C310C5772E6E46B635EC618AD6A4272

File Size: 6.78 MB, 6776832 bytes

MD5: 05ba9554e8d65864a9d66fa725722355

SHA1: e8d205a21fc7db55bde7115e1b5678b68ccbde11

SHA256: 5DCCFD98D12FBED0C7E20E00802F532F32D68C71D4063D5DCEF9728F377DBCEF

File Size: 3.74 MB, 3735040 bytes

MD5: c3a517bac36775a942f6684211251c8e

SHA1: 176a4ff4ec657a68b9db33a5daecd3b5185fabb0

SHA256: 92085E6E4F2DC1EFBF73EA048A7AB73C9ADD519BD845E57AFB05277FB3C26FAD

File Size: 5.81 MB, 5807616 bytes

MD5: 1264387300331ed649a365f3720c2192

SHA1: ff7f5d5b67bb46d14e5bc91d7661f2345a335ec4

SHA256: 300C8E87D43027642E8C29CC7FB3CBDAF1301BFF5961BC1D83158955CBCCB041

File Size: 6.20 MB, 6201856 bytes

MD5: 1746f222101135251cae4addb24761db

SHA1: 1b3d80b323162eafb2d2863f68321f3843cbd3d6

SHA256: BFFB0A560560184B1556A4213A5D6D264A4296957CA21C62D800FAE4CC180F14

File Size: 8.60 MB, 8595801 bytes

MD5: 66442ab556d698b869ab10b3fccb9094

SHA1: 37eb61618fc5ea17603a0178ada1505aae9db94d

SHA256: 3A6BD2E76693B6CACD944BE476BF72E8B241FEE31F3429446343562EE4317FCF

File Size: 4.41 MB, 4409344 bytes

MD5: 8e7bb936812a5dce30a7b5ae0186c046

SHA1: e7c1184aa8d712a5f9bcf0927e5841ea629f4c94

SHA256: 9971DE02D337A2A155CE26D623BCBB90D7244E735265AE962F5B70EF016B3E64

File Size: 2.03 MB, 2025984 bytes

MD5: e1fc8542b3b2801686f6073c8eca759a

SHA1: aa15ff8ed0db71cbcc0c648e528d75974d95e981

SHA256: C983A17BF1DEED6532265D2EC2DBB25C93F053E84694ABC98C7F2B1D8DA948EE

File Size: 1.35 MB, 1351018 bytes

MD5: 0eb6e134e649a00d430b193350a68bc9

SHA1: 0201d76b5971a3a7cab4531d13223e42b35e557c

SHA256: 452F33EB3C09DC53FDC7C34CC6D63816F3A1291C558C231BD8347B7B0A5DFC63

File Size: 5.28 MB, 5279232 bytes

MD5: f7af7d9576bc9f28f78df3709543d38b

SHA1: 5f33c80c494547d311a213ba29c9558926548c49

SHA256: 098B3F6F2A961FBD4B77C57F13CDA18F312CE23B54525FC5BC2E97EECA9E8E5B

File Size: 2.40 MB, 2404454 bytes

MD5: b09fe1acd4a4e3c32f7a71f9ef4d14b4

SHA1: d775167483295e75ecdc3d9dcf8dcb13522e37fa

SHA256: 359A13F8264508B0827DB8D09BBA5DA05AD9662C650CE6B8CD9091EB86D1AFA4

File Size: 9.74 MB, 9736192 bytes

MD5: 0ed74257dd414a2b5fe7ead31a8a67e6

SHA1: 97584b24ae9a8aae020bf70077e2760f1eccaed8

SHA256: 25E620EA22ACCA266261335263C0E817FE5F10B81F34010CB585ACCEABBC2D9F

File Size: 3.68 MB, 3680768 bytes

MD5: 0c78674104a6d8c7d6467ab8cfe29dd5

SHA1: cb8359db3bbf74b50dc7e8b3fcd0ea02b1de0574

SHA256: 915D771ED0C242852CF11ACDA23287D819E81C55B98AFFDB42AEEA43B955EA0B

File Size: 5.13 MB, 5126656 bytes

MD5: 532342d74514edf42a8e5fe9c6ce8415

SHA1: 9d98bdcc9f880f8fc33e2bbb23599c8e2b96d752

SHA256: 62672FA9501D68CB961E87EC98FB55CAD7985B78DAB2E1B7C253CA484E3F7A2B

File Size: 3.21 MB, 3211264 bytes

MD5: 03c3da643edc34f7f03ef592fd8cae1d

SHA1: ad6409f7942dde74c756004a35a686b781054f0c

SHA256: 46736563E64E8EC6A3B695356CBB43C735705285F05BC6B24C48DA9248D8DC51

File Size: 3.03 MB, 3027456 bytes

MD5: cc7eb64aead88cd1af392259b4c2cb5a

SHA1: 3fb6998c7c99d2e73ff02d9b9265d0750680ea5a

SHA256: 33228FE9DAEB01ABAA65E09AE25A3325DE3213FF217F050D4929CE50CF6AE751

File Size: 3.61 MB, 3613696 bytes

MD5: 2656e4bf2ab59542868005da003c7096

SHA1: ac68c8ed21545bdba8aa6ec0303f3f7fcd559b7a

SHA256: 5053A04493964CC66E722EE0CE4DC5196E532E79E75B183723D34E4C8A847EB2

File Size: 2.34 MB, 2336296 bytes

MD5: 6f7037755d161a94ffc3bf861cc969d5

SHA1: f1b231a106c0f68ab877a2b5b33ee7d8ec0b67a9

SHA256: 89AFB1D396DB8BD40A5E331F2B4416E231641B138135C3B96E19C045A61CDFC6

File Size: 4.17 MB, 4171776 bytes

MD5: f6b0ac1511c236eb0ccf317687e59675

SHA1: 2c945d2a64ef7ee68ca49392689eb3a4e65fdae5

SHA256: 6E9EA0765F357CCFE06C16F7735FAA6DF94C483A748F9765FC77D9DC0CF5DF37

File Size: 2.06 MB, 2063872 bytes

MD5: 9230725ad8b9808ae1f128ca8f153147

SHA1: 8892fd9be743e0fc3ff0c64cf9e7faccd579ef09

SHA256: 92F7BF4E723D9AC6E2BFB19A6F931026F29774BB3B91C9863DE092D4D154362B

File Size: 8.53 MB, 8527851 bytes

MD5: b7387c9147638a7085596d8e8d89a7e8

SHA1: 3ea176ec71a961facc84e37bf64f43b832230959

SHA256: 1E18BD600D7013B4D961E4774EA6D7D8C352F712B6C623643B67EB59B1E6F609

File Size: 2.41 MB, 2405888 bytes

MD5: 904dfebc40b5fdaa7e151a4fdb067ca6

SHA1: c0b2ce3036db6830e68814b8f8f96d112e452c1a

SHA256: 741E673409A23EB323FF71E77F1CB8831CACEE14BE6DCAEDC0B69D1FD4F53D8A

File Size: 6.66 MB, 6661120 bytes

MD5: 977c3aac78f0cef575b0913757e2810a

SHA1: b3f542d953b5488a9155f160e4984731c0ae7b3d

SHA256: 50315E895B9145970D41F9347161F5FED527FB9DFEEADAE0AC5F24696BA41F4A

File Size: 1.72 MB, 1723272 bytes

MD5: adac689374be6913a2ce1e4bc298c83a

SHA1: 21724fac823af4fc9cd60c04d2879c91c65b7bcb

SHA256: 7D77665434ECDC716D8866CF59DE1258DFFD6E89C725AFADE3B3043289A56848

File Size: 4.72 MB, 4717709 bytes

MD5: a5b4b64474335ac48379a9566b74b9ec

SHA1: c365fac1f834ecbc54e2c00f286a4dd3593af266

SHA256: FAB4BEE1726AB49AEC6B1396007A3245C36F184687B19EA3C46014D380C62796

File Size: 3.63 MB, 3633389 bytes

MD5: f159d27a89b514def0743e0cf22bf13a

SHA1: f2f90a518cd62c790841532c70b8bc8ff7cc1f01

SHA256: EABBC8D4EB2BE660B1EF4384B592714BBBA9C92F4ABA1551B08D5A0356AC76DD

File Size: 2.11 MB, 2105344 bytes

MD5: 6db23e58c52ebd9c785e85f6726010ae

SHA1: 3c94c2867ddfa9751d08ddae32c81f30f1cb4a90

SHA256: 0F494D39D33DB3E70C3E04EA7D770C49A13FFBF80EDF2B4B4D70EBCD63A30FD1

File Size: 4.04 MB, 4036608 bytes

MD5: 34d28f6f25ee44d55ba946b276cdeba7

SHA1: 2ec312e2b2be3bcabba43722ba4340f24beb387d

SHA256: DDF5D10C98CB2A83FC9998906498CAED263049163D8D7D0E166E0907399D3E26

File Size: 4.13 MB, 4130304 bytes

MD5: 1f024623b0bcf80274794b8c9ef903c5

SHA1: 5946e3a1b22687b2f7bad77270d649c897f824fa

SHA256: 395BCA275F46857A698A953A05348B2B447779009BB05825FA70C30B44A5A668

File Size: 6.29 MB, 6290515 bytes

MD5: 33d1115ae7ab698567790808ec190ba8

SHA1: f3987f7a448c8caa3fb935c37bad2a2b7bc87bab

SHA256: 6CDB80A04FE1BB4703E3422BC4FD51409047B5E759BA14F37893E9A484803239

File Size: 4.42 MB, 4415488 bytes

MD5: 3551e0cb7f941b04f4e5fe6597608ba6

SHA1: c0435bf0db684ff2c2481bb8c9312e12313c9bf7

SHA256: EEC28358335C4D79CE27DAE1626F234E97427A7B21629B59FB8DD0C3A89995AF

File Size: 2.66 MB, 2656256 bytes

MD5: 0cf1b08f933a6ed1e4373193404ba3f6

SHA1: 66701871d79ab5926bf6299a5e5ca24384c8e59f

SHA256: 0871714664E74E013A9D55353EB53913D97C738EAA4731D2283D38D0C6E2720E

File Size: 3.88 MB, 3878400 bytes

MD5: 70a47d13f5724eae2c8723b9a9d36ba7

SHA1: aa67268e35b4bf02c7038518fd1d72d0cafb1c0d

SHA256: 87EC3C2F970B3DF401ADC472D7EEB72F393707BEFCEE8E3D1D651E743762B68D

File Size: 4.14 MB, 4141568 bytes

MD5: 55368063341cb9cb5f3fcf4e35f60308

SHA1: 6fbe2734b99b442742b225e91fe185945c8711ce

SHA256: 71AE5D9C49110904A345A4575500C0A5ABEC4E477F3F94A8380B18AC181DDD32

File Size: 5.65 MB, 5650390 bytes

MD5: 03b36e9d087474911dc65c9e745f1988

SHA1: 2807153df50db54a17b1da4d1dfa23a9e42c0421

SHA256: F1ABF5B352FDAF615F4927B10DCB281CAED6B08811C8F705D7545E7C76DB302A

File Size: 3.47 MB, 3465728 bytes

MD5: d2ea366c4d3819e9bb5edd52f9c78ace

SHA1: 9fab3c04f9162989d1e28442389e00b31aa51912

SHA256: 69C134429F5FBEBA0645CBF4C901D532439E558DF790FD8FDA0D25317081E415

File Size: 4.49 MB, 4485952 bytes

MD5: f81a19ca00737dbecea6d7817c4e6f09

SHA1: 25c246279b385920d2de8856b0dc8ea5585b0cae

SHA256: 6E3A6517D87678D3731ED0CD78F86A055A30ABAF01B83CC0C8EC9B30F200027E

File Size: 761.86 KB, 761856 bytes

MD5: ce0b31456b805c53c176a3fa9f2abced

SHA1: 2a6e9db99adc3776f3c8cb45b7d0b57f4974434c

SHA256: AB52F832335FE905C9B596BB75E29D88560B50E9B8F8C8BEDD598AF9CE983B14

File Size: 8.70 MB, 8699447 bytes

MD5: 829ea9d0e35d02033805ddc81e176fbc

SHA1: 1c70e95755c5fd1ef6f4c4a3d6aa64e42d62f356

SHA256: A9ED454062F5BC51FC1D66C705A0A4A0D55AB859CD470139D4EDBF8B5A907F4C

File Size: 2.87 MB, 2865152 bytes

MD5: 97eabef4fa83130a239129c6544e12e7

SHA1: b6e7d71463c047e1fd7c89c16761f9bc51b51153

SHA256: AD615D123C5D1F6149C332C7C602B1B74778AAD749F4A43BE4F863586D2FD0FD

File Size: 1.12 MB, 1116672 bytes

MD5: 339614428ad4f2fdce9800185e56f9f2

SHA1: 0b61d4180d3668ebaaea17a2b94ae3f4b2ffacf5

SHA256: D86CB914B598013658EE2BFA830D51F66549A1C65ACB81DDCA8166D8D3C44624

File Size: 5.70 MB, 5699584 bytes

MD5: fd207e6a4dbc677f7c62d70730c5885b

SHA1: 2cd72076f9fd7cf2069cc63f4c0eca2d722ab89e

SHA256: E68A5B62B9C2CF15FBD1FB3AB54D0DB68F2E48625B0487F51510C11113EB0F08

File Size: 5.32 MB, 5321793 bytes

MD5: e7532efbf6af5e4888ba0880017e07a2

SHA1: 4cc23ed343ba815e495dfbfec17abd2a02f4f022

SHA256: BD49D395BAE51F1E1BE9C4965942AE7CC251A46E527D086045865DB5B686C696

File Size: 3.81 MB, 3805184 bytes

MD5: c8ffcfe42bd5dac4411350a93bb44931

SHA1: c1e12ef1eeceae129a60d2642ea571754b33c74e

SHA256: 430BD598D5C4F99DC7932E7B1200D9FF2DE508890F2418F2451163C2F5ECDA14

File Size: 1.32 MB, 1317376 bytes

MD5: d134a6a3bb1a25eccfea43e0574b272e

SHA1: c58f7cfe5eae5a848abdb43c5e0c0803c3ceb716

SHA256: 27F1B71281A91013E84F917E1F61D07B52FC46A8F590C19FD4F2E42BA290DFFF

File Size: 3.23 MB, 3227648 bytes

MD5: ca154609bc234036c8d0622abd9ed592

SHA1: faefe44ca1ffc71238a584deacfed8fc5e0bafdf

SHA256: D646283C25AD6828F5791446AFBB3183E987B10BAA9DD169ED78D32F39CC1255

File Size: 8.62 MB, 8618097 bytes

MD5: 9a74f94678cd4abb7d52119b503b0c23

SHA1: ee80d21017c065a980aea6666022bdb37b9d6111

SHA256: 28366368600771766493B841BBDCE0C374DFFB7DEDBCB1819B7DF24D9FAD4FEB

File Size: 8.63 MB, 8630205 bytes

MD5: 061cefd30c250f0c835ce6e1bda6c0be

SHA1: e27dd6cb07ff2ad774106bd9353f98ddd835fefc

SHA256: B36C48DD1D74DE66C8F2B1EDFA6209620F9C7D31E46C4220B9C5F0E10A014243

File Size: 1.35 MB, 1350656 bytes

MD5: 9bafbdbaf67e7f1c9176cf0c1d12ffa5

SHA1: 460120bd815f7e3d8f88e84f0fdc0611ec34a65f

SHA256: 84A484364CD75226C1E6D7F1461A7CF0E7D13620D6942859F043771F9F8DD7F6

File Size: 6.78 MB, 6784512 bytes

MD5: 6d669b5e3f9704de64e12f5e114193c9

SHA1: 6fc5e71afb111ea45fc7695d9d157eaf89226d32

SHA256: 99D8866519CC66604DD273A31CEEEED0022D1EF9179724B810B116A6FCD79800

File Size: 1.27 MB, 1274880 bytes

MD5: 073c51b01c150bef3367a8e4075c753d

SHA1: a8467bfd230b947c6e82cbe9ed9b83bab8ed7003

SHA256: 8A887CAB63C3FC73F971C729BBDC1B619326B96CDC747309643B9817FC323276

File Size: 1.10 MB, 1095680 bytes

MD5: 80dc52908c2a55e6bab5ca43c9b09164

SHA1: da5ab524a68abf41ffa5e28dc0afd8fed1ffe4bd

SHA256: C8B025F73C4940CAB2370E90ED0C9ADEF74D28797DF242D3B4CD97753B03B1F2

File Size: 8.64 MB, 8635810 bytes

MD5: f1ceaafa3f92e693754d07de80d7eb52

SHA1: d2fe8badc46dca153add4b99d2e33a4d99e02fc9

SHA256: 11C5823A52FA4623F1DCF4C60F8A08DBCE3237D4F1279E9D01D992BFB34F3987

File Size: 4.94 MB, 4939264 bytes

MD5: 5c4644511e5deeccac6fee019382e7b0

SHA1: 80dd21b68d1da577d34199044fa6a43d03fbc85e

SHA256: AFDCB537975A45A3C9128EB2565AB831E4FA61E249D27360A37804D12D1AC32C

File Size: 8.70 MB, 8701722 bytes

MD5: 7873ca7f310cd2a574b6bea4e7d2bbaa

SHA1: d123a0edefc5ac00d6e7d2567ea281a6b297c8b3

SHA256: 225AE224BD3332215FA82A55BF99AA25015C77C1696D000ED60527DBA56099C3

File Size: 8.55 MB, 8547241 bytes

MD5: b0e1c418421ae9a67b609195679aeb24

SHA1: 925907d7e743fd3146501697b81c6ffc88ed8d16

SHA256: 0919B72A84E9AFEEF20982FD0272104F57CD1896594140F1AEB5311B074A2204

File Size: 2.59 MB, 2592066 bytes

MD5: 4194b228c8488c86c88ca13e36a57828

SHA1: 1cf382f87d74d10d4fa295aa247a7ec01b7a2e01

SHA256: 12A4DD3185BED106DEFF33681B92F34C1E5C4FF0459BEE4726E899C387F3426B

File Size: 1.28 MB, 1278976 bytes

MD5: 8faebe3be52bf1f38737a5b467e4299a

SHA1: 46e686a79e14b8aec8fe6d55aabe09e4e0b7f0b1

SHA256: 5C6AB719B01E06B6FBA30E1301C43F9D88E89D005587386AD1C0D63695BD5CC7

File Size: 1.29 MB, 1290969 bytes

MD5: 188d97f8dae0947d3eda1dbe8b65e1e8

SHA1: 3e27aa25e0cf227b56d90eb3748b4d77a924616d

SHA256: C87F18C77FEEB867EDC6359D1087C4FF3894E21E71868713EB44300057801C74

File Size: 1.17 MB, 1174983 bytes

MD5: 932e554ca8979181d42321771a5cdaf9

SHA1: 3fa847d4fd7d619e63aa7447d253b28e00637631

SHA256: 61A7A382EA5492B040A7BF750D1C91585C37A98B1CD39B5D3047211A2F79336E

File Size: 3.15 MB, 3154282 bytes

MD5: 6f66e117b991ade94358fba1da7a7e0b

SHA1: f8d7a41d5cea9ecb852749724a75d27f0b77d421

SHA256: 3BC7953DD08EC98D2105DC72669B5773C091F180E9E8EB3C4EEF2142923F0207

File Size: 5.29 MB, 5288960 bytes

MD5: 4bca01a48e388b0984ca7f9a0e68d866

SHA1: eb004671eda896cb8a19ef76c9f194d2c5d0c60b

SHA256: 4D088459B46E97CB63D69AF410CA999E80CB93D61DF06C851B30D12324218087

File Size: 4.18 MB, 4184576 bytes

MD5: 5e2f3a927526a2fc8b7c68c5ff70dcb6

SHA1: 42fb7fa0198d9fc0fb99a0881f56aa6bb7901f0c

SHA256: 716FD23A7565F35A474314A3AD7923B0686F1ACDD84E350397B49BB9941AA94F

File Size: 2.11 MB, 2110862 bytes

MD5: e34cee25e786a04804cb2a5a30942ef0

SHA1: 39d0d2758211f1d17a2d6ccae48aafef961e564b

SHA256: 6018775442FE857491D99ED25A8012D74E36D402A0FADF3F04D99FFD8AAC3D21

File Size: 2.34 MB, 2337359 bytes

MD5: 7313109dc33c14b5fbc6be448c3d3036

SHA1: e883f0b0e8cea01a9ad0cc4702b981830d8a3bb2

SHA256: F434AD212EA4E086F57D756F423999ABF8C5FD42CF60A90C4622D2FA5C6D4E2F

File Size: 3.22 MB, 3218432 bytes

MD5: 3184363cdeeb7cf09da4e5684daf5bae

SHA1: 048035f5b065ab1d1d9a4a8ebe6668bbc52bb9a8

SHA256: 814DE165C5261C4395B79B4A08A0DA02109AF824D125C0FAAB64A6960123BB1C

File Size: 2.41 MB, 2411008 bytes

MD5: 58ab0ed6209e8c037b8aa585e75333d2

SHA1: 57218c089f4dd25d6d3e505dda4366b402e67fc5

SHA256: 414399DC41CC64B105AA4C677858CD956772B1615851FB093CE2547BA1D4097A

File Size: 6.03 MB, 6025728 bytes

MD5: cfbb7e551a2f193b5af1d0d12762e56c

SHA1: 81a76e3515728482165ce91f5d37297802a625da

SHA256: C3F4C5D7796AB586AF0317184CD680B51CA1897324EF56E86AE71FF5C6614F95

File Size: 1.30 MB, 1300992 bytes

MD5: 3e652aff8235711e23d051627acf7962

SHA1: a1637020dbf2cd38ef640cafc3bb6faf074660fe

SHA256: A41A84C11F04A518997CF64A7FA706B12A63379F58EC85F8675109FDC4400F6D

File Size: 6.25 MB, 6248903 bytes

MD5: 054e10a838aaf1adf2f4690d6ef652ed

SHA1: 7f6da5b4af109c5c2d52347099d964e24b22ab18

SHA256: B91014D49DC0BAEAACA87135584FE8594B4D56C067912DF400C50FBCD34C87F4

File Size: 3.61 MB, 3614720 bytes

MD5: a6d725b9534f64dc4e778371d4b1f369

SHA1: 4be28f79155346116d976f9862184cad24d50dc6

SHA256: AD566E078AF1600501F60E9200351ED426486F31D0B004A786C51B1B3FD712B9

File Size: 1.03 MB, 1026048 bytes

MD5: 051e6dd47a5097c11da17c37a66ac611

SHA1: 2aeed4af4af3fdb473b1784cbab211178506dafd

SHA256: 1C130C43E16F010AA5B3967E5B5C7C5E629203292BD93ADBD7AA54A17BF84C24

File Size: 2.41 MB, 2407424 bytes

MD5: 168ae33d99ce00472d3450808c89116c

SHA1: 3d4f5e434a2cbc8b148798f563353ad3f041bd6d

SHA256: 56621113B3574FAAE68A3A16662A7A7D1CA6A2B5B3E291659E8036EC075B50C6

File Size: 4.94 MB, 4943360 bytes

MD5: ab12fac27a0c12b849cd5069c4ce52ad

SHA1: f0f6bf5f25ca80b7dda9664b9ebe82458bd1f0af

SHA256: 6B91DC3924E2AB7F28A63F67B55EE22B88E45887AE4B5C7EE0B7E436E92A41A5

File Size: 9.29 MB, 9288704 bytes

MD5: 50157d5dc279b03de64811e01b3664ed

SHA1: da95fefc3689351571403151bb5d655d0f3b3672

SHA256: AE9908033754ECC512B25341F55835ACE800DF84611AE9ADC7B0461721937DDE

File Size: 2.40 MB, 2395648 bytes

MD5: ac8653b010c33ca8448a58fdadd15d5e

SHA1: 57adcb0e7ec37903cfbd9063e175072fb6f3f251

SHA256: F79A7385753D2B4D2EC710D66DFAECB7143D2D4FAF9B3D61F1C1EBBB752E2FE6

File Size: 3.78 MB, 3776000 bytes

MD5: 5b7ed5289c86685e1678ca6a00cbe8c3

SHA1: b82ae409ee17e876383bb6023542dc08c010593e

SHA256: B031C3CBFCA4CD31F7E9359A3CC56B7F28FAB8DFFAF413A89CF7C9F9F3BC2665

File Size: 999.94 KB, 999936 bytes

MD5: 98e23260afccbde02d55a26ce2a03986

SHA1: fad78da0ecc034618b03f5d48883b585846ffff3

SHA256: 9C868907E7E60C022701035F3D79BAE9ECA3C7AC9C684F7B7521E25FE7047609

File Size: 3.25 MB, 3248128 bytes

MD5: ed4a62f2a2718af2e6551bbc59ac7fbd

SHA1: fd1578e355052d4684c4dfbbcbdf7c86ad467ec3

SHA256: 23BF10DA90A99283591D323FDE00372B6D5F44C5A280DF97A327643595F994FB

File Size: 1.35 MB, 1349632 bytes

MD5: 23bbc5ea96cb5774c70e864569d64a75

SHA1: fd2ecc5e24e248041c91202bb684f4694902bd9f

SHA256: 7AB4E87A03C2F18BD2279271965CE65FA53468343762E39A752C9E9FE36EB11F

File Size: 8.85 MB, 8848514 bytes

MD5: c882154054cf77465adf1aa84f865393

SHA1: 16a403530bd9f2a17d7c465f31e42b1af30a0a96

SHA256: C05ED018488F2AE17650350EA847D81D86F5A21C2CFABD9D175606D84E869B2F

File Size: 4.09 MB, 4085248 bytes

MD5: 4b496a321afd0f5e1a6296e68776bd5a

SHA1: 9a1f390133b28bdef914510299eefd14c2327d11

SHA256: 695B10964212629F7C4BD4C450E7117A57EEDAFD54ADA98374F17414B98BDCA8

File Size: 4.15 MB, 4147712 bytes

MD5: 58f8e79b23f3cb6cd79a77848bd3f38a

SHA1: 332d9b43697b1c1a16f9847a077df8fbd00df391

SHA256: BC04574C88DF44E5D63E99D13685767080FC77919143061E086A05564E43B880

File Size: 2.43 MB, 2430355 bytes

MD5: 530d06f2ac254644cbb9bc5895a90c8a

SHA1: 9819371cad079a2aaff6ca5e2e99a1b63612ed67

SHA256: 5F38EAF987342B4CA499A34853D35F569B89B7AB6EE17C4FA70254584F1CDAB2

File Size: 5.24 MB, 5235200 bytes

MD5: c1956b2bd8fdfa66d5066c13bf00b8c0

SHA1: 35a5f04a252ea23883156cf92f514d757811f036

SHA256: A59AE31105A5DEB448B32D3E08E4F21370494666F7AF7E574C2EA33B56D13712

File Size: 2.47 MB, 2471248 bytes

MD5: 1f15db3af5764f74dbebe6bf9a282a9c

SHA1: 966841bf6559ded1e49a0b171d79e1106a830716

SHA256: B6E22CB004D25C2124A6D32A7024372F7A72C70B681ACCE69C96296B73CA65B9

File Size: 1.98 MB, 1975200 bytes

MD5: ddad41dc3c8a36acc90cd74ddef51849

SHA1: 7590fbc0cc6ee62ba6549c389b2a90bc5314f258

SHA256: F63CB93BDD5C3D2FD2FD80C61A1A059EA504A9FE1DD67CCCB206CAC07573502D

File Size: 7.38 MB, 7381147 bytes

MD5: 5dd86954a4185410a093d677397c7df3

SHA1: 163a18a9925fffafc91de4953acb7b2c2c499933

SHA256: DA6CBD5296252506051762B918328571E40A477351C81B0DF2A444572F45BE93

File Size: 4.29 MB, 4294656 bytes

MD5: 144b9d77300a2296bbd0669f2b146e23

SHA1: effbd14ab6ecd015b0b5b544e11ed0abdd083222

SHA256: A1F814FF279D46A00B551459E95FF41611E7B5EF5876424656371840C641DED3

File Size: 4.87 MB, 4869632 bytes

MD5: d5a457ce843f866356df36f26ced8e36

SHA1: 70358a389c9b18cb5e79c5f44f318e1e58635346

SHA256: BED640CB06A0F440204ABF13410E9C6F744ECE31C92F45C82E5009ECF82164F9

File Size: 5.07 MB, 5067776 bytes

MD5: 2b3e7fe25827ffacbc93436ea5d29353

SHA1: ce49049289b222efd1a0b63610d0ff1c82fd09ad

SHA256: 11F691E198547FEE50FA8117FF9261165066BF1DFA0E7C10DECAF2599540FD0E

File Size: 4.16 MB, 4157440 bytes

MD5: 15fae7f4a16b73e7829457a0d4a358ed

SHA1: 8d284485f3d3627eac34190ab0f127e06057e82a

SHA256: 74F781789196F4AB25A6C6F28EF9257196D19E09A08BA767F31DADEEE9CC1DD6

File Size: 1.30 MB, 1304576 bytes

MD5: 1d6a1a83479c062833ccefef5d2910cd

SHA1: e94ff610bf47d28ec2ad8248e7700939e10e2e41

SHA256: E9FD60A5873736630EAAE232D5A765D68F36C10F25CE3FC2333F95FADDD1899E

File Size: 4.68 MB, 4676167 bytes

MD5: 22d57781f28e57ba0d9fbaa60b404738

SHA1: 64f5b7af852ba52c388bb273d0e170f255eff158

SHA256: 9D421208977913481DAA0D8E449B2373C752B4558897E97772D334D676E2AB51

File Size: 2.54 MB, 2542967 bytes

MD5: ecf81b5e077babc6084bed6228a9b46a

SHA1: fb5d5ed8c8742264b956a89366a940890c124604

SHA256: F15D8D303E1C790F73F32E3DABB2522A215823B602069486555CE0EC4DD9CA50

File Size: 2.97 MB, 2968576 bytes

MD5: 96d5dc2dbba59671ee3da58c6e597c1a

SHA1: 1cdda5300b2cf22cc6e08cfe470fe84e157cf868

SHA256: 1E1553DE7DCFB56CBD47E7CA11D995E61F7B2A3F14F2F18B18A4B0DC294413B1

File Size: 2.96 MB, 2957824 bytes

MD5: ea545eb37d7ae1ce7637a325f4b657c0

SHA1: 81bfda54a5b0e1af34886890cfec62c7bef1d230

SHA256: B7C765555399012243A3F83FA28A5598E7AF3DA26081DEF7D4FE42B0637F17AE

File Size: 8.05 MB, 8052736 bytes

MD5: c645a62a94c304a24b102202c8fbd368

SHA1: 9fbd6613ef0feee354307b5949d591c4f70400be

SHA256: 23F1CA39332938FCC4FECA560A0C7015529CA895B6A154D88F5396B4EF78192E

File Size: 7.37 MB, 7371264 bytes

MD5: 29f85bb48696bced65e75a6e521c48ca

SHA1: 6384390f2aa9235b66e5f6b0a7127943aac47352

SHA256: 4FBF56664E4A36058B372441E49B7776DEF79DA974B1F338907E2821CEEF0BB2

File Size: 4.63 MB, 4625920 bytes

MD5: 281f25e343041d3057299afe488b0141

SHA1: d02bab41442ea558550aba41a2aba01db87a6dfd

SHA256: 96EAF992AB6C36095F5D4BF4E7A7C502B4030C805D44EF2D9A60188AC90D5462

File Size: 4.60 MB, 4604416 bytes

MD5: f3116218957b656159263be939fdce9c

SHA1: 68802e564b9a76c768ab1675297f6437765a2a48

SHA256: 2B1844F19942F7D03EABB8415F180133AF956E219E094E7698DE4D9A9E27C4F8

File Size: 3.14 MB, 3138048 bytes

MD5: 84bd7635c53562661910c36c075537d5

SHA1: 11b3bdb088bf2df378ed23025ce1200948e8964e

SHA256: 13BAD8D04AD1D89DDC4D41713DB2D96C1E9E63F2F1575B3FAF3E71BB5D0436EC

File Size: 1.05 MB, 1047040 bytes

MD5: 46c3a24c7f888054b8f8881b60a2d435

SHA1: bf27bfe177016bc9cf63d6bb4d79e86a12a88038

SHA256: 0C9D4CDCBAA20E497A1E6675816F2033BF53CD0EF014C310D4D56B7BE09D9AB4

File Size: 2.59 MB, 2592486 bytes

MD5: acddb89a85ea372c88321d4e18d0382f

SHA1: f4641f71f92e2ed3b4162d93e6fd0e93cb7f20bf

SHA256: F9A1AAF688939FAF19DEACF7EB2F80999E2AC9C79931E15343A6504712EB500B

File Size: 4.09 MB, 4089344 bytes

MD5: 7f4cbe381608db7427a9bd5118a30499

SHA1: f01d5e6c9e9e713062912f6bb1db13b65e8ab8ca

SHA256: 5DBE2C475FF3C2EA8001B6D3DBB332E35CCB058FB7F86FFE99C7819371FB7C3A

File Size: 4.79 MB, 4792320 bytes

MD5: 0f9b31d0a9cd01fe028ffc67cd6e4ec9

SHA1: cc3205450932436fd0d66f568b948259288b62e6

SHA256: 48ACC672EAB83D87F820FF892130F53544DF68346702337D52C6187B1CDBDCF5

File Size: 8.76 MB, 8761643 bytes

MD5: 67c8903d528449324e26d133cb698996

SHA1: 1aea54ebdb11f63db34a4cd4fcbb8225fe1e1228

SHA256: 79E8C96810532D2754B1CBB0679FDB0C386099CFC1C7A8DCE6D8113486904623

File Size: 2.19 MB, 2190336 bytes

MD5: e675624c0f64d44b7761355f5fa31ab0

SHA1: d52ed80d1e1d671fc99130f213fc6d3a26e9a9d5

SHA256: 62B0160F08C10DF55EC19300CDE9B85DB74F412B1A242E62347D58C22458EE0E

File Size: 2.09 MB, 2092032 bytes

MD5: 9dd500ff70c97ca1ee4d997ab9ee0c54

SHA1: 810aef03f3a78097197373b08d7c693513b089c8

SHA256: 9DA36610BB03FCABE1198740C53ABF1F6EA8D63D62D6D1B894FA6E7A44149CE5

File Size: 1.10 MB, 1101824 bytes

MD5: 2bc9cf73b3cd70567d0a26b90681fb84

SHA1: 38b471f14b5801da1db57694bac10c2e51ec1fb9

SHA256: 9C3E8D30FB808912F748DF5A6DA962954C2CA72A439D2CAA94A153F68FEEC816

File Size: 3.41 MB, 3405312 bytes

MD5: 4810b4de49a92f4aaaf22985ad75b5e2

SHA1: 4c2486384c1d2655ef083b35c9c66ef45c939d7e

SHA256: 5015572404B7B091ABAC8DB2B9FA955E296BEABCFC3AA00CE5FFC85C457E2D26

File Size: 1.19 MB, 1190400 bytes

MD5: 379539c29102f6a8aa1e24e5ea32e36c

SHA1: a5c342397d3a5de3bcc75e6251c40be2505d014a

SHA256: 67DA90CB1ADD78499ABF4CB4A34F79B16ABA1B07BCC331CC14FDE22D7FABADDE

File Size: 5.33 MB, 5332480 bytes

MD5: ec15841105528bd0b0ed8cd0be20e419

SHA1: af24ccfa8ab2665cab601e865ea112c7b6f6eb2e

SHA256: 0045ABF85978214F37CEC0CB971AFB8D675485650D04DBD340E8C4E9D73ECA7E

File Size: 1.29 MB, 1291264 bytes

MD5: f9bc2ef6c0f6433dcaf5f383b223f6d4

SHA1: a584bd5bc8180766beb0509fce7db647e0356b3b

SHA256: 3A09BFCD97011F58B9C80B0DA44946401977F32C0091B1C2528BAEF98B03E0C9

File Size: 8.84 MB, 8844288 bytes

MD5: 46ad6e5e4ba3284b0654cae845442eaf

SHA1: 70bd24567eacf8e74fdf639a83f5bfd4c3c5a9e0

SHA256: D5F833573F8F963353884F2EB68FF6437924C77274B45AA5C5791DD61492F3FC

File Size: 2.78 MB, 2782616 bytes

MD5: 0134c45341ac3b6fceeb0952a1d483e2

SHA1: fefb71896cd404f95d49ea9f46bd145d2f0db4b1

SHA256: D974467288489A051FAB4090C7B3F1C405D3A68C94E29ED4E2A0EB8052BE76AA

File Size: 3.77 MB, 3770880 bytes

MD5: fd1b6f14a4482af01bd4245665454e97

SHA1: 9353a9ff6f113305828c7f76313ef9a1efda451a

SHA256: 1AD7515E7B3BAEE910D29D0E43D74084D9012AE8DF669E0192C32A743E7E6314

File Size: 8.08 MB, 8082944 bytes

MD5: cda7c88d6c20500efffcd1ec316ff874

SHA1: fe2ef94dd1e0cc3f81c9cc2c06566a3542e1a246

SHA256: 85BB9F4AE504474962C788C2C3E3D00D354581819D1664B93A81EA6C293CD0D4

File Size: 757.76 KB, 757760 bytes

MD5: d8af426843f9866f7108b660c2d5af6c

SHA1: ca3af09e534a5eee502d507457880027a2edb75a

SHA256: 4B9A3BD2547AC15618672687909D38C0344DF8DC11C9E3FEDF4867A2A3E7DD74

File Size: 3.72 MB, 3718144 bytes

MD5: 17f74990861695b399f37937804071a1

SHA1: 7cc67532032c0f5f31c9a4c94fd419153a393156

SHA256: 811E0435B978C531D576286E301BB9A0ECF18A9B878DA85DCCDAAD187B0F4F13

File Size: 8.61 MB, 8607744 bytes

MD5: d31dd714995407e986b263a66566f3c8

SHA1: b3bfec06339c821c2e19e5d504da4c2b047b0e97

SHA256: 84B003BFABF0999F37353A1980EB971CA7524F3D00BDEB034B34033E58CE2858

File Size: 3.27 MB, 3265952 bytes

MD5: 3493092171608c216f21d72d2de55079

SHA1: 66aff2c9aba7872fee95e4848f7dbfb134dd4256

SHA256: 5F2F1C72804FFE5662D27AD9735E39BF7762A59032788764A64B70A7084FA442

File Size: 8.96 MB, 8961817 bytes

MD5: 86a2760e1bf4fc5fa6d9ab0cfd90e8ac

SHA1: 59f54f21247575edb106e3999b64e5344d4d212d

SHA256: 3E8532DE2C7DF0F673941982846477742F9BFB4149AFB3999F8652D747350AB2

File Size: 8.83 MB, 8828989 bytes

MD5: 468a8da725df88b91920912847cdb392

SHA1: d9fdc45455b5ca318354c51d0a50b7772f1c2288

SHA256: 7D0634624AE8B03DC1EF3E328174976A70A0F3D11DF95C1117C25A5E7BBDC827

File Size: 6.04 MB, 6035135 bytes

MD5: 7abc545441f1eb2b1fa1acf0172a73b7

SHA1: f24d02969a9768b8d4fef31d288ed732718f6f28

SHA256: CD1D266307AF6A676D0127CC83D55A70176B56B3BE757EED8EE322C14C293FE9

File Size: 8.84 MB, 8837491 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

331 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	7.7.4.0 5.0.11.0 2.0.1.70 1.0.0.0 0.2.283.25 0.0.0.7
Comments	album designing software Creado con AutoPlay Media Studio (www.indigorose.com) Created with AutoPlay Media Studio (www.indigorose.com) Created with InstallForge Created with Setup Factory Generate SmartCard Hercules HP/SP Table Generator http://classicmt2.pl Hydraulic Design Software iPos 5.0 Standard Show More J-Runner OLX Extrator Sistema de Diagnóstico Veicular - PC-SCAN3000 This installation was built with Inno Setup.
Company Name	Animation Labs Avid DENSO CORPORATION denssiraveconc Doofy's Projects DProjects Ds BotMaster Chatbot Pro FIN-GAME Inspirasibiz KADOKAWA Show More Mama's Little Bakery Microsoft MySea Solutions Napro Eletrônica Industrial Ltda NCH Software P.Kouknakos Privacy-Pro Simplo SKM Systems Analysis, Inc. Studiolineindia XeerTech Ymir Entertainment
Company Short Name	kadokawa
File Description	Adjustment program for EPSON Inkjet Printer / Scanner CardXpress MySea Solutions CrackeRWifi denssiraveconc Desinstalador Menu Extendido game Golden Videos Hercules HP/SP Table Generator HM V.10 iPos5Std Show More IP Privacy Setup J-Runner KEY AKTIVASI killerVirus Limpiador de Temporales Fortnite Manuais Automotivos 2022 Menu PC-SCAN3000 USB Metin2Client OLX Extrator Pinnacle Studio Polski serwer - ClassicMT2. Power*Tools Setup Application SmartProTest SOPS XML Editor Telegram@dohnaduona TVP(KIRIKIRI) Z core / Scripting Platform for Win32 vorpX Control WaterNET-CAD Yulgang Launcher
File Version	6000.0.60.6414259 2022.3.62.7762112 2022.3.38.12965287 2022.3.15.11894819 2022.3.14.15725278 2021.3.43.7312496 2021.3.27.13254651 2021.3.4.6580261 2020.3.33.9525882 2020.3.14.13685179 Show More 2020.1.14.12913125 2019.4.21.8384391 2018.4.10.10503941 33.16.1.573 25.1.4.0 25.1.2.0 25.1.0.0 24.1.0.0 24.0.1.0 15.0.0.7593 13.0.0.0 10, 0, 0, 8 Build 1 9.1.0.0 7.7.4 6.5.0.3 5.0.11.0 3.01 2.5.0.0 2.2.4.1 2.1.1.0 2.0.1.70 2.0.0.0 2,0,2,2 1.4.0.8 1.2.0.0 1.1.0.0 1.00 1.0.28249.1 1.0.0.0 1, 0, 0, 2 1, 0, 0, 0 0.2.283.25 0.0.0.7
Internal Name	AdjProg ams_runtime CardXpress MySea Solutions.exe CrackeRWifi.exe denssiraveconc.exe game_exe GoldenVideos HM V.10.exe HPSPTableGenerator.exe Install_BotMaster_6.5.0.3_Of.7z Show More iPos5st.exe JRunner.exe KEY AKTIVASI.exe killerVirus.exe Metin2Client new_classic.bin NjRat 0.7D.exe OLX Extrator.exe PC-SCAN3000 USB Ptw SOPS XML Editor.exe suf_launch TJprojMain tvp2/win32 vorpControl.exe WaterNET-CAD.exe Welcome.exe Win Winterday17.exe Yulgang
Last Change	15b9f145354d863c03cebb6fb2d992d4213b9a05-
Legal Copyright	(c) 2005-2023 Unity Technologies. All rights reserved. (c) 2005-2024 Unity Technologies. All rights reserved. (c) 2005-2025 Unity Technologies. All rights reserved. (KIRIKIRI core) (C) W.Dee and contributors All Rights Reserved. This software is based in part on the work of Independent JPEG Group. For details: Run this program with '-about' option. Copyright (C) 2011 Copyright (C) 2023 Copyright (C) 2025 Copyright (C) DENSO CORPORATION. All rights reserved. Copyright (C) SEIKO EPSON CORPORATION 2002-2007. All rights reserved. Copyright 2017 Kadokawa. All rights reserved. Show More Copyrights 2023 denssiraveconc Copyright © 1995-2023 Copyright ©2008-2010, Avid Technology, Inc. All rights reserved. Copyright © 2012 Copyright © 2015 Copyright © 2018 Copyright © 2019 Copyright © 2020 Copyright © 2022 Copyright © 2024 Copyright © Inspirasibiz 2008-2025 Copyright © Napro Eletrônica Industrial Ltda Copyright © P.Kouknakos 2014 Daniel Rodriguez MySea Solutions NCH Software Runtime Engine Copyright © Daniel Rodriguez Setup Engine Copyright © 2004-2012 Indigo Rose Corporation SIMPLO 2022 Software desenvolvido, atualizado e autorizado a revender por JF Startup Studio Yulgang (C) 2025
Legal Trademarks	DP Inspirasibiz malufett@yourservice OLX Extrator Setup Factory is a trademark of Indigo Rose Corporation. Studiolineindia Trademarks (R) 2023 denssiraveconc
Original Filename	AdjProg.EXE CardXpress MySea Solutions.exe CrackeRWifi.exe denssiraveconc.exe FCleanner.exe game.exe HM V.10.exe HPSPTableGenerator.exe Install_BotMaster_6.5.0.3_Of.7z.exe iPos5st.exe Show More JRunner.exe KEY AKTIVASI.exe killerVirus.exe Menu PC-SCAN3000 Metin2Client.exe new_classic.bin NjRat 0.7D.exe OLX Extrator.exe Ptw.exe SOPS XML Editor.exe suf_launch.exe TJprojMain.exe tvpwin32.exe Uninstall.exe vorpControl.exe WaterNET-CAD.exe Welcome.exe Win.exe Winterday17.exe YG-IYA.exe
Product Name	Adjustment program for EPSON inkjet printer BotMaster Chatbot Pro Setup CardXpress ClassicMT2 New CrackeRWifi denssiraveconc Fortnite Cleanner game GoldenVideos Hercules HP/SP Table Generator Show More iPos 5.0 Standard IP Privacy J-Runner KEY AKTIVASI killerVirus Metin2Client OLX Extrator PC-SCAN3000 USB - WIN Pinnacle Studio Project1 Sahril Techno Setup Factory Runtime Simplo 2022.2 SKM Systems Analysis, Inc. Ptw SmartProTest SOPS XML Editor TVP(KIRIKIRI) Z core / Scripting Platform for Win32 Unistaller vorpX WaterNET-CAD Win Yulgang
Product Short Name	kadokawa
Product Version	6000.0.60f1 (61dfb374e36f) 2023.12.02+b7630fe2983f56fff386c03bc842d24e2dbe2cc5 2022.3.62f2 (7670c08855a9) 2022.3.38f1 (c5d5a7410213) 2022.3.15f1 (b58023a2b463) 2022.3.14f1 (eff2de9070d8) 2021.3.43f1 (6f9470916942) 2021.3.27f1 (ca3ffb99bcc6) 2021.3.4.6580261 2020.3.33.9525882 Show More 2020.3.14.13685179 2020.1.14.12913125 2019.4.21.8384391 2018.4.10.10503941 33.16.1.573 25.1.4.0 25.1.2.0 25.1.0.0 24.1.0.0 24.0.1.ra 15.0 11.0.0.0 10, 0, 0, 8 Build 1 9.1.0.0 6.5.0.3 5.0.11.0 2.5.0.0 2.2.4.1 2.0.2.2 2.0.1.70 2.0.0.0 1.4.0.8 1.1.0.0 1.00 1.0.0.0 1, 0, 0, 11 1, 0, 0, 1 1, 0, 0, 0 0.2.283.25 0.0.0.7
Programador	Eng. : Marcelo M. S.
Unity Version	2021.3.4f1c1_64682593795a 2020.3.33f1_915a7af8b0d5 2020.3.14f1_d0d1bb862f9d 2020.1.14f1c1_c509e564d0e4 2019.4.21f1c1_7fef87dbc35f 2018.4.10f1_a0470569e97b

Digital Signatures

Signer	Root	Status
Ross-Tech LLC	Ross-Tech LLC	Self Signed

File Traits

00 section
2+ executable sections
7-zip (In Overlay)
AMS
big overlay
dll
Enigma
HighEntropy
imgui
Installer Manifest

Installer Version
No Version Info
ntdll
SUF
upx
vb6
VirtualQueryEx
WriteProcessMemory
x64
x86
Zprotect

Block Information

Total Blocks:	2
Potentially Malicious Blocks:	0
Whitelisted Blocks:	2
Unknown Blocks:	0

Visual Map

0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.FD
Agent.HJD
BadJoke.LMG
Bitcoinminer.FDO
Floxif.E

Gamehack.AAD
Kryptik.PK
Kryptik.ZARF
Quasar.A
Trojan.Downloader.Gen.DN

Files Modified

File	Attributes
\\	Generic Read,Write Data,Write Attributes,Write extended,Append data
\\	Synchronize,Write Attributes
\device\harddisk0\dr0	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\cuassistant\culauncher.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\cuassistant\culauncher.exe	Synchronize,Write Attributes
c:\program files\microsoft update health tools\expediteupdater.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\expediteupdater.exe	Synchronize,Write Attributes

c:\program files\microsoft update health tools\uhssvc.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\microsoft update health tools\uhssvc.exe	Synchronize,Write Attributes
c:\program files\rempl\sedlauncher.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\rempl\sedlauncher.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\classification\sensece.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\classification\sensece.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\mssense.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\mssense.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensecm.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensecm.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensegpparser.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensegpparser.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseimdscollector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseimdscollector.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\senseir.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\senseir.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensendr.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensendr.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensesampleuploader.exe	Synchronize,Write Attributes
c:\program files\windows defender advanced threat protection\sensetvm.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender advanced threat protection\sensetvm.exe	Synchronize,Write Attributes
c:\program files\windows defender\configsecuritypolicy.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\configsecuritypolicy.exe	Synchronize,Write Attributes
c:\program files\windows defender\mpcmdrun.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\mpcmdrun.exe	Synchronize,Write Attributes
c:\program files\windows defender\msmpeng.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\msmpeng.exe	Synchronize,Write Attributes
c:\program files\windows defender\nissrv.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\nissrv.exe	Synchronize,Write Attributes
c:\program files\windows defender\offline\offlinescannershell.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows defender\offline\offlinescannershell.exe	Synchronize,Write Attributes
c:\program files\windows mail\wab.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wab.exe	Synchronize,Write Attributes
c:\program files\windows mail\wabmig.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows mail\wabmig.exe	Synchronize,Write Attributes
c:\program files\windows photo viewer\imagingdevices.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows photo viewer\imagingdevices.exe	Synchronize,Write Attributes
c:\program files\windows security\browsercore\browsercore.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windows security\browsercore\browsercore.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.3dbuilder_10.0.0.0_x64__8wekyb3d8bbwe\builder3d.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.549981c3f5f10_4.2308.1005.0_x64__8wekyb3d8bbwe\cortana.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingfinance_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.money.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingnews_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.news.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingsports_4.3.193.0_x86__8wekyb3d8bbwe\microsoft.msn.sports.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.bingweather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.msn.weather.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstaller.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstaller.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\appinstallerpythonredirector.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\authenticationmanager.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\configurationremotingserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\dotnet\wingetmcpserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\winget.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.desktopappinstaller_1.27.350.0_x64__8wekyb3d8bbwe\winget.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\createdump.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\createdump.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\gethelp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.gethelp_10.2409.32612.0_x64__8wekyb3d8bbwe\gethelp.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\whatsnew.store.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\whatsnew.store.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3dviewer.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\3dviewer.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\view3d.resourceresolver.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoft3dviewer_6.1908.2042.0_x64__8wekyb3d8bbwe\view3d.resourceresolver.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftofficehub_18.1903.1152.0_x64__8wekyb3d8bbwe\localbridge.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftofficehub_18.1903.1152.0_x64__8wekyb3d8bbwe\localbridge.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.microsoftsolitairecollection.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.microsoftsolitairecollection.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\solitaire.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftsolitairecollection_4.4.8204.0_x64__8wekyb3d8bbwe\solitaire.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.microsoftstickynotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.notes.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.microsoftstickynotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.notes.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.brokered.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.brokered.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.mixedreality.portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\mixedrealityportal.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.mspaint_6.1907.29027.0_x64__8wekyb3d8bbwe\paintstudio.view.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.mspaint_6.1907.29027.0_x64__8wekyb3d8bbwe\paintstudio.view.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteim.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.office.onenote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.people_10.2202.100.0_x64__8wekyb3d8bbwe\peopleapp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.people_10.2202.100.0_x64__8wekyb3d8bbwe\peopleapp.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.screensketch_10.1907.2471.0_x64__8wekyb3d8bbwe\screensketch.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.screensketch_10.1907.2471.0_x64__8wekyb3d8bbwe\screensketch.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypeapp.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypeapp.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebackgroundhost.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebackgroundhost.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebridge\skypebridge.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.skypeapp_14.53.77.0_x64__kzf8qxf38zg5c\skypebridge\skypebridge.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.storepurchaseapp_22509.1401.1.0_x64__8wekyb3d8bbwe\storeexperiencehost.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.storepurchaseapp_22509.1401.1.0_x64__8wekyb3d8bbwe\storeexperiencehost.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.wallet_2.4.18324.0_x64__8wekyb3d8bbwe\microsoft.wallet.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.wallet_2.4.18324.0_x64__8wekyb3d8bbwe\microsoft.wallet.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.webmediaextensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.webmediaextensions.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.webmediaextensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.webmediaextensions.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windows.photos_2025.11110.18001.0_x64__8wekyb3d8bbwe\photos.autoplay.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windows.photos_2025.11110.18001.0_x64__8wekyb3d8bbwe\photos.autoplay.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windows.photos_2025.11110.18001.0_x64__8wekyb3d8bbwe\photos.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windows.photos_2025.11110.18001.0_x64__8wekyb3d8bbwe\photos.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsalarms_11.2510.4.0_x64__8wekyb3d8bbwe\clockwidgets\clockwidgets.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsalarms_11.2510.4.0_x64__8wekyb3d8bbwe\clockwidgets\clockwidgets.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsalarms_11.2510.4.0_x64__8wekyb3d8bbwe\time.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsalarms_11.2510.4.0_x64__8wekyb3d8bbwe\time.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.3_3000.934.1904.0_x86__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1049.117.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.4_4000.1309.2056.0_x86__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.275.500.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x86__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.5_5001.373.1736.0_x86__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.457.2140.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.457.2140.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.457.2140.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.457.2140.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.486.517.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.486.517.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.486.517.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.486.517.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.519.329.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.519.329.0_x64__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.519.329.0_x64__8wekyb3d8bbwe\restartagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.519.329.0_x64__8wekyb3d8bbwe\restartagent.exe	Synchronize,Write Attributes
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.519.329.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\windowsapps\microsoft.windowsappruntime.1.6_6000.519.329.0_x86__8wekyb3d8bbwe\deploymentagent.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\23b6db64	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3df42d16.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7b5a3510.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\85367156	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\85367156	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\evb2e55.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evb3204.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evb4f3c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evb9df6.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evba93b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evba9e7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evbb6c9.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\evbdf9b.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\itbfrg.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\wintwus.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\wintwus.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wintwus.exe	Synchronize,Write Attributes
c:\windows\20bbe2	Generic Write,Read Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\enigma protector\aee8da66b5acb6a7-ba7f0f5e81fa9303\2c5e27dcaa78827a-5ddea8e6bca072c8::603729dc	䧿ꖶ֥궇泰틓ꮿ	RegNtPreCreateKey
HKCU\software\enigma protector\aee8da66b5acb6a7-ba7f0f5e81fa9303::options		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	솣썸൉ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::legalnoticecaption		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::legalnoticetext	All YOUR FILES HAVE BEEN ENCRYPTED! If you want to restore them, write us to the e-mail: returnback24@protonmail.com In case	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::a2b98f6de7c699c4e001f833f12c640d748bdf1d_0000826880	c:\users\user\downloads\a2b98f6de7c699c4e001f833f12c640d748bdf1d_0000826880	RegNtPreCreateKey
HKCU\software\enigma protector\aee8da66b5acb6a7-ba7f0f5e81fa9303\2c5e27dcaa78827a-5ddea8e6bca072c8::603729dc	䧿ꖶ֥궇泰틏ꮿ	RegNtPreCreateKey
HKCU\software\enigma protector\aee8da66b5acb6a7-ba7f0f5e81fa9303::options	뀦䣆蒭標崡删࢟Ӵ졆ꐔ瑔븼뚰髒ﺏ킖앷湤竝럭쳦ු䥹페斤ᖈ零ꏍ╹퓁騥䨲欮፦⬍➅妲⏆䣼괡ⴭ䒆縪軧萼懶낣ී㦱≠胑ᔀ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	保鸲ၓǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::93013d7afa69a359f6eefa77623b11c52f081351_0000825856	c:\users\user\downloads\93013d7afa69a359f6eefa77623b11c52f081351_0000825856	RegNtPreCreateKey

HKCU\software\enigma protector\aee8da66b5acb6a7-ba7f0f5e81fa9303\2c5e27dcaa78827a-5ddea8e6bca072c8::603729dc	䧿ꖶ֥궇泰폒ꮿ	RegNtPreCreateKey
HKCU\software\enigma protector\aee8da66b5acb6a7-ba7f0f5e81fa9303::options		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	먷댽☒ǜ	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::8247664b76276532eda842b2691932e63fd674e5_0000826880	c:\users\user\downloads\8247664b76276532eda842b2691932e63fd674e5_0000826880	RegNtPreCreateKey
HKCU\software\microsoft\multimedia\drawdib:: 1024x768x32(bgr 0)	31,31,31,31	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	Û	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	é	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://affiliate.free.rongrean.com/logo.gifhttp://demo.mosiva	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	鱞댶	RegNtPreCreateKey
HKCU\software\apcr::u2_0	⏑	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKCU\software\enigma protector\755e5d8d18736396-2a23dd8d275099bd\d4aeadc9908a9186-d774fd7445890a0b::ce0f1929	К驾蓧訰ㆿ弥	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	ǜ	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://www.ledyazilim.com/logo.gifhttp://ksandrafashion.com/l	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	ൣ鉋	RegNtPreCreateKey
HKCU\software\apcr::u2_0	ṟ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\jguh::u1_0	䱞Ꮞ	RegNtPreCreateKey
HKCU\software\jguh::u2_0	ׁ	RegNtPreCreateKey
HKCU\software\jguh::u3_0	権ă	RegNtPreCreateKey
HKCU\software\jguh::u4_0		RegNtPreCreateKey
HKCU\software\jguh::u1_1	幛뛱	RegNtPreCreateKey
HKCU\software\jguh::u2_1	敆牥	RegNtPreCreateKey
HKCU\software\jguh::u3_1	ᥜ獦	RegNtPreCreateKey
HKCU\software\jguh::u4_1	獵牥	RegNtPreCreateKey
HKCU\software\jguh::u1_2	㢹晲	RegNtPreCreateKey
HKCU\software\jguh::u2_2		RegNtPreCreateKey
HKCU\software\jguh::u3_2	賃	RegNtPreCreateKey
HKCU\software\jguh::u4_2		RegNtPreCreateKey
HKCU\software\jguh::u1_3	홥콂	RegNtPreCreateKey
HKCU\software\jguh::u2_3	䧍地	RegNtPreCreateKey
HKCU\software\jguh::u3_3	ぶ嘳	RegNtPreCreateKey
HKCU\software\jguh::u4_3	婟地	RegNtPreCreateKey
HKCU\software\jguh::u1_4		RegNtPreCreateKey
HKCU\software\jguh::u2_4		RegNtPreCreateKey
HKCU\software\jguh::u3_4	ꟽ좖	RegNtPreCreateKey
HKCU\software\jguh::u4_4	췔즕	RegNtPreCreateKey
HKCU\software\jguh::u1_5	Ṵ䭣	RegNtPreCreateKey
HKCU\software\jguh::u2_5	寙㯻	RegNtPreCreateKey
HKCU\software\jguh::u3_5	⭠㫸	RegNtPreCreateKey
HKCU\software\jguh::u4_5	䅉㯻	RegNtPreCreateKey
HKCU\software\jguh::u1_6	㤑孻	RegNtPreCreateKey
HKCU\software\jguh::u2_6	ꎒ깠	RegNtPreCreateKey
HKCU\software\jguh::u3_6		RegNtPreCreateKey
HKCU\software\jguh::u4_6	뒾깠	RegNtPreCreateKey
HKCU\software\jguh::u1_7	껹籥	RegNtPreCreateKey
HKCU\software\jguh::u2_7	㤉⃆	RegNtPreCreateKey
HKCU\software\jguh::u3_7	䈚⇅	RegNtPreCreateKey
HKCU\software\jguh::u4_7	⠳⃆	RegNtPreCreateKey
HKCU\software\jguh::u1_8	강￠	RegNtPreCreateKey
HKCU\software\jguh::u2_8	螞錫	RegNtPreCreateKey
HKCU\software\jguh::u3_8	鈨	RegNtPreCreateKey
HKCU\software\jguh::u4_8	鮨錫	RegNtPreCreateKey
HKCU\software\jguh::u1_9	⩄봭	RegNtPreCreateKey
HKCU\software\jguh::u2_9	Ὺ֑	RegNtPreCreateKey
HKCU\software\jguh::u3_9	攴Ғ	RegNtPreCreateKey
HKCU\software\jguh::u4_9	༝֑	RegNtPreCreateKey
HKCU\software\jguh::u1_10	ј⹕	RegNtPreCreateKey
HKCU\software\jguh::u2_10	遞矶	RegNtPreCreateKey
HKCU\software\jguh::u3_10	盵	RegNtPreCreateKey
HKCU\software\jguh::u4_10	芒矶	RegNtPreCreateKey
HKCU\software\jguh::u1_11	뼭	RegNtPreCreateKey
HKCU\software\jguh::u2_11		RegNtPreCreateKey
HKCU\software\jguh::u3_11	鰮	RegNtPreCreateKey
HKCU\software\jguh::u4_11		RegNtPreCreateKey
HKCU\software\jguh::u1_12	蔇逴	RegNtPreCreateKey
HKCU\software\jguh::u2_12	瘢峁	RegNtPreCreateKey
HKCU\software\jguh::u3_12	͕巂	RegNtPreCreateKey
HKCU\software\jguh::u4_12	楼峁	RegNtPreCreateKey
HKCU\software\jguh::u1_13	ꖧ셎	RegNtPreCreateKey
HKCU\software\jguh::u2_13	쭹켦	RegNtPreCreateKey
HKCU\software\jguh::u3_13	뛘츥	RegNtPreCreateKey
HKCU\software\jguh::u4_13		RegNtPreCreateKey
HKCU\software\jguh::u1_14	퍽ވ	RegNtPreCreateKey
HKCU\software\jguh::u2_14	䭏䆌	RegNtPreCreateKey
HKCU\software\jguh::u3_14	㩏䂏	RegNtPreCreateKey
HKCU\software\jguh::u4_14	偦䆌	RegNtPreCreateKey
HKCU\software\jguh::u1_15		RegNtPreCreateKey
HKCU\software\jguh::u2_15		RegNtPreCreateKey
HKCU\software\jguh::u3_15	꧲닲	RegNtPreCreateKey
HKCU\software\jguh::u4_15	쏛돱	RegNtPreCreateKey
HKCU\software\jguh::u1_16	⑾㰹	RegNtPreCreateKey
HKCU\software\jguh::u2_16	⚐♗	RegNtPreCreateKey
HKCU\software\jguh::u3_16	嵹❔	RegNtPreCreateKey
HKCU\software\jguh::u4_16	㝐♗	RegNtPreCreateKey
HKCU\software\jguh::u1_17	㲻	RegNtPreCreateKey
HKCU\software\jguh::u2_17	늅颼	RegNtPreCreateKey
HKCU\software\jguh::u3_17	샬馿	RegNtPreCreateKey
HKCU\software\jguh::u4_17	꫅颼	RegNtPreCreateKey
HKCU\software\jguh::u1_18	鏦枍	RegNtPreCreateKey
HKCU\software\jguh::u2_18	Њଢ	RegNtPreCreateKey
HKCU\software\jguh::u3_18	琓ਡ	RegNtPreCreateKey
HKCU\software\jguh::u4_18	Ḻଢ	RegNtPreCreateKey
HKCU\software\jguh::u1_19	⼑݅	RegNtPreCreateKey
HKCU\software\jguh::u2_19	轳綇	RegNtPreCreateKey
HKCU\software\jguh::u3_19	ﮆ粄	RegNtPreCreateKey
HKCU\software\jguh::u4_19	醯綇	RegNtPreCreateKey
HKCU\software\jguh\1214104697::1919251317	`	RegNtPreCreateKey
HKCU\software\jguh\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\jguh\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\jguh\1214104697::-912929324		RegNtPreCreateKey
HKCU\software\jguh\1214104697::1006321993	C	RegNtPreCreateKey
HKCU\software\jguh\1214104697::-1369393986	http://slwocfd/sobaka1.gifhttp://46.105.103.219/sobakavolos.g	RegNtPreCreateKey
HKCU\software\jguh\1214104697::549857331		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose Show More ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeleteValueKey ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtLockVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenSymbolicLinkObject ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFile ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySymbolicLinkObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap 120 additional items are not displayed above.
Other Suspicious	SetWindowsHookEx
User Data Access	GetComputerName GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Anti Debug	CheckRemoteDebuggerPresent IsDebuggerPresent NtQuerySystemInformation
Network Info Queried	GetAdaptersInfo
Process Shell Execute	CreateProcess WinExec
Process Manipulation Evasion	NtUnmapViewOfSection
Network Urlomon	URLDownloadToFile
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\418b7bcdb824fdfaae71d40b7fe50fb0836009c6_0004644352.,LiQMAxHB


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b3f542d953b5488a9155f160e4984731c0ae7b3d_0001723272.,LiQMAxHB


							C:\Users\Fftqnfzp\AppData\Local\Temp\3DF42D16.exe


							C:\Users\Fftqnfzp\AppData\Local\Temp\7B5A3510.exe


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e27dd6cb07ff2ad774106bd9353f98ddd835fefc_0001350656.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\163a18a9925fffafc91de4953acb7b2c2c499933_0004294656.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\38b471f14b5801da1db57694bac10c2e51ec1fb9_0003405312.,LiQMAxHB

HEUR.Malware.EniProt.Generic

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed